Re: [DNSOP] EDNS0 clientID is a wider-internet question

Paul Vixie <paul@redbarn.org> Wed, 26 July 2017 20:19 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4B3124234 for <dnsop@ietfa.amsl.com>; Wed, 26 Jul 2017 13:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VaU-DRSdaWIP for <dnsop@ietfa.amsl.com>; Wed, 26 Jul 2017 13:19:01 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E53B112942F for <dnsop@ietf.org>; Wed, 26 Jul 2017 13:19:01 -0700 (PDT)
Received: from [10.8.193.39] (unknown [136.179.21.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 9C69661FF3; Wed, 26 Jul 2017 20:19:00 +0000 (UTC)
Message-ID: <5978F932.2000102@redbarn.org>
Date: Wed, 26 Jul 2017 13:18:58 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.16 (Windows/20170718)
MIME-Version: 1.0
To: Robert Edmonds <edmonds@mycre.ws>
CC: dnsop@ietf.org
References: <CAKr6gn1mZ7VTfM_wtpFX-G95wg-bWRA_YciZScFvr-YX8eYdWg@mail.gmail.com> <CAPt1N1nutxneiZg1JR90O5vRXVs+0WHvRtHpwCRyn4bXpf6g4A@mail.gmail.com> <CAL9jLaZrsiGZUPJzT1bZG-K2mTt3wP=x05-_Qp=rRh8uaBjS4g@mail.gmail.com> <5D73941C-B108-4A14-AEE5-7A28BCA94373@nohats.ca> <8d27cf2a-a883-7186-11bb-eeacd0bce68c@eff.org> <5976FC55.10301@redbarn.org> <alpine.LRH.2.21.1707250412390.19091@bofh.nohats.ca> <59779B68.2000906@redbarn.org> <20170725204158.isyxgyb7l5d5degr@mycre.ws>
In-Reply-To: <20170725204158.isyxgyb7l5d5degr@mycre.ws>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Gv1rmMD_erpjZLx5jx2k_AkCB-4>
Subject: Re: [DNSOP] EDNS0 clientID is a wider-internet question
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 20:19:05 -0000


Robert Edmonds wrote:
> Paul Vixie wrote:
...
>> some of run our own rdns. some use vpn's. some use opendns or similar.
>
> The internet now has billions of users. With the possible exception of
> OpenDNS who have gone to admirable lengths to populate their knowledge
> base with device-specific configuration instructions [0], I don't think
> any of the choices you've listed are available to the "average enduser",
> who almost by definition lacks the specialized technical knowledge
> needed to select an alternative DNS resolution provider.

italy's experience in blocking unlicensed online gambling sites proved 
otherwise, as would would SOPA had it passed. any rDNS service that 
blocks lookups in a way that does not align with a user's interests, 
will not be used, other than to locate the nec'y bypass recipes. most of 
those recipes do not require deep technical knowledge.

a minute or so of searching turned up these:

https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

https://support.hidemyass.com/hc/en-us/articles/202720776-Changing-your-DNS-settings-on-Windows-Mac-Android-iOS-Linux

also, there's an app for that:

https://play.google.com/store/search?q=dns%20changer%20no%20root

foot-on-neck disease, and unilateralism in general, have never been 
practical where the internet was involved. humans are only sheep-like 
when presented with a politician's lies. if you try to take away their 
porn or gambling or $whatever, they will balk, and become thuggish.

-- 
P Vixie