103 comments

[ 3.7 ms ] story [ 172 ms ] thread
Quite a good read but I think we killed his personal blog for now. I recommend this article on the site:

https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-...

Hi - which part of my blog was down? I am trying to find problems, but I see steady visitor numbers? Can you help?
You should use cloudflare to handle surges in traffic like this. (Sorry, couldn't resist ;) )
"lol" :-) - but I checked, it never got over 4 Mbit/s.
The most important point to share from his message in my opinion:

<<DNS and the Cloud

Later, I saw that there was a push for “the cloud” to take over yet another part of our Internet. Encrypted DNS is great, we should all do far more of that. But I was (and am) tremendously unhappy that more and more of DNS is now set to move to (among others) Google and Cloudflare control – both of whom protest that they have nothing but the best intentions. But still I see yet more of the Internet getting centralised, and I worry where that will go.

I also worry that people somehow are not worrying about this – somehow we’ve made peace with the fact that companies far away get very detailed records on everything we do online, and that we just have to live with that.>>

I don't think we have made peace. The issue is the market is being flooded with new recruits that don't care and grew up in the cloud, and these companies are actively involved in the education system to make it the new norm. We used to have actual computer science degrees and now we have IT training camps ran by the companies that have their own selfish interests.
You know that we still have actual computer science degrees though, right? I don’t even know what point you are trying to make with this misinformation.
I'm not convinced a CompSci degree actually teaches the history of the internet and why being decentralised might be something worth having. I didn't learn ideals from my university, or certainly not the ideals they want me to learn.
Well I guess it depends on where you study. My university was full of profs that never dared to even recommend proprietary software to us and always preached to us about the open web.

Though, I should disclose, that this was in Germany, and for some reason I have found Germans to be particulary strong advocates of the decentralized web and general FOSS things.

> I have found Germans to be particulary strong advocates of the decentralized web and general FOSS things.

With apologies to Mr. Godwin, I think it's simply that Germans have (in general) learned what is possible when data is centralized and administered in one place, easily accessible.

Additionally, I find an strange sense of pride (seeing as, again, I'm not German) that there are still some people who still live to fight all this data-collection and privacy invasion. I always look forward to, e.g. every year's C3 talks.

I'm German and would like to confirm this. How both fascism and communism (in East Germany) relate to (among others) data collection is in the mind of rather many people here, including young people. Sadly tho our leading politicians forgot history already.
[Disclosure: I'm president of a CCC local chapter and regularly advocate for the CCC's positions on privacy and IT security concerns in public and towards the press.]

I frequently and publicly complain about crazy surveillance policy as much as the next guy. But I find it important to understand that the politicians in the interior and justice branches are not pushing mass surveillance because they're evil. It's because of perverse incentives: They know full well that, when the next terrorist attack happens, everyone who didn't push hard enough for law and order will be portrayed as an enabler. Or at least they think that this will happen. It can be argued if it really would, but them thinking that this is how the world is is my best explanation for their behavior. I don't think they want to build the next Stasi or Gestapo.

To your last point: no, surely not. I think it's a failing of our current public view (daily news cycle perhaps?) of politics where politicians always have to be seen 'doing things' about all this evil lurking about, and if they aren't, then should anything happen, the blame lies squarely in their lap.

This, I'd argue, leads to it always being essentially career-wise risk-free to be more tough/stringent/et c. on <evil thing du jour>. And why not? There's hardly any downside. It's all unfortunately about optics.

EDIT: re-reading your comment, I realize I'm just stating in more words your salient point. It is, however, a particularly difficult hole to dig ourselves up from though.

