Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Heavyweights Raise Concern Over DNS Filtering

Posted by samzenpus on from the not-so-fast dept.

penciling_in writes "A group of DNS heavyweights have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the US Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP Act). The group which includes Paul Vixie, Dan Kaminsky, Steve Crocker, David Dagon and Danny McPherson, have detailed several serious technical and security concerns in the event that the mandated DNS filtering is enacted into law. Dan Kaminsky says: 'There are efforts afoot to manipulate the DNS on a remarkably large scale. The American PROTECT IP act contains several reasonable and well targeted remedies to copyright infringement. One of these remedies, however, is to leverage the millions of recursive DNS servers that act as accelerators for Internet traffic, and convert them into censors for domain names in an effort to block content.'"

20 of 129 comments (clear)

  1. Blocking domains? Very effective... by Yetihehe · · Score: 3, Informative

    Didn't anyone warn them that just blocking a domain name doesn't work?

    --
    Extreme Programming - Redundant Array of Inexpensive Developers
    1. Re:Blocking domains? Very effective... by 1s44c · · Score: 2

      Didn't anyone warn them that just blocking a domain name doesn't work?

      Yes. They didn't understand what a domain was or what blocking one meant.

  2. Ineffective by WillyWanker · · Score: 2

    And what's to stop people from using a DNS server that's outside the US? Or even just punching in the IP address directly?

    1. Re:Ineffective by i+kan+reed · · Score: 3, Funny

      FBI agents with guns.

  3. Not on my servers!! by Eggplant62 · · Score: 3, Interesting

    I guess it's time to get a read done of this nonsense and the see if I can't straighten my own elected officials out about how the tech works... *sigh*

  4. What's a DNS server? by billlava · · Score: 5, Interesting

    I think you greatly overestimate the technological literacy of the average American. Most people aren't going to have a clue how to change their DNS servers, but even for those who do understand how to get around such restrictions, this is still disturbing. This is just a way for government to get its foot in the door. Soon, they'll be mandating to ISPs which DNS servers their clients are allowed to use, and what IP ranges are 'legal' to access on the internet. Maybe I should just take off the tinfoil hat and relax, but I can't see how government getting involved in legislating the internet in ANY way is a good thing.

    1. Re:What's a DNS server? by DarkOx · · Score: 3, Interesting

      Like the average smuck was not going to be able to use dvdshrink? Come on you know some 1337 kid is going to read up on DNS just enough to learn how to set which server is used on Windows, whip out his intro to VB.net book and whip up a little single form program with all his code in the DoIt.OnClick() handler to set the value to some server in The Republic of North Bumfuck.

      Then everyone moron on facebook will be sending it to each other and installing it. That is Week 1.

      Week 2 is when everyones ISP just starts NAT'ing ever packet with a dst port 53 tcp or udp to their own DNS server.

      Week 3 same kid who has now learned that port translation can be used for other things besides playing wow behind his Linksys router starts his Google quest for a COM object that implements SSH....

      Week 4... Frustration ensues

      Week 5 ... A new VB.net app is published!

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:What's a DNS server? by Idbar · · Score: 2

      I think you greatly overestimate the technological literacy of the average American.

      I think you're underestimating the effort a young person will go through to get things online. Why would you think limewire, eDonkey, etc became popular?

      I think that if the price doesn't work for you, you'll look for cheaper alternatives. This is particularly true for kids from college down to school, that have absolutely no income, but are the largest consumers of popular media.

  5. I'll just use the ip address! by Anonymous Coward · · Score: 4, Insightful

    Error 403: Forbidden
    Please be aware that copyright infringement is illegal. A copyright enforcement specialist will be contacting you shortly to schedule your mandatory attendance to one of our copyright education seminars.

  6. let's coin a new term by rubycodez · · Score: 2

    a HOSTS-tard.

    I'm curious how often the HOSTS-tard updates the hundreds of millions of entries in his gigabytes-large HOSTS file

    1. Re:let's coin a new term by drinkypoo · · Score: 2

      The guy raises a good point, through packet mangling you can reroute DNS queries with users none the wiser. Since most providers don't offer any encryption (let alone authentication) of DNS queries, this is a real problem. But you can trade fingerprinted hosts files... Is there a cryptographically secured open DNS service that is also trustworthy?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Campaign Contributions by Microlith · · Score: 2, Informative

    They don't matter. They haven't paid the requisite Campaign Contribution necessary for their opinions to be considered.

