First gHTTP, now gDNS!
gEmbrace, gExtend, gExtinguish!
Bring back Microsoft, all is - Actually, strike that last remark from the record. Power does evil, however humble your beginnings.
Google has teamed with DNS maven Neustar to propose an extension to the net's existing Domain Name System protocol, hoping to improve the way the protocol maps web users to particular data centers. The news comes little more than a month after the web giant cum world power sensationally entered the DNS resolution business with …
First gHTTP, now gDNS!
gEmbrace, gExtend, gExtinguish!
Bring back Microsoft, all is - Actually, strike that last remark from the record. Power does evil, however humble your beginnings.
Anycast works by abusing BGP to constantly modify Internet routing tables in order to provide a DNS that is network-latency-wise closest to the requester, a technique used by Akamai and the various root servers. It doesn't do anything as silly as using a requester's geographic location, but to use the actual latency of the Internet, and this requires absolutely no extensions to DNS or any potential privacy violations by anyone.
Anycast is constantly modifying the route tables? Au contrair, that's part of the point. :-)
Anycast has some drawbacks on the Internet making it non-trivial to get to work generally with non-stateless protocols. And BGP does select the lowest latency path. It selects the "best" path according to policy, typically the shortest amount of AS'es to cross. (Pun not intended.)
Of course you know all this much better than those amateurs putting together the real proposals, right?
You are interested in requester's IP, not the IP of the DNS resolver he has used. However in Akamai, Level3 (one I used to run in EU), etc DNS anycast systems that is all you get. Google's proposal gives you the routing prefix of the requester's IP and preserves it across a resolver chain.
Out of all G00G proposals this is probably the most sensible and least nefarious. It works directly at protocol level, there is no feed into analytics/ads involved and it is of benefit to everyone.
The alternative is to anycast the service itself (http, mail, etc) which has also been done though much less often than DNS. It is doable (I have had designs to do that as far back as 2000), but the people to do it have gone extinct. Your average network and server designer/admin starts shivering and hiding in a corner at the mere mentioning of anycast - imagine anycasting your whole service offering.
Okay, that's a pretty good point. I can see some corner cases where an anycast resolution wouldn't provide quite the optimal solution, although in most cases it seems like it would still be Good Enough.
It is not ads, it is apps at question here. You gain very little in terms of ads by knowing user IP address at DNS resolution time.
It is however the holy grail in terms of choosing the right server to serve video or to run interactive apps. Especially the latter.
I kept wondering how exactly google intends to pull the Chrome feat and have a working network computer where others failed. This gives some idea on that. For that 24 bits is all you need. That is the routing resolution of the Internet so info at 24 bit level is sufficient to give you the right destination.
However, I do not see how this is going to translate to ipv6 so any advantages gained from this are going to be very shortlived.
Unless it also works using IPv6, such an extension is only going to have a limited lifespan.
Also, wouldn't a better method be to route on connection?
e.g. Computer connects to server, server says, based on your IP address, please connect to this server to access the service you are after.
That's right because dns is only ever used for resolving web addresses isn't it??
Route on connection? Wouldn't that just slow everything down and place unnessisary load on an additional server?
If I'm honest, I have heard better ideas.
Jeeez, here we go again.
DNS is not:
A Routing Protocol. Use BGP and Anycasting instead. Or even multi-casting over in the IPv6 world. Far better idea, and using the right tool for the right job.
A Security Platform. Use A Firewall!
The Phone directory. Don't screw with it
No'one claimed DNS is a routing protocol, or suggested it should be. The proposal has nothing to do with routing.
You might as well have posted "Jeez, here we go again. DNS is not: A Cabbage"
Any two bits of personal information google can join together it will attempt to join up.
Your IP address is x and the address you want is y. That's as good as you following a link from google search for them.
Your DNS request now only has to be passed to google owned server to give them the info,
I use Google's DNS service because my ISP redirects failed lookups to pages full of ads.
When Google start doing that I'll switch to something else, until then they're welcome to see my IP address if that's what they want.
