- Internet pioneer Paul Vixie thinks the way many individuals and organizations have configured their internet connections is costing them privacy and time.
- Vixie helped develop the domain name system, or DNS, one of the foundational technologies of the internet.
- The problem Vixie is warning about has to do with the fact that many internet users today are relying on DNS servers operated by organizations such as Google that are physically located far away.
- His solution is simple: organizations and individuals can run their own DNS servers.
If you ask Paul Vixie, the way you've configured your internet connection is probably all wrong, and it's likely costing you time and privacy.
The problem, according to Vixie, revolves around the domain name system, or DNS, which he helped develop, and which underlies much of the modern internet. DNS is the service that translates the human-friendly internet addresses we use on a daily basis to access web sites and send email into the multi-digit numeric addresses that computers actually use to route data. Many of us now have that translation done by servers that are operated by large organizations that are physically far from us.
"Gradually, we have moved that name-service function further and further from the users and applications," Vixie told Business Insider in a recent interview. But, he added, "there are some perfectly good reasons why we should try to keep this function close to us."
Read this: An internet pioneer is doubtful Mark Zuckerberg can refocus Facebook on privacy. Here's why.
Namely, by handing off the DNS function, which is what turns "google.com" into 216.58.195.238, to Google or IBM or other big organizations, we are allowing those entities to get a peek at where we're going and doing online, Vixie said. And because of the time it takes for data to go up to those organizations' servers and back, relying on them makes our internet experience markedly slower, he said.
Even milliseconds can add up
The round-trip time required to send an alphabetic address up to some organization's DNS server, have it translated and get the answer can take in the neighborhood of 15 to 25 milliseconds, said Vixie, who now serves as the CEO of Farsight Security. That doesn't sound like much, but if the webpage or service you're loading requires your device to look up multiple addresses and particularly if some of those addresses result in errors that get timed out, those milliseconds can quickly add up to noticeable delays.
"The speed with which you can get those negative answers so that you can give up sooner is going dictate the amount of work you get done per unit time," Vixie said.
Those delays are particularly galling for Vixie, because that's not how he and his colleagues designed DNS to work. In the early days of the internet, nearly all the corporate and academic and other networks connected to it had their own DNS servers, he said. Because the amount of data being sent to those servers was fairly minimal and the servers were usually located nearby, the general expectation was that they'd respond to a name translation query in about a single millisecond, he said.
But as the internet expanded and grew more mature, fewer organizations knew how to maintain DNS servers and chose to hand off the responsibility to their internet service providers, Vixie said. Later, organizations such as OpenDNS came along, promising they could offer a better name translation service than the ISPs by using faster servers, more frequently updating their databases, and blocking scam sites.
You can turn a Raspberry Pi into a DNS server
Google, IBM, and other organizations followed OpenDNS's lead. More recently, Mozilla announced that it was working with CloudFlare to offer a new DNS service to users of its Firefox browser. OpenDNS itself was acquired by Cisco in 2015 for $635 million.
Operating a DNS server can give an organization both a high-level and fine-grained view of what people or companies are doing on the internet. It can see what sites or services are popular overall and also what individual users are doing online or what devices they have connected on their network.
The possibility of that kind of privacy violation is what made Vixie irate earlier this year when he discovered that his Chromecast device was redirecting DNS queries from his own private DNS server to Google's server. He was upset that Google, which makes the Chromecast, wasn't giving him a choice about what server to use, and that it would have a view into what devices and applications he was using on his network.
But the companies and individuals that rely on those outside DNS servers don't really benefit much from them, Vixie said. Many ISPs offer perfectly good DNS services, he said. And if individuals or companies don't trust their ISP, they can operate a name server themselves, he said.
A $35 Raspberry Pi device can serve as a name server, he said. While configuring it to do DNS lookups does require some technical knowledge, it's relatively easy as these things go and can be set up in 15 minutes, he said.
"With some very cheap hardware and some very free software, anybody could do this," Vixie said.
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
JNK India IPO allotment – How to check allotment, GMP, listing date and more
Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas
