Censorship at ISP-Level / DNS-Tampering Paper

[link for this: http://md.hudora.de/blog/guids/53/53/5261415523775104.html]

Dear (swinog | siug | nanog),

I recently asked for input on using proxies and DNS for blocking Web content.
After some great input from listsmembers and the work of dedicated reviewers I have put an preprint online: "Government mandated blocking of foreign Web content" can be found at http://md.hudora.de/publications/#blocking or directly at http://md.hudora.de/publications/200306-gi-blocking/200306-gi-blocking.pdf It tries to give an technical overview about censorship at ISP level.

The relevance for network management are mainly the empirical results on DNS tampering which are summarized at http://md.hudora.de/blog/guids/53/53/5261415523775104.html . Basically providers using DNS to block Web content don't get it right and break all kinds of stuff.

Besides the technical challanges - BIND's coarse granularity allowing basically only manipulations at zone level - I think we face serious policy challenges: When once starting with DNS tampering why not use it for commercial purposes. E.g. redirect people trying to access your competitors domains to your own stuff? Possibly government mandated blocking manages to finish off, what the ICANN-wars where not able to archive: destroy DNS as an unified namespace.

Thanks again for all the input.


Max Dornseif