(comment deleted)
Unscientific gut-feeling as an American who has visited Germany for ~1 year in total: Germany remembers fascism. Not necessarily in the direct sense of people who lived through it, although there is that too, but.. It is hard for me to describe.. I get this feeling that much of their government and society is structured along a guiding principle of "This must never happen again."
I'm currently studying CS in Germany at a big university. Yes, the profs seem to all run Linux and they usually recommend free software. But then COVID-19 happened and they all caved in to using Zoom/Teams. Those are now heavily recommended, even for use in smaller groups. When promted about it a few of them might say that they care about privacy, too, but that's then not reflected in their actions. Even those doing research on privacy or security related topics heavily embrace Zoom/Teams. And as if that's not enough, the administration seems to view things like the GDPR as a nuisance, especially since the privacy shield has been invalidated.

You might argue that the professors have no choice. But then there actually are non-CS professors from other universities that won't even put recorded videos of themselves online. They teach by uploading a few documents. Some stopped teaching altogether. None of that is particularly great. But it shows that professors have some power and would have even more of it as a collective. That in turn means that all those CS professors chose not to exercise it. From what I know it's the same at many other universities.

I seriously doubt anyone is taught any of the values you're talking about any more. The opposite is the case - if you held any of them before you'll have to be practical and let them go.

Isn't that more a history course and less a computer science course?

I've always thought a little history makes the lecture more interesting. Yet dry and boring lectures seem to be the norm.

Lectures should be recorded by the most charismatic person that is sufficiently knowledgable about the subject and available on demand, rather than the archaic bored professor talking to a hall of 150 students, 5 of which are massively engaged, the rest are either going too quickly, too slowly, hungover, or distracted by something else.
That CS degrees get rarer or at least lower percentage compared to people with incomplete education from big corps.
(comment deleted)
This centralization is a scary thing especially when all large democracies are looking to make best use of this to monitor their citizens activities most of it to curtail free speech. It will be easy to force two or three multinational corporations to share data or create backdoors than forcing hundreds of smaller corporations which dont do explicit business in those countries.
In addition, it creates chokeholds in our internet traffic patterns. Should Google or cloudflare decide a site isn’t worthy, they can just remove it from DNS. Google has already done this on numerous occasions.
> Google has already done this on numerous occasions.

Have you got specific examples? I can't recall this happening.

Are you serious? https://en.wikipedia.org/wiki/Censorship_by_Google

Some of it I agree with. Hate speech, disinformation, etc. but if google "owns" DNS than it's going to be the same story.

None of those has anything to do with DNS. The correct answer was "No", you don't have any examples of Google "doing this" but only you can link to some other things Google did that you didn't like that and you wouldn't like if it they did this too.
They have everything to do with Google’s track record of bending to requests of governments and entities of interest. To think they wouldn’t do it if they centralized DNS under their umbrella is a farce. No, I don’t have direct evidence of them removing sites from their DNS servers, but there’s plenty of evidence of how they operate the rest of the company.

To take a specific service and say they haven’t is just naive.

If they did do it, why would there not be at least one blog somewhere, of someone noticing that some domain doesn't resolve against 8.8.8.8, but does resolve against some other DNS provider?

Of course, this question would be silly under a dictatorship; the answer would just be "records have been suppressed." But we don't live in a dictatorship. Anyone in the US can use any DNS provider they like, even ones from outside the US. And anyone outside the US can use our DNS providers. So why would there be no evidence?

Mind you, I'm not necessarily arguing that Google wouldn't do this, if they were demanded to do so via a National Security Letter. I'm just arguing that you shouldn't conflate "no evidence that they're not willing to" with "already have in the past."

Google censoring stuff is obviously a big deal and if they'll do it in other avenues they will certainly do it with DNS. Corporations have at least 90% of their goal to maximize profit, and that is made much easier when you centralize everything to your servers, your control, and your specifications.
A bigger issue is IANA. The way that IP addresses are managed and controlled is really disadvantageous for smaller entities. The organisation itself should be moved to Switzerland as a start.
If you're thinking about IPv4 then I'm afraid that ship has long sailed. IANA exhaustion occurred in 2011, there aren't any IPv4 addresses left to be assigned by IANA. If your region did a poor job of allocating its blocks, take that up with them, it's not IANA's fault.

