While Internet filtering using the DNS (Domain Name System) is often cited in the fight against cybercrime and serves as input material for discussions on net neutrality, the AFNIC Scientific Council has studied the technique, the means for implementing it, the theoretical extent to which its objectives are met and the collateral effects it may or may not cause.
As an Internet registry operator, AFNIC is responsible for the effective functioning of DNS resolution under the .fr, .re, .tf, .wf and .yt Internet zones. The registry plays an active role in the international bodies involved in discussing, standardizing Internet core protocols.
The study by the AFNIC Scientific Council shows that DNS filtering is a technique that can theoretically be used to relocate the decision to authorize or prohibit the access to a domain name at the level of the country or a telecom operator. Circumventing these measures is technically simple, however.
The adoption of technologies such as DNSSEC could also be disrupted. Finally, the effectiveness of the measures usually advocated to bolster confidence in e-commerce sites, including checking the URL in the browser bar, would be diminished.
This therefore indicates that the collateral effects of large-scale implementation of DNS-based filtering on Internet security are extensive. Its effects could permanently weaken the trust seals on which users rely today.
[PDF – 76 Kb]