In message <1346342946.14282.32.ca...@mjelap.posix.co.za>, Mark Elkins writes: > On Thu, 2012-08-30 at 17:25 +0200, Emanuele Balla (aka Skull) wrote: > > On 8/30/12 3:19 PM, Stephane Bortzmeyer wrote: > > > On Thu, Aug 30, 2012 at 03:16:32PM +0200, > > > fddi <f...@gmx.it> wrote=20 > > > a message of 15 lines which said: > > >=20 > > >> Actually many telephone companies in the world are doing this,=20 > > >=20 > > > They're wrong politically (censorship) and they're wrong technically > > > (see O'Reilly's answer). > > >=20 > > > Copying telephone companies is not a good idea for the Internet :-) > >=20 > > Still, that kind of setup is *mandatory* for ISPs in Italy :-\ > > Is the mandatory setup to actually use 'DNS' to block access to gambling > sites? Its easy enough to script an automatic update if someone central > and with the necessary authority decides what it not allowed (eg a > governmental man). Could even stick the 'bad' names in DNS to do the > distribution. > > Suggestion: Don't listen to Niall O'Reilly - although he may be right. > (tongue firmly stuck in cheek) > > Note to self, run own recursive DNS resolver on my laptop whilst > travelling in Italy. > > 8.8.8.8 ?
Which is exactly why the DNS is the wrong level to do this at if you have a legal obligation to block access. The only way to do that is to block the packets themselves. Given these are gambling sites the chance of collateral damage is minimal if you just block all access to the ips in question. Just make sure you can get through to their nameservers so you can keep the list of IP addresses to filter current. Mark > --=20 > . . ___. .__ Posix Systems - (South) Africa > /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE > / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
