Google Proposes DNS Extension 271
ElusiveJoe writes "Google, along with a group of DNS and content providers, hopes to alter the DNS protocol. Currently, a DNS request can be sent to a recursive DNS server, which would send out requests to other DNS servers from its own IP address, thus acting somewhat similar to a proxy server. The proposed modification would allow authoritative nameservers to expose your IP address (instead of an address of your ISP's DNS server, for example) in order to 'load balance traffic and send users to a nearby server.' Or it would allow any interested party to look at your DNS requests. Or it would send a user from Iran or Libya to a 'domain name doesn't exist' server."
Re:Do no evil, eh? (Score:2, Insightful)
What's evil about this? All sorts of CDN systems could benefit from this. Hell, it could actually provide even the smallest web provider with a poor-man's version of expensive products like F5's global traffic manager.
Wow, Slashdot editors hate Google (Score:5, Insightful)
The summary isn't even close to correct. What the hell is going on with Slashdot these days?
Re:Do no evil, my ass. (Score:5, Insightful)
If Google could be trusted to never hand that information over to the government, then I would have no problem with them data mining as much as they want.
Those were really big IF's since we all know the government can easily get the information from Google, therefore we don't want them to have it.
There are lots of value add services that can be done because of data mining that consumers and the population want, they just ignore the consequences of the government also having access to the same data.
How's that evil? (Score:5, Insightful)
What a load of crap. There is no way to exploit that. If a someone wants to block certain IP ranges, it is much more efficient to do so at the HTTP (or whatever the protocol in use is) level, rather than in DNS.
Even if this gets introduced, every DNS server will continue supporting the old (without 'IP forwarding') way of doing things, so it's easy enough to pick a DNS server which doesn't forward your IP. Everything will work just as it does now (you won't have the potential speed advantage you might get with the new system though).
Whoever wrote TFS doesn't know the first thing about how networks work. Looking at what just happened in China, do you think that Google of all companies really wants to endanger your privacy?
The reason why Google offers public DNS servers and why they came up with this is because they want to make the internet faster for everyone. And they're doing it in an open, backwards-compatible way.
This is a good idea and should be implemented.
This is important! (Score:5, Insightful)
This is extraordinarily important for efficient operation of the internet. If people want to block you, they can, DNS or no DNS. However, for global load balancing, this is vital. You want to connect to a server near you, not near your DNS server.
This will not stop the proper function of proxies.
Needed, not evil... (Score:5, Insightful)
There are already many uses where the IP address of the resolver is used to determine service, basically every CDN etc uses this technique.
This extension is needed if you want OpenDNS and the like to Not Suck when fetching Akamai sourced content, youtube videos, etc.
And its not like the owner of the DNS authority won't find out who you are anyway, after all, you then CONTACT THEM DIRECTLY WITH YOUR IP ADDRESS!!
Re:Do no evil, my ass. (Score:5, Insightful)
Are you being deliberately obtuse? Region-based load balancing also helps content providers reduce latency and get better bandwidth by reducing the number of network hops between you and the web server. This could be very beneficial to sites like Youtube and other high-bandwidth sites.
And the privacy issues strike me as semi-bullshit. You are looking up the DNS for a website YOU WERE PLANNING TO VISIT ANYWAY. When you visit the web site, they have your full IP address anyway. Sure, there are potential man-in-the-middle issues, and maybe some worries in cases where the web server operator (which presumably you want to give your IP address to) and the DNS server operator are different people. But seriously, web browsing is not IP address anonymous in any way, so I see no reason why DNS has to be either. If you want that level of privacy, you should be using Tor.
Anyway, the privacy/efficiency debate is worth having, but you have to first acknowledge that Google's legitimate reason for this extension might actually be the reason they stated.
Re:Do no evil, eh? (Score:2, Insightful)
I think the issue here is that for a marginal amount of good there's a whole lot of bad that can come out of this idea.
I can't se how this give google any more data (Score:4, Insightful)
I can't se how this does give any more information to Google or other users.
Example: If i do a lookup on www.slashdot.org then this query should newer hit any dns server controlled by Google.
The only way a query would end up on a google controlled dns server, would be if the domain i looked up were owned by google, and in that case I don't care, because then I am about to visit the site anyway which mean they will have my entire ip.
Re:Not as evil as suggested (Score:4, Insightful)
Web sites already know where you're coming from. They have your IP address. Every single one of them, unless you're using a proxy. The problem is they can't easily redirect you to the server closest to you once you've already resolved their address. The only in the whole system who do not know your IP when you're browsing the web is potentially the authoritative DNS server; the usual case is the same people who run the authoritative DNS server also run the web server, so while they don't get your IP when you do the DNS lookup they will when you eventually land on the site.
Re:Not as evil as suggested (Score:2, Insightful)
I'm not worried about the "evil" aspect of it. This just doesn't sound like what DNS should be used for.
Re:Do no evil, eh? (Score:5, Insightful)
Well, the summary lists two ways that this could be used for "evil":
1) Or it would allow any interested party to look at your DNS requests.
2) Or it would send a user from Iran or Libya to a "domain name doesn't exist" server.
Violating privacy and enabling censorship have no place in the Western world.
You are assuming that the summary bears any relation to reality!
The proposal is that your ISP's resolver will pass your approximate IP address when doing DNS a request on your behalf so that you can be sent to a close-by server for your actual TCP connection.
What extra information does someone get here? How does this allow "any interested party to look at your DNS requests"?
On the Iran point, if the website wants to block users from Iran, they can do that when you make the TCP connection - at that time they get your exact IP address and can apply any filtering policy they like.
Ups and Downs (Score:5, Insightful)
I like it. I don't know what the aggregate increase in efficiency across the net would be, but I'm betting if Google is suggesting it, it could be significant. While there are some potential abuses, they're really no different than what can already be done at the router/server level currently.
Re:Do no evil, my ass. (Score:4, Insightful)
Oh because they're not going to get all four octets a fraction of a second later when you CONNECT TO THEIR SERVER?
Critical thinking people... This would actually let people not use their ISP provided LDNS' without getting asstastic performance from every big site out there!
Re:Do no evil, eh? (Score:3, Insightful)
Oh, how I wish that was true!
This is bad (Score:2, Insightful)
Re:Do no evil, eh? (Score:2, Insightful)
Re:Google is further away than your ISP (Score:3, Insightful)
Because their ISP plays stupid games with DNS and setting the DNS numbers on the computer is a tad easier than setting up and running a DNS server.
Re:How's that evil? (Score:2, Insightful)
My good AC, I actually think you aren't a Google astroturf, but how naive can this be? Google is a public corporation whose fiduciary duty is to make money for their shareholders, not make the intertubes flow more smoothly, unless that causes Google to make more money.
...and if you don't see how that causes Google to make more money, you're an idiot. Extra points for calling someone "naive" for not being as gullible as you.