NXDOMAIN redirection in BIND 9.9

David Miller dmiller at tiggee.com
Fri Sep 30 23:43:08 UTC 2011 

On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote:
>
> "We came to the conclusion that no matter how much we wanted it to not 
> be true, people find a way to do NXDOMAIN if they want to. The issue 
> is not ours to push, it's between the ISP and the customer ultimately, 
> and people will do it -- and more intrusively -- than BIND 9.9 will."
>
> That is just giving in. To what WILL end up being akin (is akin) to 
> taking away access. The argument that everyone is doing it so let's 
> just facilitate it is a bad one. This is a cave in to bad behavior 
> which borders on freedom of speech violation, since your sanctioning 
> the ability to arbitrarily redirecting (without redirecting) content. 
> Important part being the sanctioning of.
>
> http://en.wikipedia.org/wiki/DNS_hijacking
>

You get to run your network how ever you like.  This is your right.  
Turn the feature on if you like -or- make sure it is off if you don't 
like it.

You don't get to tell others how to run their networks.  Well... you can 
tell them, but they don't have to listen to you...

Many organizations want to do NXDOMAIN redirections on their resolvers 
on their own internal networks or on guest wireless networks or on 
whatever networks they control for whatever reasons they like.

Other resolvers have had the ability to do NXDOMAIN redirections for 
many years.  The pressures keeping ISPs from implementing NXDOMAIN 
redirections has never been the fact that BIND didn't support it.

You are going to have a hard time making the case that NXDOMAIN 
redirections are a "freedom of speech violation", but the place for that 
argument is in the court room.

Instead of seeing this as a "sky is falling" event, why not see it as an 
opportunity to create your own resolving DNS service that does not do 
NXDOMAIN redirections?  Then every ISP that implemented NXDOMAIN 
redirections (using BIND or any of the myriad of other software that 
will do it) would be another potential group of customers for you.

-DMM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110930/5449ca13/attachment.html>

More information about the bind-users mailing list