Re: [DNSOP] EDNS0 clientID is a wider-internet question

Paul Vixie <> Wed, 26 July 2017 20:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9B4B3124234 for <>; Wed, 26 Jul 2017 13:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VaU-DRSdaWIP for <>; Wed, 26 Jul 2017 13:19:01 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E53B112942F for <>; Wed, 26 Jul 2017 13:19:01 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 9C69661FF3; Wed, 26 Jul 2017 20:19:00 +0000 (UTC)
Message-ID: <>
Date: Wed, 26 Jul 2017 13:18:58 -0700
From: Paul Vixie <>
User-Agent: Postbox 5.0.16 (Windows/20170718)
MIME-Version: 1.0
To: Robert Edmonds <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] EDNS0 clientID is a wider-internet question
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 26 Jul 2017 20:19:05 -0000

Robert Edmonds wrote:
> Paul Vixie wrote:
>> some of run our own rdns. some use vpn's. some use opendns or similar.
> The internet now has billions of users. With the possible exception of
> OpenDNS who have gone to admirable lengths to populate their knowledge
> base with device-specific configuration instructions [0], I don't think
> any of the choices you've listed are available to the "average enduser",
> who almost by definition lacks the specialized technical knowledge
> needed to select an alternative DNS resolution provider.

italy's experience in blocking unlicensed online gambling sites proved 
otherwise, as would would SOPA had it passed. any rDNS service that 
blocks lookups in a way that does not align with a user's interests, 
will not be used, other than to locate the nec'y bypass recipes. most of 
those recipes do not require deep technical knowledge.

a minute or so of searching turned up these:

also, there's an app for that:

foot-on-neck disease, and unilateralism in general, have never been 
practical where the internet was involved. humans are only sheep-like 
when presented with a politician's lies. if you try to take away their 
porn or gambling or $whatever, they will balk, and become thuggish.

P Vixie