Home / Blogs

Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad

Paul Vixie

It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns.

Please note that my co-authors and I are all strong advocates for individual property rights and for that matter we're all copyright owners ourselves. We don't think that "content wants to be free". The parts of the proposed legislation that target online advertising and payment networks are solid work and will have a positive impact. But the part describing how ISP's would filter their DNS results according to lists of bad domains maintained by the U. S. Gov't is a bad idea — it won't have much of an effect on counterfeiting or infringement online but it would surely create a lot of new problems — especially with DNSSEC.

I am especially concerned about the growing number of off-shore DNS services promising free, clean, unfiltered results. The letter below references three such services and our white paper from May 2011 predicted this exact outcome. I think it's now obvious to everybody that there will be dozens or hundreds of "pirate-friendly DNS" services if S. 968 or anything like it becomes law. This would multiply the online perils faced by Internet end users in the United States, as well as mooting the new law.

Let's stop online infringement and counterfeiting, but let's do it sensibly — in a way that works and which won't create new and worse problems.

Internet Engineers' Letter in Opposition To DNS Filtering Legislation PDF, October 12, 2011

Update: ISC is hosting a webinar on this topic on October 26. Domestic ISP's and ASP's should plan to attend. Any interested party is of course welcome.

By Paul Vixie, CEO, Farsight Security. More blog posts from Paul Vixie can also be read here.

Related topics: Censorship, DNS, DNS Security, Intellectual Property, Internet Governance, Networks, Policy & Regulation

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

A hearty "+1" Jothan Frakes  –  Oct 14, 2011 2:32 AM PDT

This legislation in and around clamping via DNS at the ISP level is obtuse to how the system works when combined with the human spirit. 

This article about blockaid.me, a new workaround for any government seized domains, illustrates how thin the premise of any real value the legislation might deliver.

It is unlikely to be much other than a minor nuisance to the true 'perps' that the legislature will create.

My concern has always been that a workaround might come in the form of rogue recursive DNS servers being provided to people as a means to mitigate the clampdown their ISP may have made.

Users are still able to override their DNS settings per computer or even per router at the home or enterprise.  Often this might be teens editing their parents machine or one at school.

Once someone can answer DNS authoritatively for every lookup, they can fairly well change ANY site, intercept email or other traffic, disrupt antivirus autoupdates and other bad things.

This is another of the many scenarios that illustrate how the 'cure' can create more problems than the disease.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

2016 U.S. Election: An Internet Forecast

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Understanding the Risks of the Dark Web

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Mobile Web Intelligence Report: Bots and Crawlers May Represent up to 50% of Web Traffic