>> Please see the previous gazillion messages from people who are using >> RPZ in production to keep malware away from their users. >> >> Also see the previous gazillion messages noting that governments do >> all sorts of DNS censorship now and don't need RPZ. >> >> Could you explain in more detail why you don't believe operators will >> continue to use RPZ to protect their users, and why you think hostile >> actors will do things with RPZ that they couldn't do now? > >I was specifically asking about the redirect/record replacement >behavior, not the nxdomain/blocking behavior.
Providers routinely use sandboxing to quarantine infected users both to protect their other users (malware can't contact C&C) and to force them to do something about it, since they can't see anything other than web sites with cleanup tools. I've talked to providers who tell me that this is the least bad way they've found to get their users to clean up infected boxes. Even if a provider could afford to calli them on the phone, it doesn't work, first because users not unreasonably think it's a scam, and second because the malware doesn't bother them, only other people, so they blow off advice to fix it. So I reiterate the same two questions. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop