tag:blogger.com,1999:blog-11300808.post3031570352920359751..comments2024-03-18T00:47:50.425-07:00Comments on The official Google Code blog: A proposal to extend the DNS protocolMike Marchakhttp://www.blogger.com/profile/08067736591419106914noreply@blogger.comBlogger46125tag:blogger.com,1999:blog-11300808.post-1325332278341852852012-01-17T08:29:46.936-08:002012-01-17T08:29:46.936-08:00Truri, Bell - Location-based DNS responses are bas...Truri, Bell - Location-based DNS responses are based on the network location of the client - not the Geo-location.<br /><br />I.e. If I'm on a mobile device then I want to be be redirected to a server near to my network operator's data link, not to a server near where my device happens to be.<br /><br />The IP address is *exactly* the right information to use for this, no other data would give a correct result.<br /><br />For people saying that there are already companies who offer this service, this only works if the Authoritative nameservers receive the request direct from the client, and it breaks when a global dns proxy is being used (e.g. ISPs' dns servers, Google DNS, OpenDNS) - this proposal is to fix that and to allow the same service to be implemented correctly (by Google and the existing companies) when the request is coming through a non-authoritative nameserver.<br /><br />For IP V6 - it's specified in the link.Tim Wintlehttps://www.blogger.com/profile/09670239118266234807noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-48011536834644983542010-11-17T00:58:10.463-08:002010-11-17T00:58:10.463-08:00Better solution just add into DNS request optional...Better solution just add into DNS request optional location information (for example Coutry+City). If forwarder has received location from requestor he will send it to authoritative nameservers as is. If got nothing will send own location. In most case location will be from local provider forwarder nameservers. Sometimes - from real client.Anonymoushttps://www.blogger.com/profile/08372109184656303350noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-59079198620065463092010-02-09T23:21:01.764-08:002010-02-09T23:21:01.764-08:00Why use ip-address? How will this be in IPv6? How ...Why use ip-address? How will this be in IPv6? How much should be sent then? Why not a country/state code in stead? (us/nj) (us/ca) (dk) (de) I would believe the ISP already knows where the customer is located... And it ought to be possible somehow not to send that information.Unknownhttps://www.blogger.com/profile/09397553502361906405noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-71138631437675213032010-02-05T21:20:01.675-08:002010-02-05T21:20:01.675-08:00Residential Property In Gurgaon
Website Developmen...<a href="http://www.bhumibazar.com" rel="nofollow">Residential Property In Gurgaon</a><br /><a href="http://www.gapinfotech.com" rel="nofollow">Website Development Company in Ncr</a><br /><br />nice blogGap Infotechhttps://www.blogger.com/profile/13687017917203416469noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-24524893283904940672010-02-04T18:30:36.028-08:002010-02-04T18:30:36.028-08:00Will this enhance Google Caffeine and Google Local...Will this enhance Google Caffeine and Google Local Search? Is that the real reason to want part of the user's IP address and Google wanting the ability to route users to specific servers?Chris McElroy aka NameCritichttps://www.blogger.com/profile/08496970624467214678noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-74259569066551060662010-02-01T03:10:36.903-08:002010-02-01T03:10:36.903-08:00After last post on marketing without search engine...After last post on marketing without search engines, I decided to follow up with a strategy you can use to get quality free traffic. One of the easiest ways to get visitors to your web site is to spend money. Nothing is more effortless then paying for traffic. But if you can’t afford it or don’t want to pay, there’s an equally simple but free way to get traffic: ad swaps.<br /><br />www.onlineuniversalwork.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-11300808.post-55658077425492802652010-02-01T03:09:11.918-08:002010-02-01T03:09:11.918-08:00And what about privacy? It will make it easy for t...And what about privacy? It will make it easy for the governments to control their citizens. Google first makes a lot of noise on the Human Rights Issue in China and then suggests to make the job of repressive regimes even easier! It is disgusting :(Anonymoushttps://www.blogger.com/profile/02521879454303479150noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-70330299639148582272010-01-31T11:20:02.603-08:002010-01-31T11:20:02.603-08:00This appears like a good and important improvement...This appears like a good and important improvement if you want cloud services to be faster, cheaper, greener. For those not directly affected, can perhaps expect some performance improvement from secondary effects when the backbone networks are less filled with cross-country traffic that can rather go local. Let's allow some evolution in the internet protocols. Refusing change is not the way to make the internets' tubes better.Simonhttps://www.blogger.com/profile/08999351403559982314noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-81351338168186914392010-01-31T11:17:30.624-08:002010-01-31T11:17:30.624-08:00This comment has been removed by the author.Simonhttps://www.blogger.com/profile/08999351403559982314noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-81732099557518424352010-01-29T18:44:03.503-08:002010-01-29T18:44:03.503-08:00There is no need for this DNS extension as niche n...There is no need for this DNS extension as niche networking vendors ALREADY offer appliances which globally load balance DNS requests with very low TTL's and can also act as the Authoritative Server for zones. There are already companies out there which specialize in serving key data for Geo-LBing, anyone ever heard of http://www.quova.com/ <br /><br />Can Google focus their efforts on more important DNS related items such as DNSSEC which can mitigate spoofing and man in the middle attacks by implementing chains of trust between Authoritive and downstream recursive DNS Servers?