For IPv6 there is plenty of space and if you have a real use for more than a /48 then you can write up the paperwork for why you need so much space and get it approved, you don't need IANA, whether in Switzerland or anywhere else.

As far as crypto goes, Bernstien's DNSCurve was a better and far more distributed privacy solution that DoH (anyone can add it to their nameservers, no centralization), but lacked supporters other than OpenDNS.

http://dnscurve.org

Isn't all DNS centralized anyway? All the records are authoritative somewhere, answered by the owning nameservers.

The only distribution is in the form of multiple levels of widespread caching. As long as that caching layer exists, is there really a difference between a large company hosting many names or multiple people hosting their own nameservers? Was the web really more resilient when everyone had their own servers?

Sad to see you go, but kind of happy too since it appears you're now working in a position that gives you influence over government intelligence agencies and who they decide to prosecute.
Wow, didn't know it was this bad. Though it makes sense that Google, Cloudflare, and co would grab every DNS query they can get get, as additional sensor data for tracking. As if this wasn't crystal clear already from the push towards DNS-over-HTTP.
> "Moreover, Google does not use any personal information collected through the Public DNS service to target ads.

We do not correlate or associate personal information in Google Public DNS logs with your information from use of any other Google service except for addressing security and abuse." https://developers.google.com/speed/public-dns/privacy

Do you have proof that the opposite is true?

> Do you have proof that the opposite is true?

Why would this be necessary with the big gaping hole in the assertion?

> except for addressing security and abuse.

I expect Google and I have very different conceptions of what qualifies as "abuse" and how to "address" it.

Even if it isn’t happening now, which I find no evidence either way (privacy policies are historically less followed than laws, and companies break laws willingly- and even then? What constitutes “abuse”?)- can you make the case that this data will never be correlated or used? In perpetuity?

Seems like _not_ giving away data is the only way to be sure if that. Everything else is subject to change.

You posted it yourself. Only Google knows what "abuse" and "security" means. So you need to assume that the opposite is indeed true.
The privacy policy starts with "We take your privacy very seriously", which coming from Google, is kind of funny. A bit like sitting on the phone in a queue for 2 hours and hearing an automated voice saying "We care about customer service!" repeatedly.

The "Google does not use any personal information collected through the Public DNS service to target ads" sentence is oddly specific as well. Why is it only mentioning "targeted ads" and not "for any sort of purposed"? Why is it collected if you're not using it? What does "abuse" really mean in this context, and what does "addressing" it entail? Only the big guys at Google knows.

Finally, the holy privacy policy of Google can change at any time. "We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent." it says, which makes sense if you're a Google user. What about me, who don't have a Google account? How do I, tell this public DNS service that I don't agree to the new privacy policy? Right, I can't, you assume I'm fine with it.

I think we're long past the point of having to prove that various tech companies don't care about people's privacy. The burden of proof that you're actively taking steps to preserve it is on you, as you've already burned all the goodwill you had from the internet crowd.

> The privacy policy starts with "We take your privacy very seriously", which coming from Google, is kind of funny.

"We take your privacy, very seriously"

I just realized now in after hand that the statement "Google does not use any personal information collected through the Public DNS service to target ads" confirms that they ARE collecting personal information from the DNS service, they are just not using it for targeting ads.

Why are they collecting personal information in the first place, for a public DNS service that is supposedly built for "faster and safer DNS infrastructure"? Collecting no personal data would certainly be the fastest and safest for me as a user.

They keep peer IP addresses in their temporary debug logs, as explained in the privacy policy.
You cannot run any internet service without collecting personal information. IP addresses are personal data per GDPR, and by serving TCP connections you are collecting IP addresses of your clients. In the case of DNS, your DNS query is also likely personal data in some cases, and it definitely is personal data when linked to a timestamp and an IP address.

