On Fri, 20 Feb 2026, Ben Schwartz wrote:
I agree with the importance of user agents "exercising judgement" about these incident
information sources. An "open" policy would invite a variety of abuses.
I still don't see why IANA should be involved.
Right. We will assume browers will trust some sites to verify why domain
names are blocked (Lumens or clarifying pages of cloudflare, google,
dns4eu, etc). The only thing you should need to check in with those
sites is the QNAME. No need for the DNS server to return some
proprietary ID.
So, if your QNAME gets an EDE of CENSORED, possibly with some sub-enum
kind of "LEGAL_REQUEST", "COMPANY_POLICY", etc, then the browser can
inform the user, and based on browser support, the user can lookup the
domain in one of the browser's or users repuation service sites.
This way, a local admin using a blocklist and a forwarder of a public
DNS server can explain their own reasons without the user risking
visiting some malicious site. Browsers or their plugins can link such
errors to more informative sites independant of the local network.
Corporations could provision the browser with a specific (their own)
reporting site as well.
Such a setup requires no IANA registry, supports local network
censorship requests with sub-reasoning and allows the browser to
let the user lookup additional information on well-known or
provisioned "bad website" reporting centres, and avoids any kind
of further centralization of DNS whereby only "known large public
DNS resolvers" have a workable enduser friendly error reporting
feature.
Paul
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
