[tptacek]

... but wholesale DNS-based blacklisting could never blow up in our faces. Noooooo sir.

[ryanjmo]

What do you mean by 'wholesale DNS-based blacklisting'?

[tptacek]

Paul Vixie has proposed an extension to the DNS that would have relay cache servers (the servers you ask for generic name lookups) store blacklists of evil domains. Anything blacklisted would, in effect, disappear from the Internet (for normal users).

[koenigdavidmj]

Out of curiosity, what would a `smart person' have to do to get all the domains back if this ever took root?

[someone_here]

An clean version of the DNS lookup table, of some sort.

An IP will do.

[photomattmills]

use an alternative DNS that doesn't blacklist. Alternative DNS servers already exist, I'm sure there'll be someone who won't blacklist if they do implement this.