There is a huge distinction to be made in collecting vs. storing. The 8888 privacy policy also calls out that some personal information is stored, for how long, and for what purpose. But most people who claim that they're not collecting personal information are just not being accurate in their privacy statements.

Disclaimer: googler, opinion is my own and not my employer's.

> You cannot run any internet service without collecting personal information

What the hell are you talking about?! Of course you can, why wouldn't you be able to? You think the internet and the web started out with having everyone automatically collecting everyones personal information?

> Disclaimer: googler

Aha, yeaaaah, now it makes sense that you don't think it's possible to do anything else but to collect personal data. While the opinion is your own, it's pretty obvious what its been influenced by.

You didn't read the sentence after your first quote, apparently. They went on to mention how IP address is considered personal information under most modern data protection law. You took the opportunity to make a personal attack on the poster based on their place of employment.
Why would I have to continue reading the comment when the first and most basic argument they make is factually incorrect?

"You cannot run any internet service without collecting personal information" is not true, you can absolutely run services on the internet that collects and/or stores 0 personal data. That they don't know how to, is besides the point, but that doesn't make it impossible, it just means they don't know how to.

Default setup for apache has been to log IP addresses, useragents, and requests, in the access log for decades.

Now you can probably keep this for typical security purposes for a week or so, and even aggregated page hits, without permission so you're not entirely wrong

Running netflow probably counts as collecting PII, but the main idea is

1) Why are you collecting it. Clearly storing connection details in a firewall is acceptable.

2) Why are you keeping it. Storing IP logs for security purposes is fine for example.

3) How are you keeping it secure and ensuring you only keep it for the shortest amount of time you need.

> Default setup for apache has been to log IP addresses, useragents, and requests, in the access log for decades.

Yeah, and the defaults for mongodb is to let anyone edit the database, at least it used to be so. Doesn't mean you should run it like that.

You can, as soon as you receive a request, hash the IP address and store the hash instead of storing the cleartext IP. If there is no way of reversing the hash (which there shouldn't, wouldn't be much of a hash then), you're not storing any IP anymore, and it's not personal data.

Strikes me as very weird someone who supposed to be high-level developer or employee at one of the biggest companies in the world don't know how not build applications that stores personal information. But since that company is Google, it hardly surprises anyone.

Not much point in hashing a (v4) IP, there's 4 billion of them, trivial to undo (you won't be able to change the salt)

There's nothing wrong with storing individual IPs temporarily for security and functionality purposes, but you're still collecting them - if nothing else they'll show up in your netflow sessions and your netstat output

> Not much point in hashing a (v4) IP, there's 4 billion of them, trivial to undo (you won't be able to change the salt)

I didn't know! Here is my IP as a sha256, please reverse it and show me you actually know what you're talking about: 20adfe5288d85b6279dc65eff126828c0b20b896cb853caef9de0d6251e46169

To do that I'd have to calculate 4 billion sha256 hashes.

This quote is from 2012: "I do 622 million SHA-256's per sec on a Radeon HD5830."

You might have salted it or encoded in a 'clever' way like hex or words or whatever, but as you know the method you can do it.

Right now google is in territory of "guilty untill proven innocent" not vice versa.

What prevents you, in future when policy changes, to start using such data?

Almost nothing prevents them from retroactively applying a new policy to old data.

Even in cases where using the data would directly violate a contract, bankruptcy courts / acquisition agreements routinely sell the data off as an “asset” and nullify any restrictions from existing agreements.

A change in the law that kept the copyright of personal data with the individual the data was about would improve the situation somewhat, but it’s probably safer to just ban the collection of this sort of data set (unless there’s explicit opt-in, and people derive no benefit from opting in).

It's simply implausible Google is not looking at DNS as source of web visit stats. If they're not using it for tracking on their own, they close this loophole (from their PoV) of visitor data leaking to competitors, to perpetuate their monopoly.

Google has simply shut down too many information channels (MMS, RSS, Usenet, forcing https, to name a few) in the name of "security", when they are the ones to gain from this deprivation and monopolization into the "open web".

