Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz

Patrik Wallstrom <pawal@blipp.com> Thu, 22 December 2016 11:17 UTC

Return-Path: <pawal@blipp.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E89EB128DF6 for <dnsop@ietfa.amsl.com>; Thu, 22 Dec 2016 03:17:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xsQDIvAR-9DC for <dnsop@ietfa.amsl.com>; Thu, 22 Dec 2016 03:17:56 -0800 (PST)
Received: from vic20.blipp.com (cl-682.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:2a9::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B9141288B8 for <dnsop@ietf.org>; Thu, 22 Dec 2016 03:17:56 -0800 (PST)
To: Nolan Berry <nolan.berry@RACKSPACE.COM>, dnsop <dnsop@ietf.org>
References: <C18E2D4E-EE89-4AF6-B4A0-FAD1A7A01B5E@vpnc.org> <5248A099-7E1F-437A-A1B7-C300F917D273@fl1ger.de> <CACfw2hj4VfuqsM-jRpxNc+bWNsUcSid+Y=r9U5jsA-0ZLbLRUg@mail.gmail.com> <20161221.163826.74705202.sthaug@nethelp.no> <alpine.LRH.2.20.1612211047200.13966@bofh.nohats.ca> <CAAiTEH_-LGUkpmPjDRsKpnPhXev1sNdF_2yaVXKmeWMJ7vm_eg@mail.gmail.com> <6C982A3A-721C-4094-A04F-059698581321@fugue.com> <CAAiTEH_LOUhCSRuDNggTK9f1iWw6dCQB2bJQ7FVyYn3MH49KUQ@mail.gmail.com> <20161221200104.GK13486@mournblade.imrryr.org> <72b8eca59f50481ab700570dffe2ea3b@RACKSPACE.COM>
From: Patrik Wallstrom <pawal@blipp.com>
Message-ID: <f6207950-0fc4-2b06-ecac-df8f267527fd@blipp.com>
Date: Thu, 22 Dec 2016 12:17:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
In-Reply-To: <72b8eca59f50481ab700570dffe2ea3b@RACKSPACE.COM>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/j4a5UOHZb571JZUXddoXvxha4WA>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2016 11:17:58 -0000


On 2016-12-21 21:44, Nolan Berry wrote:
> Hello,
> 
> 
> I will keep my feedback short and to the point.  We have implemented RPZ
> across our resolvers and it has been a fantastic tool to stop botnet
> C&Cs and outbound DDoS attacks.  I just wanted to say it has been an
> extremely valuable tool to us here at Rackspace and provide some
> positive feedback since this thread seems fairly negative.

<rewritten to greater effect in order to polarize the discussion even more>
I will keep my feedback short and to the point.  My non-democratic
country have implemented RPZ across our resolvers and it has been a
fantastic tool to stop free speech, improve national security and
minimize the distribution of disinformation.  I just wanted to say it
has been an extremely valuable tool to us here for our government and
provide some positive feedback since this thread seems fairly negative.
</>

Even shorter, RPZ might be a good tool, but definitely not something
that the IETF should promote in any way without a big enough warning
sign that there are dragons lying around.