    1. Re:Campaign Contributions by Curunir_wolf · · Score: 2

      They don't matter. They haven't paid the requisite Campaign Contribution necessary for their opinions to be considered.

      I came here to say this. Saying these guys are "heavywieghts" in DNS doesn't matter one whit - how many senators they own, that's they only "weight" that's going to matter in this debate.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
  8. DEFINITELY Read the article by Paul Vixie by p4nther2004 · · Score: 2
    Hilarous

    This root key would have to be generated and signed in some kind of ceremony, maybe with people wearing viking hats and carrying swords and torches, and the resulting public validation key would have to be published on the web and managed according to RFC 5011 so that it can roll forward throughout all time. Videos from this ceremony would go up on YouTube.

    http://www.circleid.com/posts/20110318_on_mandated_content_blocking_in_the_domain_name_system/

  9. Thank goodness it's been blocked by dstarfire · · Score: 4, Insightful

    Well, y'all can stop worrying now. It appears the Protect IP bill won't even be making it to the senate floor, thanks to Senator Ron Wyden (Ore). Check out the story over on Ars http://arstechnica.com/tech-policy/news/2011/05/sen-ron-wyden-to-place-a-hold-on-the-protect-ip-act.ars

    --
    Sending spam is legal, ethical, and basically a good thing ... if you're Hormel(tm).
  10. Net Neutrality by Kamiza+Ikioi · · Score: 2

    Yeah, good luck. We went from Net Neutrality to this! With Net Neutrality they were saying, "Oh, leave it alone, it works fine. Don't force companies to not favor one site over another with premium QOS bandwidth." Now they're saying, "Stick it deep, as deep as possible, into the core of the Internet itself and control it all one record at a time!"

    Where are the Libertarians railing against Net Neutrality when you need them to rail against this? If any of you are one, I hope you bring this comparison up LOUD and CLEAR to anti-net neutrality people who are now siding with DNS censoring that they are hypocrites. Either you mean it when you say you are hands off, or you don't.

    --
    I8-D
  11. Re:Get back 2 us when U have a PHD in Psych by drinkypoo · · Score: 2

    Between your writing style, unwillingness to log in and be moderated, and your insistence on ignoring what was actually said for what you want to read, you have made yourself the Slashdot equivalent of a street person on the corner jumping up and down, foaming at the mouth, and screaming that The End is Nigh with one hand down your pants and the other flailing incoherently at arm's length at all times.

    If you don't see that your persistence in the face of this situation makes you a nut, you're utterly hopeless.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  12. Senator Ron Wyden's statement by Local+ID10T · · Score: 2

    “In December of last year I placed a hold on similar legislation, commonly called COICA, because I felt the costs of the legislation far outweighed the benefits. After careful analysis of the Protect IP Act, or PIPA, I am compelled to draw the same conclusion. I understand and agree with the goal of the legislation, to protect intellectual property and combat commerce in counterfeit goods, but I am not willing to muzzle speech and stifle innovation and economic growth to achieve this objective. At the expense of legitimate commerce, PIPA’s prescription takes an overreaching approach to policing the Internet when a more balanced and targeted approach would be more effective. The collateral damage of this approach is speech, innovation and the very integrity of the Internet.

    "The Internet represents the shipping lane of the 21st century. It is increasingly in America’s economic interest to ensure that the Internet is a viable means for American innovation, commerce, and the advancement of our ideals that empower people all around the world. By ceding control of the Internet to corporations through a private right of action, and to government agencies that do not sufficiently understand and value the Internet, PIPA represents a threat to our economic future and to our international objectives. Until the many issues that I and others have raised with this legislation are addressed, I will object to a unanimous consent request to proceed to the legislation."

    --
    "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
    1. Re:Senator Ron Wyden's statement by Ja'Achan · · Score: 3, Funny

      There's a senator in this world that understands it? DNF really is coming out O.o

  13. Re:Are you the "expert" on how to post on forums? by RobertM1968 · · Score: 2

    Nah, you're just an idiot trying to look like you know something. Sadly, glomming together bits and pieces of things you've heard here and there into walls of text - the SAME walls of text you repeat verbatim every chance you get... does not make you look smart. It makes you look like a total moronic idiot. Just figured you should know that before you repeat this nonsense the next time DNS, security, malware or whatever else comes up and you get the idea to repost the same wall-o-text post as the last few times.

    But at least you were smart enough to not log in so as not to damage your karma.

    --
    StarTrekPhase2 - The Five Year Mission Continues!