French court orders Google, Cloudflare, Cisco to poison DNS to stop piracy

snowwrestler

Over a decade ago, a ton of tech companies (including Google) coordinated a “blackout the Internet” day of protest against U.S. legislation that would have required them to alter DNS to fight piracy. Interesting that now that France actually does it, they say they will comply.

https://en.m.wikipedia.org/wiki/Protests_against_SOPA_and_PI...

JackSlateur

Technically, google did it right (using the "censored" error code: https://datatracker.ietf.org/doc/html/rfc8914#name-extended-...):

  root@jack:~# dig footybite.cc @8.8.8.8

 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> footybite.cc 
 @8.8.8.8
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 14528
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, 
 ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 512
 ; EDE: 16 (Censored): (The requested domain is on a court 
 ordered copyright piracy blocklist for FR (ISO country 
 code). To learn more about this specific removal, please 
 visit https://lumendatabase.org/notices/41606068.)
 ;; QUESTION SECTION:
 ;footybite.cc.                  IN      A

 ;; Query time: 7 msec
 ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
 ;; WHEN: Sun Jun 16 19:24:29 CEST 2024
 ;; MSG SIZE  rcvd: 243

Ayesh

Hilarious how the article mentions the domain names at the end. It's like Google showing links of DMCA-striken lists, so you can easily find out the actual places to pirate.

steelbrain

The title on the website is “Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention”.

Curious why Cloudflare has been singled out in the submission title?

tialaramex

One of the interesting technical questions is how these vendors will choose to reflect the forbidden DNS entries in protocols like DoH where they have a choice. For example a reasonable thing for a DoH server to say when asked a DNS question it has been forbidden to answer truthfully, is HTTP 451 Unavailable for Legal Reasons.

shadowfiend

The only provider here who is stated to have said they will be complying is Google, right? So not only is singling out cloudflare incorrect, the title itself is incorrect. “French court orders Cloudflare, Google, and Cisco to poison DNS to stop piracy block circumvention” is the correct title for the article contents, possibly with an addendum of Google saying it will comply.

belorn

It is times like this that I recommend technically inclined people to try setting up your own dns resolver and see how minimal impact a few/handful of milliseconds on first access has on the internet experience. Practically all popular domains also uses some form of anycast network, so the benefit of a single large shared resolver that caches the dns answers has steadily decreased each year.

Just make sure its not configured to be a public resolver, and only allow local network or whitelisted addresses.

0xcde4c3db

I personally have zero interest in streaming soccer games, but the process involved here does leave me wondering just how resilient 1.1.1.1/9.9.9.9 (which I use with https-dns-proxy because I basically don't trust the business side of my local telco/cable monopolies as far as I can throw them) really are in practice. I'm starting to feel like someone should bring back ORSN and throw some (cryptocurrency-free, old-school cypherpunk) Merkle tree or DHT magic on top of it or something.

geor9e

https://www.mic.com/articles/85987/turkish-protesters-are-sp...

Repressive governments have a history of legal orders telling Google to block protestors from accessing twitter.com but Google always refuses to comply. So their new policy of complying isn't about legality. France is a big market. Perhaps it's about money.

zzo38computer

If it is what public DNS providers do, then they should get a bad reputation and then people should not use them. People can make their own, and/or to just use IP addresses directly (or other methods) if they know what they are from other sources. You can also use the hosts file.

flawn

Total non-sense - just pushes people to use VPN or their own custom DNS which tunnels back to 1.1.1.1 or whatever.

bastien2

A great example of why you should be running your own validating recursor instead of relying on a third party

hsbauauvhabzb

I’ve always been curious why dns is a go-to for oppressing unwanted websites. Is it truly difficult to block at an IP level? There would be collateral damage in doing so, but it wouldn’t take long for most VPS providers to dump piracy sites if the alternate is their entire network block being dropped.

amarcheschi

In Italy we gave rights to a private company to tell all ISPs what sites should be blocked by ip. Eventually, other websites go down when some cloudflare ip gets blocked

gostsamo

It is funny how the article lists the blocked websites and what content could be found there. Barbara strikes again.

santiagobasulto

This is a great opportunity for a VPN provider to come up with an extra product being a paid DNS resolver.

1vuio0pswjnm7

"A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains."

Most if not all of these domains probably use Cloudflare as their authoritative DNS servers because they are using Cloudflare CDN. Why not just ask Cloudflare to "poison" those RRs. No need to issue orders to a selection of cache operators.

pabs3

Wonder why they don't just go after the DNS registrars for these domains, or the DNS root servers.

MenhirMike

So, with 1.1.1.1 and 8.8.8.8 being useless then, what DNS Server is recommended going forward?

sva_

Well that could be considered a pretty useful list

mlhpdx

I’d just add the IPs to my LMHOSTS file (Windows) if I really wanted to watch sports badly enough. I mean, I was doing that back in the day for local development anyway.

OscarTheGrinch

A new law requires plant shops to stop selling poisonous plants. If people really want to grow these plants they will find a way. Nature still exists.

collaborative

Theft is theft, don't matter if it's irl or online. As a developer who periodically witnesses users spending hours trying to circumvent 1 dollar payments I think that the time has come for the piracy culture to end. And I used to do piracy too

vinay_ys

There are many such local laws limitations that big techs have to bow to (that smaller obscure companies choose not to). For example, Google won't offer its VPN service as part of Google One in India. Whereas, proton/mullvad works just fine.

blackeyeblitzar

Is there some decentralized anti-censorship technology that can prevent this type of action, where ISPs and DNS providers and other points of centralization are forced to implement things on behalf of other parties (like Canal+ or a government)?

smsm42

So, looks like there's a market for non-censoring public DNS providers. Any recommended providers?

hgyjnbdet

So if you're using something like a pihole, and provided you're not using any of the mentioned companies, your go to go?

Jamie9912

Couldn't Cloudflare route these DNS queries outside the country, and therefore not be subject to French laws?

egberts1

That's easy to circumvent.

A VPS host running DNS resolver and point your boxes to it.

You're welcome.

mhitza

No mention in dns0.eu, which is what I use and also hosted in the EU.

mrbluecoat

I'm sure that will work.

(too bad HN can't load my sarcasm font)

wdb

If you need to poison the DNS by court order. Can you also just poison the requestees DNS entries? E.g. Canal+ own websites?

nektro

absolutely appalling on France here

m3kw9

Only in France?

throwaway290232

[dead]

zokier

[flagged]

TZubiri

Alternative title:

French courts order American DNS providers to block unlicensed sports streaming websites.

kgeist

I wonder if it's possible to just use Yandex DNS. Russia won't comply obviously.

musicale

> rightsholders can demand “all proportionate measures likely to prevent or put an end to this infringement, against any person likely to contribute to remedying it.”

Rightsholder: "Let's see, life insurance payouts are €1M and we are losing at least €50M to these sites, so..."

TZubiri

This looks like such a non issue to be honest. Government branches should have technical and legal capabilities to block domestic and foreign hosts. Legitimate foreign service providers, should either comply with local government, cease operations in that country, or be prepared for war.