<br /><br />Hmm? Makes one wonder what settings they already have inside their Chrome browser to track one's www surfing trends?<br /><br />-thxUnknownhttps://www.blogger.com/profile/09200186770745442175noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-66230581248601240952010-01-29T11:05:51.715-08:002010-01-29T11:05:51.715-08:00@jrishaw et al: Yes, I get the feeling that people...@jrishaw et al: Yes, I get the feeling that people don't understand that their IP address is given to Google when they go to google. However, for people using things like proxies or Tor, having the IP address go up the ISP chain is an information leak. Of course, it always was. This just makes the leak a little bigger.<br /><br />For people in free countries and with a rule of law and not half-trying to hide their tracks, this proposal will help make things faster. That is 99.9% of the users in the US/Europe.<br /><br />For a very small number of people that use a proxy for http but not for dns, this will be a problem. People using script-kiddie level privacy tools are the ones for which this might make a information leak (to say, Chinese authorities -- though their servers are likely already passing IP info around). For people that really know how to hide their tracks it will make no difference.Steven Rousseyhttps://www.blogger.com/profile/14409523915277754554noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-65534197053203644922010-01-29T10:49:51.425-08:002010-01-29T10:49:51.425-08:00Ha -- I was going to say the same thing, thanks @J...Ha -- I was going to say the same thing, thanks @Julian. I'm all for privacy, but the full IP address will be visible as soon as the connection is made anyway. Seems to me this step simply makes sure the whole connection starts smoother/faster/better, right?<br /><br />Discloser comment -- I work for Neustar,and think this is pretty cool.Unknownhttps://www.blogger.com/profile/09784233559120881295noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-73244419219694517112010-01-29T08:27:57.946-08:002010-01-29T08:27:57.946-08:00Thanks all for the lively debate! We wanted to cl...Thanks all for the lively debate! We wanted to clarify a few points below.<br /><br />Regarding privacy concerns: Every time you visit a site, your browser does a DNS lookup followed by many HTTP connections to fetch the various components of the page (images, frames, or even ads or popups). With each HTTP connection, you are sharing your full IP address. What this draft proposes is giving only the top 24 bits (a partial amount) of this information earlier on in the process, so the DNS server can make better decisions.<br /><br />Regarding concerns about modifying the DNS protocol: This proposal is optional. It does not modify the DNS protocol itself but uses EDNS0, a mechanism that is already part of the DNS protocol that allows new extensions to be developed and added. It is similar to having a new header in the HTTP protocol; it can be used and implemented, but is not required.<br /><br />Regarding concerns about root or TLD servers: Root servers, ICANN, and owners of TLD servers will not see any increase in load if the specifications are implemented correctly. An improper implementation will just send a few extra bytes with client-ip information attached. There will be no increase in the number of queries or traffic generated. The root and TLD servers will ignore the EDNS0 option, returning a result that will be cached as always.<br /><br />Regarding concerns about caches and increased load on recursive resolvers: if you run a recursive resolver that is handling a few networks only, or networks that are topologically close to each other, you will have no need to enable this extension. In contrast, if you are running open resolvers or resolvers serving many different networks, chances are that to reduce the latency experienced by your users, you already invested resources to have multiple resolvers in different locations, finding ways to share the cache or duplicating the content of your caches. The proposed extension allows recursive resolvers to clearly see which results are localized, and for which networks the results can be cached. This will allow resolvers to implement smarter caching algorithms, better decide how to cache results, and to reduce latency by having more precise information about the user's location early on in the process, rather than when they have already opened an HTTP connection.Carlo Contavallihttps://www.blogger.com/profile/18197461222657224197noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-47786435367271853992010-01-29T08:16:26.118-08:002010-01-29T08:16:26.118-08:00mihai:
