i'm not sure what ISPAI means by problems blocking using DNS. ISPAI DNS
needn't propagate upwards, so why should there be the risk of overseas DNS
blocking indian DNS systems?
otoh, DNS redirection is not an effective means of blocking blogs. two
examples from the list of banned blogs [1] are pajamaeditors.blogspot.com
and exposingtheleft.blogspot.com. the only way to REALLY block these is to
block the ip address, which is currently the same (blogspot.blogger.com
[66.102.15.101]). that is presumably what was done, which is why all ov
blogspot was blocked.
using the dns method to block the blogs would not be terribly effective,
though. but so what? that's the DoT's problem, isn't it?
-rishab
1. at the end of http://in.rediff.com/news/2006/jul/19blogs.htm
http://in.rediff.com/news/2006/jul/20dot.htm
On its part, the ISPAI clarified, in a letter to the DoT, what procedure it
was following to block the 18 Web sites. ISPAI Secretary Deepak Maheshwari
wrote, 'At the DNS (Domain Name Server) level, the blocking of particular
domain (suchandusuch.suchandsuch) or sub-domain (e.g.
suchandusuch.suchandsuch.suchandsuch) is done by redirecting the DNS query
to a NULL IP. Thereafter, any query to such domain / sub-domain that has
been blocked by the particular ISP, will be responded with a Blank IP by
the DNS.'
The system has its share of problems though. Maheshwari further said, 'It
is pertinent to mention that carrying out changes in the DNS entries is
considered a non-standard practice and, hence, has the inherent risk of
overseas Domain Name Servers blocking the DNS of Indian ISPs. In such an
eventuality, the ISPs would be left with no choice but to block the sites
at the IP level only.'
ISPs can block sub-domains, but not particular extensions. This means that
while abcsub.xyzdomain.com can be blocked, Maheshwari said that a page like
abcsub.xyzdomain.com/something.html cannot be blocked individually, which
is why the entire domain or sub-domain in question has to be blocked.
