On Sun, 03 Jul 2005 12:41:23 EDT, Ted Fischer said:
Go read this: http://65.246.255.51/rfc/rfc3675.txt
And ask yourself (a) why did that URL work at all, and (b) whether censoring via top-level domain is likely to work.
As an interesting side note, my e-mail client (Eudora) helpfully popped up the following message when checking the above URL:
"The host, http://65.246.255.52/rfc/rfc3675.txt, is a numerical IP address; most legitimate sites use names, not addresses."
Of course, if you're a subversive visiting the site *because* somebody with jackbooted thugs has censored the DNS, said site probably isn't considered "legitimate" by those in power.... And it's a hopeless task - blocking by DNS isn't workable, and even blocking problematic sites by IP isn't workable. It's pretty easy to show that if you allow *any* traffic at all, there's covert channels available. Just take the bandwidth of the pipe, treat the censorship as "noise" (the more heavy-handed, the noiser), and work out the Shannon limit....