If you ask Paul Vixie, the way you've configured your internet connection is probably all wrong, and it's likely costing you time and privacy.
The problem, according to Vixie, revolves around the domain name system, or DNS, which he helped develop, and which underlies much of the modern internet. DNS is the service that translates the human-friendly internet addresses we use on a daily basis to access web sites and send email into the multi-digit numeric addresses that computers actually use to route data. Many of us now have that translation done by servers that are operated by large organizations that are physically far from us.
"Gradually, we have moved that name-service function further and further from the users and applications," Vixie told Business Insider in a recent interview. But, he added, "there are some perfectly good reasons why we should try to keep this function close to us."
Namely, by handing off the DNS function, which is what turns "google.com" into 220.127.116.11, to Google or IBM or other big organizations, we are allowing those entities to get a peek at where we're going and doing online, Vixie said. And because of the time it takes for data to go up to those organizations' servers and back, relying on them makes our internet experience markedly slower, he said.
Even milliseconds can add up
The round-trip time required to send an alphabetic address up to some organization's DNS server, have it translated and get the answer can take in the neighborhood of 15 to 25 milliseconds, said Vixie, who now serves as the CEO of Farsight Security. That doesn't sound like much, but if the webpage or service you're loading requires your device to look up multiple addresses and particularly if some of those addresses result in errors that get timed out, those milliseconds can quickly add up to noticeable delays.
"The speed with which you can get those negative answers so that you can give up sooner is going dictate the amount of work you get done per unit time," Vixie said.
Those delays are particularly galling for Vixie, because that's not how he and his colleagues designed DNS to work. In the early days of the internet, nearly all the corporate and academic and other networks connected to it had their own DNS servers, he said. Because the amount of data being sent to those servers was fairly minimal and the servers were usually located nearby, the general expectation was that they'd respond to a name translation query in about a single millisecond, he said.
But as the internet expanded and grew more mature, fewer organizations knew how to maintain DNS servers and chose to hand off the responsibility to their internet service providers, Vixie said. Later, organizations such as OpenDNS came along, promising they could offer a better name translation service than the ISPs by using faster servers, more frequently updating their databases, and blocking scam sites.
You can turn a Raspberry Pi into a DNS server
Google, IBM, and other organizations followed OpenDNS's lead. More recently, Mozilla announced that it was working with CloudFlare to offer a new DNS service to users of its Firefox browser. OpenDNS itself was acquired by Cisco in 2015 for $635 million.
Operating a DNS server can give an organization both a high-level and fine-grained view of what people or companies are doing on the internet. It can see what sites or services are popular overall and also what individual users are doing online or what devices they have connected on their network.
The possibility of that kind of privacy violation is what made Vixie irate earlier this year when he discovered that his Chromecast device was redirecting DNS queries from his own private DNS server to Google's server. He was upset that Google, which makes the Chromecast, wasn't giving him a choice about what server to use, and that it would have a view into what devices and applications he was using on his network.
But the companies and individuals that rely on those outside DNS servers don't really benefit much from them, Vixie said. Many ISPs offer perfectly good DNS services, he said. And if individuals or companies don't trust their ISP, they can operate a name server themselves, he said.
A $35 Raspberry Pi device can serve as a name server, he said. While configuring it to do DNS lookups does require some technical knowledge, it's relatively easy as these things go and can be set up in 15 minutes, he said.
"With some very cheap hardware and some very free software, anybody could do this," Vixie said.