The ISP 'search' page gets this plus account information and gets to dump loads of cookies in the process.
Three octets is fine in an IPv4 world, but that not where we are all heading. IPv addresses are much longer, and to give the equivalent of /24 in IPv4 you need /48 - i.e. six octets. It surprises me that google would suggest only three, as they have been very good at promoting the roll-out of IPv6 (for example ipv6.google.com or the recent enabling of IPv6 content on youtube).
The idea of getting the end users address prefix is excellent, but to specify it as three bytes would be an amazing waste of an opporunity.
Another choice is - run your own, without a forwarder. A bit excessive for most home users perhaps.
You have, of course, read the proposal Google's put forward, right, and not just a news story about it? No?
Ah. There's your problem then.
Is small and fast. It runs on Linux, BSD, OSX and Windows. www.powerdns.com
I'm not about to give up all that information to Google, who's not interested in privacy, they're interested in getting ads in your face.
You can also run PowerDNS geobackend if you want to provide results based on geographic location. Its been around for years.
How quaint! Is anyone still using that for anything other than the caching DNS servers on fully trusted networks? (In those cases, the leading bits of the address of the recursing server are the same as those of the client, so there's no benefit.)
"The Domain Name System converts text urls into numeric IP addresses."
Ok, it doesn't need to be on the level of "IEEE Internet Computing", but come one...
You know, a bit of research you can find this stuff out. Like Wiki, I'm sure, explains DNS.
Okay, briefly... Look up. Your URL (Uniform Resource Locator) is that http://blahblah stuff. Your URL consists, normally, of three parts.
The one you are looking at will say: http://forums.theregister.co.uk/forum/1/2010/01/30/[etc]
This can be broken down as follows:
http:// - you're looking at a web page.
forums.theregister.co.uk - the name of the website
anything after the next '/' - the "path" to what you wish to look for. Consider a plain "/" as being like C:\ drive and everything with more slashes as being folders, subfolder, and so on until you reach the file desired. Usually you don't have to worry about most of this as indexes will take you where you want to be, and you can always bookmark interesting stuff.
Problem, though. Computer network cards have numeric addresses. Your home router is probably accessed by going to 192.168.1.1 or similar.
The Register is 184.108.40.206. If you change the "forums.theregister.co.uk" to those numbers, you will get a 404 because the virtual host no longer knows which of The Register sites you want, but you will see it change back to www.theregister.co.uk.
That is DNS. It's like a giant phonebook. Every textual address (www.anything...) maps to an IP address (the four numbers with dots between). The base system of the internet cares not for textual names of things, it works with numbers. Can you tell me bbc.co.uk's address? Of course not - there's no need to. Just type the NAME into your browser and get it to worry about everything else.
PS: The last games console I had was a Sega Master System (original clunky shaped one). This isn't youth slang, it's the actual terms used. :-) Everything has its own jargon. You go hacking on horses, or when fiddling with wool using plastic chopsticks you could knit or you could purl, the patterns themselves looking like some sort of rudimentary programming language... I'm sorry you didn't understand, but if we always explained common phrases, articles would be a whole lot longer... I hope the above helps!
I think you missed the point, there...
"I think you missed the point, there..."
So did you....
Sure. Google DNS, but who else?
At least Google has a guiding principal that they may or may not follow of Do No Evil. Comcast, for example, has the principal of be as lame as possible and have kittenburgers for lunch.
OpenDNS is pissed because Google is going to take a huge chunk of their business as Google DNS actually complies with RFCs instead of OpenDNS which throws up adrev pages on bogus DNS lookups.
This isn't a question of who is perfect, it's a question of who sucks the least. Google may suck the least.
Not true. They want to take anonymity away and track what you do. that's evil.
I wonder what comes next?
...will work until the original founders are all retired/whatever.
Then the bean counters take over.
The potential for abuse is clearly there, and there is no/almost no government oversight, that's a recipe for disaster.
I have been a google partner since dang near day one. I trust them, but i really have no choice, all my sites are advertiser supported, and only Google monetizes my work.
Beer is good, sex is great, too bad you can't have both at once.
