dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
15
share rss forum feed


markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5
reply to DrDrew

Re: Funny coming from a site who's business based on blacklists

It'll be slightly inconvenient until ISP's are subject to be cops against such offshore DNS service:

(i) a service provider, as that term is defined in section 512(k)(1) of title 17, United States Code, or other operator of a domain name system server shall take reasonable steps that will prevent a domain name from resolving to that domain names Internet protocol address;

Kinda vague, it's the shadows that can be scary As-is, the offshore DNS would certainly provide access, until more money is dumped into election campaigns and the "or" in this clause is changed to an "and" and a (i)(I) paragraph is added underneath it: "Domestic service providers, as that term is defined in section 512(k)(1) of title 17, United States Code, may only allow domain names to be resolved by servers in compliance with this act."

Or something to that effect... still "free" to choose, but routing will blacklist (or whitelist) access to DNS servers. And this is where OpenDNS begins to speak with interest... loudly.
--
Show off that hardware: join Team Discovery and Team Helix


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

said by markofmayhem:

It'll be slightly inconvenient until ISP's are subject to be cops against such offshore DNS service:

Unless ISPs start inspecting packets and blocking packets to other DNS servers they'll have a hard time blocking users DNS requests to other servers.

Just blocking to port 53 won't do it for long to those interested in such things. My router already allows for other ports besides 53 to be used.
--
If it's important.... back it up... twice.


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

said by DrDrew:

Unless ISPs start inspecting packets and blocking packets to other DNS servers

Can't be done without totally disconnecting the US population from the rest of the world. Are they going to prohibit VPNs as well? Prevent folks from running a local name server on their PCs? IP block all "forbidden" sites at the gateway routers?

Total control can only be achieved by making the US a "walled garden", completely disconnected and isolated from the rest of the world. When and if that happens, the world in general will be a better place for it.

Bob
--
Would you ever go over to Czechoslovakia, and marry me daughter for me?"


rchandra
Stargate Universe fan
Premium
join:2000-11-09
14225-2105
reply to DrDrew

said by DrDrew:

Just blocking to port 53 won't do it for long to those interested in such things. My router already allows for other ports besides 53 to be used.

doesn't matter what your router uses. If eight nines percent of the Internet uses port 53, you're SOL. I heard somewhere a few ISPs are already doing this, basically using NAT so that it wouldn't matter what destination IP address I use in my outbound packets, it will get NATted to their DNS servers. They ostensibly do this, one, to lessen support calls from their clueless customers who get their DNS settings wrong, and two, to build up their cache. The only effective defense will be tunnelling to somewhere without such restrictions.

BTW...count me among the distrustful who run their own BIND instance which GENERALLY gets around ISP DNS issues, unless they do this forced NATting (at which time I can route my DNS traffic over the tunnel I have with my friend's business Internet connection).
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules.


Jeopardy! replies and randomcaps REALLY suck!


DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

said by rchandra:

said by DrDrew:

Just blocking to port 53 won't do it for long to those interested in such things. My router already allows for other ports besides 53 to be used.

doesn't matter what your router uses.

It matters that I can change it. Then I don't have to change anything on any device on my network to go around port 53 blocking or interception.

If ISPs were forced to block other DNS servers from being used, how would they do it? Cheap and easy is to intercept outbound calls to port 53 which is DNS. If something other than 53 were being used, they'd have to inspect packets to figure out what is DNS and what isn't. Packet inspection on such a large scale takes dedicated hardware, which is $$$$ to install widespread, so it's not likely anytime soon.

So if the quick and easy blocking or intercepts happen, the quick and easy fix is to use another port on the server and tell those who want access the new port number to use.

My router can handle such DNS server port changes if need be because some ISPs intercept port 53 and some users wanted it to be able to use alternate ports.
--
If it's important.... back it up... twice.


Jason Levine
Premium
join:2001-07-13
USA

So advanced users would be able to bypass the censored DNS, but normal users would be subject to the blocks. This would reduce the possible audience for blocked sites and all but force sites to abide by whatever rules the COICA folks set.
--
-Jason Levine



DrDrew
That others may surf
Premium
join:2009-01-28
SoCal
kudos:15

said by Jason Levine:

So advanced users would be able to bypass the censored DNS, but normal users would be subject to the blocks.

Until the programs used by the "normal" users are updated with built-in ways to work around the DNS blocks, just like the torrent programs did with adding encryption after ISPs started blocking torrents.

For browsers, it could be done with a plug-in.
--
If it's important.... back it up... twice.