> If the admin's goal is to block access to malicious sites, then they > want to block the traffic, not falsify DNS. If the goal is to warn > users away from bad places, they can publish the list as a filter for > end-system firewalls.
That may be your view about how blocking should work, but a lot of companies are using systems like OpenDNS who would beg to differ with you.
In terms of many of the metrics admins like such as simplicity, effectiveness, cost etc, then spoofing DNS comes out very favourably.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
