Discuss mailing list

[Kenny Taylor <kennytaylor AT runbox.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On my own domains, I have never expected any level of privacy when I create 
DNS records.  They're public and I'm putting them out there for the world to 
use.

On the DNS server side, if we're looking at logs with obsfucated IP addresses 
and see a questionable pattern, like constant ripe.net ANY queries, it seems 
reasonable to investigate further with the goal of blocking the abusive 
traffic.

Ultimately, the end user has to decide whether to trust the DNS server admin. 
 If we say we obsfucate logs, they put faith in us to do so.  If we say raw 
logs may be reviewed solely to investigate abuse, it's also a matter of faith 
in the admin.

I think if we stick to that strict review only to mitigate abuse policy, 
we're still upholding our commitment to end-user privacy.



Guillaume Parent <gparent AT gparent.org> wrote:

>You can't avoid the privacy violation here. Either we monitor our
>servers
>and we have to occasionally look at record names and IP addresses, or
>we
>don't monitor our servers and some of us get shut down for being
>internet
>bastards.
>
>
>On Tue, Jun 11, 2013 at 11:23 AM, Alex Nordlund
><deep.alexander AT gmail.com>wrote:
>
>> On Tue, Jun 11, 2013 at 2:23 PM, Quinn Wood
><wood.quinn.s AT gmail.com>wrote:
>>
>>> On Tue, Jun 11, 2013 at 1:17 AM, Julian DeMarchi
>>> <julian AT jdcomputers.com.au> wrote:
>>> > Why would someone have 511 A records for @....
>>> >
>>> You've completely missed the point. The point is my distaste with
>>> someone looking through domain requests and the subsequent advice to
>>> block access to one just because it's name looked fishy.
>>>
>>> If the type of query was what was being acted on, it would have
>>> already been in a filter and the complaint would have never been
>made.
>>> It's a privacy violation masquerading as ok because malicious
>behavior
>>> was found..
>>
>>
>> How is it a privacy violation if it's found on the person's (I quote)
>*personal
>> closed resolver*?
>>
>> Best regards,
>> Alex
>>
>
>
>--------
>You are a member of the OpenNIC Discuss list.
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQJDBAEBCAAtBQJRt0wlJhxLZW5ueSBUYXlsb3IgPGtlbm55dGF5bG9yQHJ1bmJv
eC5jb20+AAoJELOordj4VKFQFXoP+waWS8HglDHVzzHCLrQyIOgIXbbwA1oeioQS
IbYpoO8/p1JqKSdhxUNigY6v+l0ANpQK0e9e08VBBw/CdGVvzkk0SPR+TofbTshD
9LIAC4WpN1WAjgwUCQJKQIgfNaflERQJxBj4M0r8xx4RAxY4pRKENeB8HrMryfDQ
hE2U7XU6r1QuvSFAK0s9TM+NTB7qtlvzqzVtPCSys5ilHk2gONOBJpm+yDlMSeX9
vAE17CBB0wO8HDqI3MQOvSAa24q5xr3gFOZWYmcyVzv9si2JCUBv825WdmNg7dT5
+4V4lCgdJC6h3EPnMq8rlexetOOnl42koqSgWOOU/jlwSNLhZT7RRBU0QrqWULV8
8+EYXWBx0H44o87hjMWV+p8m4lSSBeerYwGAwJjcTD4K2AaaivE52fskHYPiuFY9
NoguVII6flq33GOz8yeS0EgJTE9ysV+vj2B9GogG7Bc5OsI0hJGe7f1phrTQmYHO
iZRj0QV9VEciP0/dgL+yzrGt1CVYzs8FiF2geq7W61/gml5ixTqtHLFkguq9Guy2
VmtrKi0YHo8XZk7jJV4bEoBrCESXYT71Rfr3/z1htX1d830k1J/TixIWVVE/p1xN
nEXBPiQkUujIWhwtmX5t6aIjtQ+OzHXyLhbgLeWX5zgG1H4+9lPNN+WK0AxQ8Fmx
+c+0rzwx
=hDH1
-----END PGP SIGNATURE-----