[dissident]

> I realize DNSBL is voluntary and SOPA would mandate/force, but I don't see how the effects are different. For a DNS server

Bam, stop right there. DNS servers do not use DNSBL. There's your answer.

DNSBL is used in circumstances like this: You're connecting to an IRC server. It does some tests to make sure you're not spoofing your host, like using reverse DNS (PTR records). IRC servers will also try to prevent spammers and flooders by denying access to hosts that are in a DNSBL -- likely open proxies.

Here's some IRC software which does specifically that: http://www.blitzed.org/proxy/

I am running some mail servers which are having trouble delivering mail to gmail right now. gmail is returning back this error:

    The IP you're using to send mail is not authorized to
    send email directly to our servers. Please use the SMTP relay your
    service provider instead.

Turns out, it's because the IPs I've been allocated are in Spamhaus, which is an implementation of DNSBL that specifically targets spammers.

Again, this is an action by the server software itself. It is not a mandate, and is not actually a restriction on DNS. It is nothing like blacklisting cache servers. The name has confused you.

> Regarding CDNs, for a user initiating request for a non-blacklisted site, why would the CDN be now less efficient in its response?

If you're trying to access Google, their nameservers may give your ISP's caching servers a different resolution if you're in California rather than in the UK, usually to resolve to closer servers. This is only effective because nameservers can target cache servers which are specific to geographic areas, and is a great side-effect of the current structure of the naming system and of the Internet.

By forcing people away from domestic nameservers, this targeted effect fails. A foreign cache server will return inefficient resolutions to queries compared to a domestic one operated by an ISP.

Aside from being terrible for the end user, it also begins to put stress and congest different areas of the global Internet unexpectedly. Though arrangements can be made to compensate, it's pretty annoying and will never be as efficient as before.

> My point is that if DNS and CDNs become drastically inefficient by having to ignore certain names, then it sounds like it could have been designed better to handle such cases.

The only real "design flaw" in DNS is the inflated trust in cache servers. DNSSEC tries to resolve this by attaching a chain of authentication alongside the delegation chain which can be verified. SOPA breaks DNSSEC entirely because it cannot return these authenticated messages (it is resolving incorrectly or lying about the delegation chain).

DNS was not designed to be censored in the way proposed by SOPA; it is not a design flaw in SOPA, it's a flaw in the legislation.

[thebigshane]

This is a fantastic response and I'm glad you took the time to write it. I'm sorry I misinterpreted DNSBL, I guess I read "either as a zone file that can be used by DNS server software" and assumed they meant the main DNS servers really do use them.

Final question for you: Do you believe that if SOPA passes, it would really have drastic effects to the internet functionally? So, besides censorship and liability, do you think there would be a noticeable difference for tech-savvy internet users and website operators in regards to things you mentioned above (or perhaps haven't mentioned yet)?

[dissident]

> Do you believe that if SOPA passes, it would really have drastic effects to the internet functionally?

Yes. Things would have to shift around the compensate, but the real problem begins when SOPA justifies similar legislation in other countries, especially ones being bound by trade agreements which call for this type of stuff.

In the U.S. they claim "oh, but we're just going to target people who violate the law. You know, copyright infringement." Even if that were true, other countries have a long history of applying their laws, which usually suck and go much further to stifle speech.

SOPA legitimizes this method of blacklisting, thus leading to a balkanization of the naming system. People begin to move away from the cache servers, causing slowdowns in resolution and CDNs. Once this proves ineffective, the U.S. will want to censor any DNS server that resolves an IP to something they don't want. Then we have deep packet inspection.

It really will not end unless we force it to end. SOPA takes a drastic step that even the DMCA didn't do. DMCA targeted activities under U.S. jurisdiction. The next chapter in the global censorship game is the attack on websites outside jurisdiction, which is not feasible without immense privacy encroachments.

I don't want to see us going down that path. We need to go the complete opposite direction when it comes to copyright. SOPA also places way too much of a legal and logistical burden on companies within the U.S., which is going to lead a lot of people toward countries with progressive outlooks on copyright, like in some places in Europe.