Dan York1d ago
Joseph Lorenzo Hall, PhD
Carl Gahnberg has a new post highlighting ISOC's new resources for legal professionals on mandated DNS blocking. If you need to explain the technical realities of the Domain Name System to courts or policymakers, start here:
https://www.internetsociety.org/blog/2026/04/dns-blocking-mind-the-unintended-consequences/
DNS Blocking: Mind the Unintended Consequences - Internet Society

As DNS blocking mandates multiply, so do concerns about security, the openness of the Internet, and fragmentation.

Internet Society
Apr 3 at 11:12pmWeb
Show threadJoseph Lorenzo Hall, PhD1d ago
Repurposing the Internet's naming system for public policy is blunt, costly, and counterproductive. It breaks legitimate services, undermines authenticated DNS, and does not actually remove targeted content from the Internet.
Show threadJoseph Lorenzo Hall, PhD1d ago
"Mandated DNS Blocking: A Guide for Legal Professionals" is an in-depth reference detailing the collateral damage of these measures. It outlines how blocking fragments the Internet and forces significant costs on operators. https://www.internetsociety.org/wp-content/uploads/2026/03/Mandated-DNS-Blocking-Full-Paper.pdf
Show threadJoseph Lorenzo Hall, PhD1d ago
Need a concise version to submit to a court? Litigants globally use our shorter brief, "Mandated DNS Blocking: Critical Considerations," as evidence to clearly explain these technical limits. https://www.internetsociety.org/wp-content/uploads/2025/11/Mandated-DNS-Blocking.pdf
Show threadPaul_IPv61d ago

@joebeone

it's not just a blunt/crude tool to do this. it's a mostly ineffective tool. it breaks things way more often than it does what is intended. it's playing russian roulette with 5 bullets and one empty chamber.

Show threadPaul_IPv61d ago

@joebeone

an informed choice about who you get to filter your DNS, including making sure it's a well curated and frequently updated block list, can be a feature in your security profile. but the end user must be the one to decide, not some IP/copyright owner on a tear or some politician with as little understanding of security as of brain surgery.

Show threadCassandrich1d ago
@paul_ipv6 @joebeone Use of any 3p DNS blocking service surrenders any ability to validate. That makes it a non starter. Only viable DNS based blocking is local, but really, just don't. There are better ways.
Show threadPaul_IPv61d ago

@dalias @joebeone

i do blocking in my house but of a very small set of FQDNs. all are known ad brokers or malicious C&Cs. makes browsing vastly faster and i don't miss out on anything. i also do various other things but that blocking is a useful bit. it's definitely not a full solution in any sense. defense in layers.

Show threadCassandrich1d ago
@paul_ipv6 @joebeone I just use UBO for that so the decision is in the client device not also imposing my choice on guests, other household members, etc. And so lookups for the things to block don't timeout retrying ServFails (because client devices locally validate & reject the spoofed NxDomains.
Show threadPaul_IPv61d ago

@dalias @joebeone

different networks, different needs.

i like having one place to make sure all my tablets, computers, phones, etc. have the same protection but i don't have to support guests with different desires.