Most people are using a DNS server in the ...mihai:<br /><br />Most people are using a DNS server in the same country that they are in, so Google already makes a good guess about which server to point them to. None of these people will benefit.<br /><br />That drops the 70% claim to something far far below 1% even if every single person on the Internet is using Google all the time...<br /><br />It would not be feasible to make such a system opt in. They should just use one of the many other methods available to get the user connecting to a close server, rather than fudging DNS.Unknownhttps://www.blogger.com/profile/06882952372271284743noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-3546156671860994892010-01-29T06:09:50.269-08:002010-01-29T06:09:50.269-08:00@MickeyC it's not just about the percentage o...@MickeyC it's not just about the percentage of sites but also about the amount of traffic they get. <br />Also the big sites are not only distributed across countries but also across zones within the same country ( google, amazon, ebay, yahoo , etc ) <br /><br />Still I think they could it by using even 2 bytes instead of 3 so people would be less concerned about privacy. <br />Also the privacy concern here is not about the sites where the user ends up but about all the intermediary DNS servers that forward a query. Now only the destination site ( well, actually some others too like ad servers that post ads on the site and every device between you and the destination sites or ad servers ) will know who you are but after this is implemented a lot of other third parties that you can't really track will know. <br /><br />Someone mentioned this should be opt in instead of opt out and I fully agree with this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-11300808.post-3648075145883925652010-01-29T02:02:08.557-08:002010-01-29T02:02:08.557-08:00Re: jyaif
"Even if just Google uses this pro...Re: jyaif<br /><br />"Even if just Google uses this protocol, 70% (at least) of the internet users will gain time.<br />Kapow."<br /><br />You don't get it do you? What proportion of Internet users use a DNS resolver that's not in their own country? 0.01%? Less? What percentage of websites are distributed across multiple countries? 0.0001%? Less? Multiply those two figures together and what do you get? I can guarantee you it's not near "70%"<br /><br />For the tiny minority of sites that want websites to run from multiple countries, they can either deal with the issue with anycast, or deal with it at the HTTP level. There are many possibilities. It doesn't require a change to DNSUnknownhttps://www.blogger.com/profile/06882952372271284743noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-82081045266667355472010-01-28T22:08:09.705-08:002010-01-28T22:08:09.705-08:00Sound good.Sound good.Vhttps://www.blogger.com/profile/11120235590176457634noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-39153234792883447502010-01-28T21:16:54.254-08:002010-01-28T21:16:54.254-08:00Privacy, schmivacy. Wake up and embrace reality. P...Privacy, schmivacy. Wake up and embrace reality. Privacy is an illusion.<br /><br />But this concoction of an extension to the DNS protocol looks like an opportunistic move meant to reduce the pains and aches of a corporation's logistics. Doesn't feel like it's in the spirit of the internet.<br /><br />With my 50,000 foot level view of the mechanics of the internet, the benefit of the proposed change eludes me. But you and I are not a part of the internet draft review team, so why don't we wait and see what they have to say about this. I hope they judge the proposal on its merit and dismiss it promptly. Or else, we'll have created a precedent for a series of ridiculous tuning proposals for the internet in an increasingly narcissistic community.<br /><br />Like Arno and others said, keep your redirects higher up the protocol stack. And stop whining about how much better off we would all be if we didn't have to create a TCP connection to redirect until you've come up with thorough stats representative of the internet at large.<br /><br />Man, people these days.Mihai Danilahttps://www.blogger.com/profile/03412773278814713520noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-52697740099016655482010-01-28T19:34:02.462-08:002010-01-28T19:34:02.462-08:00Arno: This is not messing with the DNS Protocol, i...Arno: This is not messing with the DNS Protocol, it is simply extending it. Anycast is "messing with dns," as is DNSSEC, by your argument. Invalid.<br /><br />Jared Mauch: (Hi) That was my first thought, actually..<br /><br />All: There are very few "privacy implications" to this - if you don't want your Internet activity monitored, unplug your computer. I'm a privacy advocate, but the first three octets of my IP is nothing. <br />If I'm looking up 'www.google.com' in a DNS request, guess what. Not only is my *full* IP going to be logged once I connect to the site, browser information, hardware platform, and much other info will be sent along -- Complaining that this extension will violate privacy is kind of a silly attempt at a point.<br /><br />Allowing your ISP(if they don't already sell your data and habits already) to send this (essentially) geo-data to a nameserver so that it can direct you to a server "closer to you" is brilliant, and I'm glad Google and the guys at UltraDNS see and support this [full disclosure, I use UltraDNS].<br /><br />I'd like to see Vixie's point of view on this, but I doubt he'll be posting on blogspot anytime soon ;)jamiehttps://www.blogger.com/profile/09605904507026146561noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-67895161621046588862010-01-28T19:25:40.392-08:002010-01-28T19:25:40.392-08:00@arno I'd say doing it in DNS is the right po...