On 04/22/2015 02:33 PM, Stephane Bortzmeyer wrote: [snip]. >> Please propose specific wording for the merge so the WG can see if >> they like it better. > Policy-implementing resolver -- A resolver that changes some answers > it returns based on policy criteria, such as to prevent access to > malware sites. This is just a technical definition: such a > policy-implementing resolver can be installed by various actors, for > various reasons, and users may or may not be aware of its > policy. [Some people prefer to be direct and call it a lying > resolver.] Policy-implementing resolver -- A recursive resolver that modifies authoritative responses in accordance with locally specified, and generally organization wide, policy for accessible sites. Modifications vary from denial of the existence of the queried DNS record to modifying the destination specified in the authoritative response. Policies can range from malware protection, often via dynamically updated reputation based data, to only allowing narrowly selected sites. This process is also known as DNS filtering. A synonym for a Policy-implementing resolver is a DNS Firewall. >>>> Passive DNS -- A mechanism to collect large amounts of DNS data >>>> by storing queries and responses from recursive servers. >>> Most passive DNS servcies collect only the responses, which is good >>> for privacy. >> Some passive DNS services collect the query too. Given the privacy >> issue you mention, we should make people aware of that. > Passive DNS -- A mechanism to collect large amounts of DNS data by > storing responses from servers. Some of these systems also collect > queries, which can raise privacy issues. +1
/Hugo Connery _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
