[LINK] Google Expands Control of Internet Architecture

Kim Davies kim at cynosure.com.au
Tue Dec 22 05:00:17 AEDT 2009


Quoting Roger Clarke on Sunday December 20, 2009:
| 
| Google joins at least two other companies offering free DNS
| alternatives, although Google is the first of these companies to also
| have so many other services in various layers of the internet
| architecture. By tradition, DNS is a distributed function, subject to
| an open standard-setting process and part of the generally distributed
| nature of the internet. A new authentication standard is in the works,
| called the Domain Name System Security Extensions (DNSSEC). 

| Google's DNS service does not use the new authentication standard, but 
| instead uses a proprietary security method.

I'm not really too sure what the point this article was trying to make,
but I think to say it is "expanding control" is rather over the top.
Providing an opt-in service is hardly exercising control. Further, they
appear to be doing it in a standards compliant way, which is in contrast
to some of the alternatives. Increasingly ISPs are monetising the DNS
caching resolver function by selling off DNS results - they will get
money in exchange for deliberately changing the content of DNS traffic.
Right now, usually this involves giving you ads via your web browser
(and breaking non-HTTP transactions) when you enter a non-existent
domain. Some DNS providers like OpenDNS actively rewrite the DNS results
of _existing_ domains, which is even worse.

As for Google "not using the new authentication standard", neither does
anyone else... yet. For it to be generally useful firstly requires
the DNS root zone to be signed. The completed roll-out of that is not
planned until June 2010. EPIC seems to be holding Google to one standard
and not explaining the alternatives are often worse.

| DNSSEC Official Site:
|       <http://www.dnssec.net/>http://www.dnssec.net/

As an aside, there is nothing official about that site.

kim



More information about the Link mailing list