On Tue, 2004-07-27 at 21:44, Paul Vixie wrote:
on the one hand, you'd need a wildcard A RR at *.doubleclick.net to achieve this result. the above text does not mention this, and leads one to believe that an apex A RR at doubleclick.net would have an effect.
Depends what you are trying to do. I'm perfectly happy to have *.doubleclick.net return a "host not found", so a file with no A records works fine for me.
on the other hand, if you do this for a nameserver that your customers depend on, then there is probably some liability for either trademark infringement, tortious interference with prospective economic advantage, and the gods alone know what else.
Guess I don't see this as being any different than restricting access based on port number or IP address. If your SLA empowers you to selectively block traffic, what's the difference? I agree however that at the ISP level its probably good practice to _not_ do this. Then again, when I had my ISP I did filter out doubleclick as well as certain IPs and ports. This was in the SLA however so clients knew this was happening (and considered it a "feature") before they signed up for service. C