On Mon, Dec 19, 2016 at 10:38:46AM +0100, bert hubert <bert.hub...@powerdns.com> wrote a message of 25 lines which said:
> By this token any firewall is censorship and lies. Yet we still use > them. No, blocking a communication is harsh but is not a lie. Returning HTTP code 451 (RFC 7725) is not a lie, the HTTP server clearly says "this is censored". In the case of the DNS, in the absence of a rcode equivalent to 451, modifying the answers of the authoritative name servers is a lie. But some are more or less serious lies: * returning SERVFAIL is a mild lie (it is close from the behaviour of a firewall blocking communications, and it is compatible with DNSSEC) * returning a false IP address is a very serious lie. This is what phishers and other miscreants would like to do, while we are supposed to defend the integrity of the DNS. The draft allows both, and does not warn about the severity of the different possible lies. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
