And it is believed that sold end user devices wouldn't just be required to implement this blacklist themselves? This is reminding me of the xkcd coming with the encryption and the wrench. On Wed, Oct 25, 2017 at 10:53 AM, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
On 2017-10-25 13:05, Matthew Pounsett wrote:
I'm also led to wonder how much worse it would be if all those CPE were open recursives instead of open forwarders. I'd like to see CPE manufacturers' decision making and processes improved BEFORE we start encouraging them to go around ISPs' DNS servers or the large public recursive clouds.
A while back, the Québec government, wanting to protect its gambling monopoly, decided to force ISPs to block a list of gambling sites (list drawn up by the gambling monopoly to block outside competitors).
Recently, Bell Canada went to government suggesting the government setup a internet web site block list to prevent canadians from accessing pirating web sites.
And of course, in the USA, the upcoming decision to drop Title II for ISPs may result in large ISPs quickly starting to play tricks on DNS (redirecting traffic to their own properties etc).
While all this is in its infancy and may not happen, this could have serious impact on the architecture of DNS with large swaths of customers bypassing their ISP's DNS services.
But it is more likely that everyone would be going to 8.8.8.8 instead of running their own recursive server. But if the "free" DNS servers also start to play games or charge money, then CPE equipment may start including a full bind recursive server and bypass everything.
This is why it is important for network folks to educate politicians to not play with the internet.