I have chips and gravy along with it ...
OK, Google: put forward your idea as a RFC. Then we can all choose to giggle, and ignore it.
Until then I'm happy to continue running my nine intercontinentally-dispersed authoritative DNS-servers for clients and Gurgle can remain blissfully-unaware of their locations.
[despite my efforts the Southern Hemisphere remains somewhat DNS-impoverished: ah, how I long for cost-effective 100Mbit/sec providers to the Falklands and Antarctica]
They have done exactly so. And it will most likely pass IETF. I do not see why not.
well, they have already started that. our google overlords have sent in a draft to the ietf dns working group: http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-00. if the working group thinks the draft is sensible it will become an rfc. it doesn't look like that's going to happen.
if the idea is adopted, it won't affect your authoritatve dns servers. it'll affect google' s because they will return answers which have been 'optimised' for the client that made the lookup.
and google will be able to amass another shitload of data. knowing who looked up what and when is just the start. they'll be able to point end users at special web sites. so that will let them track dns lookups with web page visits: how soon after a lookup does the client go to that site, how often they do it, when they stop doing that, what other DNS lookups they do, what percentage of lookups are followed by a visit to a web site etc, etc, advertising and marketing scum will love that. and google will monetise this.
Yet now Google also wants to spy on DNS accesses?!. Thats just all kinds of wonderful. As if they don't have enough ways to spy on people already!
So how much information on all of us is going to be enough for Google?
Where will it end Google?
Is there a limit to how much information Google wants on us all?
Google seems to be determined to expand on almost all fronts. So are they really going to push for a time when Google knows almost everything about all of us?!
Everything we like. (Everything we want, Everything we need?).
Everything we dislike. (Even everything we fear?)
Everything we read.
Everyone we speak too.
Everywhere we go. (via ever more hooks into GPS services even for 3rd party companies we don't even know are tied into Google).
Google are fast becoming the most Orwellian company in history.
Google even do doubletalk slogans as in "do no harm". The way Google are going, hooking into almost everything, their slogan is fast becoming some of the most two faced propaganda ever written. Google is looking like an ever increasing relentless information grab which is bad enough, but we also have the concept that we all know, which is knowledge is power, then that means Google is also becoming a relentless power grab.
With each new grab for knowledge and power companies like Google (and governments) are taking, its like watching a slow motion massive disaster unfolding, where on the one side I hear the gleeful ignorance of the young letting companies like Google (and governments) go ever further and on the other side, the warnings from our oldest generation of people who have sadly witnessed the full horrors of handing so much power to the never ending stream of Narcissisticly ruthless rulers in politics and business, all determined to transform their growing fascist levels of control into a Totalitarian level of control.
Sorry George Orwell, but not enough of our young learned the horrors your generation witnessed (and not enough want to learn) and so as they have not learned, they are doomed to repeat the mistakes of the past. So much for progress. But then throughout history, human nature has never really changed. We have always had a never ending stream of Narcissisticly ruthless rulers in politics and business. All that changes is the technology they use against everyone they want to control. :(
yeah, what he said.
We'd also like to screw Akamai and any other CDN or caching techniques that don't help us fiddle the content we show you to meet our (certainly not evil) commercial goals. So we'd like to geolocate you and pick a server that can bias the results the way we want. Might save us a bit of cost on transit, too. Oh, and even if we only catch a /24 (or, presumably, a /64 in the case of IPv6), we might have to give it up under some country's lawful intercept law.
They want to mine my preferences to better tailor the advertiising I've blocked. More power to 'em. Along the way they deliver open stuff I like. It's a win/win for me.
Lots of larger hosting firms already use all manner of expensive and vendor proprietary solutions to try to achieve this including products such as Global Site Selectors and Global Traffic Managers which either attempt to interface into DNS or when you have connected to a site (which means your IP address is known anyway) then working out which data centre is nearest to you and redirecting connections. Agree I would rather see this as an RFC but the result will make such Geo load balancing functionality more available to smaller outfits.
