Subject: DNS Blacklist feature
To: None <>
From: D'Arcy J.M. Cain <>
List: tech-kern
Date: 11/05/2007 16:06:37
How do we feel about a mod to the resolver library to implement a DNS
blacklist?  Verizon and others are starting to resurrect sitefinder on
a local basis.  It occurs to me that one self-defense mechanism would
be the ability to add a line to /etc/resolv.conf that declares certain
IP addresses as evil^H^H^H^Hinaccurate and treat responses with those
addresses as returning NXDOMAIN.  This would allow users behind those
hijacking DNS servers to identify and redirect the redirection.

D'Arcy J.M. Cain <>