@arno I'd say doing it in DNS is the right point - moving it up the protocol chain means that you wont have to make a connection and be redirected to a second server. Doing that slows down the response time to the user, resulting in more connections and increased network load.<br /><br />Google arn't saying DNS is broken, just that it can be improved with a fairly minor improvement.<br /><br />Granted that it wont be of use to 99% of websites that are hosted on a single server. But for any website that is on more than one server (and especially those in a cloud) this will make the users experience so much better.<br /><br />Ever had to wait for a website to load because its coming from the other side of the globe? This DNS change will help.Unknownhttps://www.blogger.com/profile/15952344770126097002noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-25508718191960022952010-01-28T19:03:04.853-08:002010-01-28T19:03:04.853-08:00DNS is not broken. DO NOT MESS WITH IT for a sligh...DNS is not broken. DO NOT MESS WITH IT for a slight performance gain for some (very few) users. If you really need the geographical data, get it on the actual network connection and implement a redirect in the application. Or alternatively require the people to use the Google DNS for maximum performance.<br /><br />Doing this by a DNS protocol change is entirely the wrong way and I can only attribute it to mental laziness.Unknownhttps://www.blogger.com/profile/04935336006943745911noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-64429995712316493372010-01-28T18:57:18.729-08:002010-01-28T18:57:18.729-08:00A great idea Google! As someone who operates distr...A great idea Google! As someone who operates distributed servers it would be great to point people to their closest server so they get a faster response time.<br /><br />Bit silly for people to be worried about the 3/4 of their ip address to be exposed - as soon as that dns request is completed they'll be sending the full ip address to the website provider to view the website!<br /><br />There's a lot of comments from people here who don't understand how DNS, TCP/IP, NAT or Satellite connections work - a lot of mis-information. <br /><br />Go read the protocol standards and you'll find that Satellite and private ip addresses (10.*.*.* etc that have to be NAT'd to use the internet) will work with this.<br /><br />If you think that your DNS queries should be private - you need to get off the internet. DNS requests have to passed to public servers in order to get the information you need.Unknownhttps://www.blogger.com/profile/15952344770126097002noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-37767988773677092972010-01-28T16:11:22.183-08:002010-01-28T16:11:22.183-08:00Ok, I really don't see what all the hype about...Ok, I really don't see what all the hype about privacy is with this. Sure the DNS server gets the first 3 octets of your IP. Which would not have been exposed before to it, since it would only get your revolver's IP. <br /><br />With this though it would pass on the first 3 octets of your IP, which doesn't really matter as when you actually go to lets say the website you were making the DNS request for would have your FULL IP address...Imagine that.<br /><br />My opinion: I think this is a good idea.hollow87https://www.blogger.com/profile/06892406786334556020noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-87462623874807435112010-01-28T14:09:24.748-08:002010-01-28T14:09:24.748-08:00Only capturing the first 3 octets of the ip addres...Only capturing the first 3 octets of the ip address, still narrows the request as having originated from a group of 255 possible addresses. That's pretty useful to someone wanting to track your online behavior. Add to that the recent work done by the EFF showing how you can use non-ip based information from the web request (ie. user agent, accept-encoding, etc.) to create a "fingerprint" of a visitor and you have everything you need to track user behavior pretty darn accurately. Smells fishy to me.chachahttps://www.blogger.com/profile/08049750047518924744noreply@blogger.comtag:blogger.com,1999:blog-11300808.post-55604834778181473532010-01-28T13:03:02.540-08:002010-01-28T13:03:02.540-08:00I am a DNS system administrator at a mid-size ISP....I am a DNS system administrator at a mid-size ISP. At first I was speculative about this proposal based on the comments here. Taking an end-user customer's perspective, I just read the Internet draft, and at this point, I think it sounds reasonable. The privacy fears over a network address as tight as a /24 will probably not match a production deployment, since DNS admins are going to want as few records cached as possible. I don't think there is a valid "privacy" concern here anyway, as it is not a secret to the owner of the authoritative server that a certain IP netblock is accessing their resources.<br /><br />Hopefully BIND and other DNS servers will add new configuration directives that will enable DNS admins to populate data about recursion clients' subnets and specify the netmask for each that is to be specified in this protocol. Adding that configuration isn't really more work for DNS admins because typically we already have to configure new netblocks to un-block recursive queries for those clients.Unknownhttps://www.blogger.com/profile/02557267151198910151noreply@blogger.com