If DNS is going to be improved include the new DNS with IPv6 roll out, fix the inherent flaws that are known about in the current implementation without complexity of DNSSEC. The proliferation of Encryption Keys needs to have an organised structure, and if 1024 bit PKI keys are compromised does this mean that 2048, 4096, 8192 bit keys are easily used to replace them.
As with any technology that turns a stateless service behaviour into a client-specific proxy, this is a friend to censorship and an enemy of end-to-end transparency.
In this case, it's yet another attempt to subvert the primacy of routing protocols in making routing decisions. Hence:
"This gives the authoritative provider a better idea of where users are located, which means it's more likely to send users to a nearby data center when resolving a net address"
We already have two solutions of that: BGP and Anycast, and they already work for everybody rather than just secretive colossal-scale providers. And without compromising the key Internet design principle of end-to-end transparent layering.
This is an "I-Know-Better-Than-You" kludge that serves nobody well.
why should I be greatful for this?
My ISP's DNS service may be rubbish, but there are 3rd parties. I don't want their nose in my DNS ressolutions, just I don't particularly want their nose in my searches.
As for "only hold for 24-48" hours. I suspect this has a *lot* more to do either with their storage priorities (as in not worth holding for longer *until* they've got a bigger slice of the market) or that's the average update cycle for changes to the DNS database.
And of course at heart we *only* have their word that's how long they hold the data in the first place.
Google lie. Surely not!
"it is becoming an end-to-end infrastructure all run by Google" - only if people let it.
I don't use Chrome, i use firefox.
I don't use Google search I use Yahoo, (maybe switching to Lycos or someone else if the tie up with bing starts affecting the search results. It brings a wry smile when my relatives look over my shoulder to see me using, "Dog Pile!")
I don't use g-mail; I have my own domain.
I don't use google maps, I use streetmap.
I don't use Gmail/Gtalk, I use Kopete. (I mix Yahoo, Messenger and ICQ)
I don't use the google tool bar, either ... it got in the way of some Java programs.
I use blogger and I use You Tube, but the adverts don't even make a dent
I also use analytics ... or rather, did; I get the reports but i don't read them any more.
Now ... what's all this about Google owning the world?
You can't realistically bleat about it taking over the world if you're part of the people who contribute towards the usage figures that earns it the advertising revenue in the first place.
To be completely honest, I think the people who feed all this advertising revenue to Google must be out of their skulls ... it is a complete waste of money. I think the only advertising that has any affect on me is TV and full/half page magazine adds.
Once I've worked out the IP addresses of the advertising sites, I simply add them to my firewall ... I never see the majority of advertising that these companies are paying for.
Personally, I think many of these advertising companies that go for adverts on the web haven't yet worked out that there is so much animation and stuff going on, on a web page, that it is a turn off. I actually stopped reading El Reg for a while because of one advert that kept popping out of its allocated space and intruded on to the text.
I mean ... it doesn't take much to take a stand against Google. Just simply change your default search engine; get a domain (they've cheap enough) that can follow you no matter who your ISP is. (I prefer separately hosted e-mail so I can enjoy some of the extra functionality) De-install google maps and buy a real one ... you know ... the ones that come on that ingenious device called paper.
Internet advertising has to be among the most inaffective advertising method ever created. Let me put it this way ... when I come to the Internet, I know what I want to look for and advertising doesn't stand a chance. There is so much internet that if I was bored, I would go do something else. Sitting in front of a Tv with 80 channels wondering what to watch is much easier than sitting in front of the Internet and wondering what to watch. i'm a simple person, you see.
The only reason I look at the Alexander Orlov adverts is because they are funny. My car insurance, however, wasn't done by comparing meerkats.
Mind you, it has to be admitted ... Yahoo's advertising strategy wasn't exactly a stroke of genius. I'm reminded of it every time I watch, "Inspector Gadget."
Nah, I just don't get Internet advertising. However, I'll gladly use the blogging and video sharing services it is paying for.
There seems to be some confusion. DNS takes a hostname - not a URL, and gives you the IP address. Of course it will also work in reverse :-)