* Steven M. Bellovin:
The second is the precedent that's set -- who gets to decide what zones are excluded from the tree? OpenDNS? Sure -- and to whom do they listen? Are any sites to be ruled out on political grounds? Ideological? Not today, sure, and (I assume) not by OpenDNS -- but what if some misguided legislature passes some law?
And how is real DNS any different? Even in Western democracies, ISPs can be forced to suppress zones on their resolvers. There are profound privacy issues with centralized, opt-in DNS resolvers, but they can probably be resolved satisfactorily. But I'm definitely the wrong guy to argue in favor of DNS-related privacy (although I try very hard to make it impossible to link DNS queries and responses to particular users). Apart from that, I hope that services like this one (coupled with tactical null routes) becomes more important to consumers. More competition on network-based security measures will help to protect them from (technically) harmful content. In some collapsed consmer markets, it might enable ISPs to charge extra fees and compete on these additional services, avoiding a complete meltdown of the market and a return to an oligopoly.