Download
1 / 66
670 likes | 844 Views
The Domain Name System and DNS Blocking. Malcolm Hutty Head of Public Affairs, LINX http://publicaffairs.linx.net. About LINX. A membership association for network operators Based in London, UK One of the largest Internet Exchanges in the world 400 member networks from over 50 countries
E N D
The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX http://publicaffairs.linx.net
About LINX • A membership association for network operators • Based in London, UK • One of the largest Internet Exchanges in the world • 400 member networks from over 50 countries • Over 1.2Tb/s peak traffic • Over 70% global Internet routes • Public policy role in EU through
The voice of Internet Services Providers in Europe • Represents over 1800 ISPs • Umbrella structure: • National associations are EuroISPA members • Governed by a Board with one member per association • Supported by an advisory forum of large multi-national network and service providers
1. User types domain name into browser www.example.eu
2. Browser asks Access Provider for IP address of www.example.eu What’s the IP address for www.example.eu? DNS Resolver Access Provider
3. DNS Resolver asks Root Name Server for IP of a DNS server for .eu Where’s the .eu registry DNS server? DNS Resolver Root Name Server Access Provider
3. DNS Resolver asks Root Name Server for IP of a DNS server for .eu It’s at IP address: 198.51.100.56 DNS Resolver Root Name Server Access Provider
4. DNS Resolver asks .eu DNS server for IP of the DNS server for example.eu Where’s the DNS server for example.eu? .eu Registry DNS server DNS Resolver Access Provider
4. DNS Resolver asks .eu DNS server for IP of the DNS server for example.eu It’s at IP address: 203.0.113.185 .eu Registry DNS server DNS Resolver Access Provider
5. DNS Resolver asks for the IP address for www.example.eu … DNS example.eu What’s the IP address for www.example.eu? DNS Resolver Access Provider
5. DNS Resolver asks for the IP address for www.example.eu … DNS example.eu It’s at IP address: 192.0.2.12 DNS Resolver Access Provider
6. … and passes the IP address back to the browser The IP address for www.example.eu is: 192.0.2.12 DNS Resolver Access Provider
7. … which contacts the website host using the IP address Contacting 192.0.2.12
8. HTTP traffic begins 192.0.2.12 www.example.eu DNS Resolver Access Provider
How DNS Blocking Works
How DNS blocking works What’s the IP address for www.example.eu? DNS Resolver Access Provider
How DNS blocking works No such domain. DNS Resolver Access Provider
How DNS blocking works What’s the IP address for www.example.eu? DNS Resolver Access Provider
How DNS blocking works It’s at (cough) IP: 203.0.113.234 (cough) DNS Resolver Access Provider
How DNS blocking works 203.0.113.234 Police controlled server DNS Resolver Access Provider
Technical flaws: multiple / changing domain names What’s the IP address for www.example.eu? www.example.eu www.ejemplo.eu DNS Resolver Access Provider
Technical flaws: multiple / changing domain names www.example.eu www.ejemplo.eu No such domain. DNS Resolver Access Provider
Technical flaws: multiple / changing domain names Ok, can I have IP address for www.ejemplo.eu? www.example.eu www.ejemplo.eu DNS Resolver Access Provider
Technical flaws: multiple / changing domain names www.example.eu www.ejemplo.eu DNS Resolver Root Name Server Access Provider
Technical flaws: multiple / changing domain names www.example.eu www.ejemplo.eu DNS Resolver .eu Registry DNS server Access Provider
Technical flaws: multiple / changing domain names www.example.eu www.ejemplo.eu DNS Resolver DNS ejemplo.eu Access Provider
Technical flaws: multiple / changing domain names The IP address for www.ejemplo.eu is: 192.0.2.12 www.example.eu www.ejemplo.eu DNS Resolver Access Provider
Technical flaws: multiple / changing domain names www.example.eu www.ejemplo.eu DNS Resolver Access Provider
Technical flaws: user can bypass DNS by typing IP address directly into browser 192.0.2.12
Technical flaws: user can bypass DNS by typing IP address directly into browser
Technical flaws: user can bypass DNS by typing IP directly into browser 192.0.2.12 www.example.eu DNS Resolver Access Provider
Technical flaws: many companies run their own DNS resolver What’s the IP address for www.example.eu? Jones & Jones Ltd DNS Resolver DNS Resolver Access Provider
Technical flaws: many companies run their own DNS resolver Jones & Jones Ltd DNS Resolver DNS Resolver Root Name Server Access Provider
Technical flaws: many companies run their own DNS resolver .eu Registry DNS server Jones & Jones Ltd DNS Resolver DNS Resolver Access Provider
Technical flaws: many companies run their own DNS resolver DNS example.eu Jones & Jones Ltd DNS Resolver DNS Resolver Access Provider
Technical flaws: many companies run their own DNS resolver The IP address for www.example.eu is: 192.0.2.12 Jones & Jones Ltd DNS Resolver DNS Resolver Access Provider
Technical flaws: many companies run their own DNS resolver 192.0.2.12 www.example.eu Jones & Jones Ltd DNS Resolver DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver DNS Resolver 3rd party DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver What’s the IP address for www.example.eu? DNS Resolver 3rd party DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver DNS Resolver 3rd party DNS Resolver Root Name Server Access Provider
Technical flaws: client can use a third-party DNS resolver .eu Registry DNS server DNS Resolver 3rd party DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver DNS example.eu DNS Resolver 3rd party DNS Resolver Access Provider
Technical flaws: client can use a third-party DNS resolver DNS Resolver 3rd party DNS Resolver Access Provider
