> Any request that is denied by OpenDNS is then allowed by our DNS server, and any request allowed by OpenDNS is blocked by us.
The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.
If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].
Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
They can't and don't do it with just a DNS, it'll have to be DNS + HTTP URL. Otherwise porn hosted on one large shared hosting would block everything. (e.g. imagine if the Amazon EC2 DNS got blocked).
The current UK ISP filter (the one that already filtered Wikipedia), used DNS & HTTP. IP addresses that needed filtering were redirected to their HTTP server by sending back their IP address, and then a HTTP proxy was used to filter specific URLs. This allowed them to block certain URLs. It was initally detected because lots of wikipedians noticed a lot of edits (basically lots of the UK) coming from a small amount of IP addresses (the IP addresses of the proxies)
To connect to an HTTPS site without SNI, the IP can only host a single domain, so they can just block the whole (IP:443) combination without affecting any other site.
The Danish Internet filtering works by messing with the DNS at the ISP level. If you don't want to get filtered, just switch to a non-ISP DNS, or run your own. Sadly it was implemented with little or no public debate, very very few got upset and most of us just switch DNS. I think the UK is in a much better position because they at least have the debate public and loud.
Cleanfeed (the UKs child porn filter) is supposed to be IP blocking/NAT based, coupled with web proxies. Given the scope of the filtering this time around though, it may be done by DNS. Let's hope so.
> Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
What you want is a website that answers: Does Country-C block Website-W? A user gives it a URL and it has VPNs surfacing in lots of different countries and it tries them all, and displays in which countries the URL is blocked.
The website also stores and records all blocked/unblocked websites, and allows this data to be downloaded.
The most interesting part of this to me is using multiple DNS providers to determine which category the site is in. It's both simple and effective.
If they actually go ahead with this plan in the UK and it's implemented similarly (eg. via DNS rather than IP blocking), somebody should make a list of what's blocked. Go through the top N sites and for each run a DNS lookup from both a filtering DNS server and also a couple non-filtered ones (ex: Google DNS[1]) then compare the results[2].
Bonus points if someone builds a way to crowd source the data so that it gets logged from multiple DNS servers round the world.
[1]: https://developers.google.com/speed/public-dns/
[2]: This would need to do more than a plain A == B as each address could resolve to multiple IP addresses.