This all strikes me as incorrect. The function of the domain
name system is primarily to translate an IP number into a domain name,
vice versa. If a user wishes to browse to
<http://64.236.16.20>
he/she will arrive also at
<www.cnn.com>.
The domain name is propagated and subsequently refreshed throughout the
World. A browser request and reply may take each time hundreds of
different routes through the Internet from end-to-end. If Spain would
want to deploy blocking of the domain CNN.com (or in fact any other
domain) it would have to factually block individual IP's at the telco 'in
and out of Spain routes' to accomplish that. This, by the way is
currently e.g. done in the Peoples Republic of China, be it not really
successful :) It is also so easy to set up secondary dns's anywhere
else on the globe with a ptr to some other IP no., that a dns block sec
would never be a successful action. Blocking a /24 in Spain may be
effective, but if the Spanish site would be hosted elsewhere, or would
have a mirror hosted elsewhere, the elsewhere legislation would be the
regulations the telco's are confronted with, and looking at.
Ola !
Bert Fortrie
At 12:27 PM 11/14/2002, you wrote:
-- On Thursday, November 14, 2002 12:11 PM
-0500
-- Jim Deleskie <jdeleski@rci.rogers.com> supposedly wrote:
Its my understanding that since Akamai is
based on DNS resolves if you
where to use the method of blocking it within the DNS system it
would
make no difference. Although I'm no Akamai expert.
The issue is really not Akamai or Digital Island or any other service
someone might buy. The end user is completely unaware of the
machinations behind the scene, they are just going to type
"www.terrorist.com"
into their browser.
If "terroris.com" is a Bad Domain and ISPs refuse to resolve
anything in that domain, then nothing else can happen. The first
step is the end user's machine going to the ISP's name server asking for
the IP address of
"www.terrorist.com".
It does not matter if that hostname is CNAME'd to another company / host
/ whatever, the resolution will stop immediately and the user will be
unable to see the web page.
Or they can just use a publicly available web proxy, in which case it
will not matter if the domain is Akamaized or not. =)
-Jim
--
TTFN,
patrick