 
            On Tue, 03 Jan 2017 09:42:38 -0800 "Luis E. Muñoz" <lem@uniregistry.link> wrote:
On 3 Jan 2017, at 2:30, ox wrote:
When it becomes a "STANDARD" (ACCEPTABLE) and nefarious behavior is suddenly "the way things work" - then this is of serious concern.
You seem to be assigning intent to a tool. A hammer in the hands of an artist can produce a beautiful form of art while the same hammer can be used to hurt someone. It's not the hammer's fault. Besides, RPZ is not a requirement to implement the "walled gardens" you're describing. The same thing can be achieved by other, simpler means.
by the same argument then it would be perfectly fine for society to promote the distribution of DDOS tools, zero day hacking tools and, well methods to defraud Internet users, define best practise for Phishing, etc. and no, of course you do not need RPZ to create "walled gardens" but discussing it "as normal practice" and "the way DNS works" and "okay" is what serves to legitimize RPZ as "perfectly fine" Whereas in truth, it is EVIL.
My objections are easy: Defining a clear standard on how DNS tells lies to users, and different lies to different users, depending on which user is doing the asking, and then hiding the truth of your lies from your users, is EVIL!
If you find the "lying" unacceptable, then this is what should be targeted, not the tools that are being used -- which BTW have positive uses that IMO far outweighs the abuse you're describing. Consider this use case: RPZ can be used to prevent a set of known DNS names from resolving, stopping the spread of computer malware. Moreover, it can also be used to alert operators of infected machines that their computers have been compromised.
Trillions and trillions of domain names can resolve to a single ip number. Please give me one (as in singular) just ONE example of a domain that has trillions of IP numbers? Water does not flow uphill. DNS firewalls are stupid.
I'm at least hesitant to describe any of those as lies. It's just a protocol exchange -- my machine asked for a name-to-IP map and received a suitable response, even one that actually fitted better with my current situation.
You are wrong. When your user asks you for Google.com and you lie, this is a lie. It is not just a lie, it is fraud. If you then still take that a step further and tell different lies to different users (depends who is asking) And, RPZ stil ltakes that a step further, you deceive and hide your lies from your users AND RPZ makes the management of this easy and defines methods how this is done - It is simply a hacking tool that promotes deception, secrets, fraud and other criminal activity.
Granted, this is not the only use case. I dislike walled gardens, which is why I take measures to avoid them -- yet I won't attack the underlying technology because as I said, has far more positive uses.
There are many things about RPZ which is wrong - so many that it is EVIL! And I am happy to discuss all the EVIL bits, which starts at the very foundation of RPZ and goes all the way up to the roof...
Best regards
-lem
Luis Muñoz Director, Registry Operations ____________________________
http://www.uniregistry.link/ 2161 San Joaquin Hills Road Newport Beach, CA 92660
Office +1 949 706 2300 x 4242 lem@uniregistry.link