<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div class="moz-cite-prefix">On 17/04/2023 12:27 pm, David P. Reed
via Starlink wrote:<br>
</div>
<blockquote type="cite" cite="mid:1681691279.13362849@apps.rackspace.com"><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">#2: DNS service doesn't
specify that "geolocation" is a function of the DNS service.
It is the job of the endpoint *after resolving the DNS name to
one of many IP addresses* to decide which IP address to use
for the DNS name. That is, "geolocation" is an endpoint
function, not something that the network does by spying on
packet contents and faking a response from real DNS servers.</p>
</font></blockquote>
<p><font size="2"><font face="arial">Oh dear. I think I didn't
express myself well here - I didn't mean "geolocation" in the
"Internet" sense of "Where is that IP address?" but in the
sense of having a DNS server on a satellite that "knows" that
querying clients are in its topological proximity, and is able
to do a recursive DNS lookup for them from its own gateway DNS
server (assuming that gateways will function as such) -
yielding the topologically closest CDN server where
applicable. Or - looking at it from the gateway DNS
perspective - knowing that any DNS queries it gets are
"topologically close". I shouldn't have used the term
"geolocation" there.<br>
</font></font></p>
<blockquote type="cite" cite="mid:1681691279.13362849@apps.rackspace.com"><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">#4: In general, IP as a
protocol underlying ALL of the Internet protocols is required
to deliver the content to the address specified by the sender,
*without either reading or modifying the content*. There are
certain cases where "masquerading" as the destination is
sometimes OK, but ONLY when the sender and receiver are
specifically AWARE of this interception. This is called a Man
In The Middle *attack* otherwise.</p>
</font></blockquote>
<font size="2"><font face="arial">Never mind connection-breaking
performance-enhancing proxies ;-)</font></font><br>
<blockquote type="cite" cite="mid:1681691279.13362849@apps.rackspace.com"><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"><br>
</p>
</font><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
</font><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">#6: The idea that one can
"identify" DNS requests by snooping on layer 2 packets is so
crazy it is not even wrong. Layer 2 packets have layer 2
addresses (like Ethernet addresses, e.g.). Their contents
above Layer 2 cannot be decoded. My DNS requests are
DNS-over-HTTPS, except within my home I cache the answers on a
local server that uses DNS/UDP/IP. I certainly don't trust any
Elon Musk corporation not to spy on my traffic. <br>
</p>
</font></blockquote>
<p><font size="2"><font face="arial">Um, yes, indeed. Except that
there is no reason that a satellite couldn't function as a
fully fledged upstream DNS server (so you don't need all that
layer 2 snooping stuff, which seems strange indeed). Every
home DSL router has for years, and there's no reason you
couldn't cache a bit more stuff either. Even on your home
router, there's nothing that stops you from using a DNS server
elsewhere. </font></font><font size="2"><font face="arial">The
question is whether it makes sense and is worth the effort,
and my point is that it's very little gain </font></font><font size="2"><font face="arial">for a lot of effort. E.g., you'd
have to ensure dynamic (CDN) entries age off whenever the
satellite changes gateway, because at that point, any clients
that use the sat will be in a different topological location.
</font></font></p>
<blockquote type="cite" cite="mid:1681691279.13362849@apps.rackspace.com"><font size="2" face="arial">
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">#7: The general idea that
one should put more function into Starlink Satellites
basically will start to "fork" Starlink Enterprises (the Musk
companies) as an "alternate Internet" where applications must
use only the functions that Starlink supports (where other
Internet providers may support broader standards or not
support the special "Starlink-only" functions). This is a way
to balkanize the Internet, and maybe Musk who loves Monopoly
Power after all because it makes him more Powerful, sees that
as a great thing. Certainly the Chinese Communist Party is
trying hard to balkanize a Chinese-only Internet, spending a
lot of money to block interoperability. Musk may envy China, I
don't know.</p>
<p style="margin:0;padding:0;font-family: arial; font-size:
10pt; overflow-wrap: break-word;">If you want a Balkanized,
non-interoperable Internet, where the carriers feel free to
examine all the traffic and create their own,
non-interoperable protocol set, I'd suggest China might be a
good place to move. Or maybe Mars?</p>
</font></blockquote>
<p><font size="2"><font face="arial">Taken as read.</font></font></p>
<pre class="moz-signature" cols="72">--
****************************************************************
Dr. Ulrich Speidel
School of Computer Science
Room 303S.594 (City Campus)
The University of Auckland
<a class="moz-txt-link-abbreviated" href="mailto:u.speidel@auckland.ac.nz">u.speidel@auckland.ac.nz</a>
<a class="moz-txt-link-freetext" href="http://www.cs.auckland.ac.nz/~ulrich/">http://www.cs.auckland.ac.nz/~ulrich/</a>
****************************************************************
</pre>
</body>
</html>