>IANAL but would think that such practice should expose the operator >of the server or proxy to civil and/or criminal action, both from the >operators of the zones whose RRs are being misrepresented, and from >the users' whose applications are affected. I'm not a lawyer either, but I at least know that fraud requires intent. If a naive user clicks on a link in spam, and the DNS cache intercepts the request and returns a pointer to a warning page rather than a Ukranian malware site, that's not fraud, that's a service. If you claim otherwise, people will look at you quizzically, like you're spouting nonsense, which under the circumstances would be understandable. It also reinforces the perception that the IETF is out of touch and hasn't noticed that it's no longer 1990. Any analysis of DNS spoofing needs to take into account intentions and tradeoffs. On networks of consumer PCs, intercepting requests for malware sites is a 100% win. I'm not thrilled about the practice of replacing NXDOMAIN with the A record of a page of links to lexically similar web sites, but the actual harm of doing that on consumer networks (not networks with servers) is pretty hard to show. Replacing a valid record that isn't a pointer to malware with another is indeed bad, but I don't know anyone who does that. R's, John _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf