URLs, IPs and interception

[Adrian Midgley]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roland Perry wrote:
> In article <47C9CEE4.5040901@defoam.net>, Adrian Midgley
> <amidgley2@defoam.net> writes
>>> Indeed, if I bought two ADSL connections from two
>>> ISPs and slung all my DNS traffic down one and all my HTTP down the
>>> other --- hardly rocket science to set up --- the HTTP ISP has no
>>> business knowing anything about my traffic at all.
>>
>> Or inded if you did your DNS lookups inhouse, or reverted to using IP
>> numbers...
> 
> <cough> they are *numbers* which represent *IP addresses*
which are 32 bit/digit binary numbers, no?


> But you can't always access a website purely by IP address.
But with IPv6 there would be a more limited need to share IP numeric
addresses, and in the subset we are possibly discussing there might be a
greater desire amongst host operators (perhaps assymetrically at the two
ends of a connection) to have one machine on one address.

I'm not convinced that the problem as originally presented - misuses by
ISPs of DNS requests -  actually gives a problem with multiply hosted
FQDnames on singe IP numeric addresses though.

If one has a DNS in one's own network then there is no reason it should
not know all that, and as many reasons that it should as there are
anywhere else.

So the DNS lookup within my firewall would return the correct csingle IP
address, and the packet containing the one of many FQDNs for a
virtual/server on that address would then be sent in its direction, and
interpreted as usual, but without any need for a DNS query to escape
purdah here.

It implies an undernet synchronising the DNS, which is presumably
absolutely stuffed with obCryptos.

- --
A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHytVob80am9d/StcRAhtxAKDn4YBvyBEJ+pz/SZ15MdYc6fNjTgCg1IDz
ENe0N/akGCJHx/gQtTqU3A8=
=wMe1
-----END PGP SIGNATURE-----