Nobody can convince me Google has oppressed political minorities in mind with DNS-over-HTTP.

My suspicion is that Google employee's were seeing their dns fucked with at public wifi hotspots (something that was happening at the time) and decided to build their own dns for their own security. Being Google and having boat loads of server resources I imagine they decided they may as well make it public.

All those products that got killed mostly started that way, employee's wanted them and google had the money to make them happen. Eventually though if they're not growing, then who in google wants to work on them?

Did google also see it as a strategic way to make sure dns providers couldn't force search results elsewhere? Probably, but then as users WE certainly don't want dns providers fucking with dns in that manner either.

Close. AIUI, Google was annoyed at people meddling with DNS results, and with ISPs providing terrible DNS performance for their customers.

Google wins when the Internet is fast. Google's goals here are that you can use Websearch quickly and without hotspots etc meddling with traffic. The story is simple: If companies meddle with DNS results, or provide poor performance, then users don't use the Internet as much, and Google doesn't get to sell ads. Google wants you to have the fastest, most reliable Internet it can, because that means you don't get frustrated and go do something else. Google doesn't need to scrape the logs for whatever people think google might be scraping the logs for.

Google _does_ log some data for dealing with abuse (as you can probably imagine 8.8.8.8 gets a _lot_ of intentional and unintentional abuse), but tries to be as clear as it can be about what gets logged, what it's used for, and how long it's kept. Google treats these logs very very carefully, carefully limiting who has access, and when you need to use the logs to debug something, it's very carefully audited.

Disclaimer: I used to be one of the SREs oncall for Google Public DNS (but not any more – I now work for a different SRE team at Google).

You don't know if they use your queries to further track/predict your online behavior. It's impossible for you to know this. You certainly do know that you are giving the DNS queries to them (that's a fact).

IMO, it is reasonable to assume that an advertising company would use data (that consumers give them) to further enhance and target ads to those consumers.

> > "Moreover, Google does not use any personal information collected through the Public DNS service to target ads.

yet.

Google is not saying they are not recording queries. My guess is google saves up everything. And even if they are not doing anything with that data today (I don't buy that), that can change tomorrow.

And Goolge is way past where I assume they have good intentions. Do you have any proof Google isn't doing something creepy with that data it collects from DNS logs ?

I have a suspicion that they might not be able to store everything, but do make aggregated reports.
There are currently about 5 billion internet users.

For each 12 TB they purchase for logging DNS queries per day, they could store a bit over 2KB per user. Assuming reasonable compression, they shouldn’t be spending more than 2-4B to log each request, so they can store 500-1000 queries per user.

My guess is they could store everything, but choose to apply some aggregation.

That's pretty much what Eric Schmidt talks about in The New Digital Age. He says that the technical requirements for building reliable systems at scale makes information tricky to impossible to delete. He also says the same thing you said, which is that the implication of data being permanent is that, even if privacy is respected by these companies today, future generations might hold the complete opposite values and could change the laws. What's to stop the cloud natives from making all your emails and search history public after you die? Is it really so difficult to believe, if we consider how common it is for the private letters of important historical figures to be published?
The text you quoted is enough proof. Removing double negatives, sentence one reads:

“We collect personal information through the public DNS service, but do not use it to target ads.”

Sentence 2: We log dns queries and correlate and associate personal information in these logs with other google and third party (and presumably Alphabet, YouTube, etc) services.

Datasets that were correlated from Google services is only used to address security and abuse.

> Removing double negatives, sentence one reads:

No, you changed the meaning when editing. The original sentence does not confirm the personal data is collected, but if it is it's not used to target ads. This is pedantic, but if you're trying to explain someone's written policy it's important not to put words in their mouth.

The text is part of a EULA, so it is setting contractual boundaries on their behavior.

Would you sign a lease that said the landlord wouldn’t use any video surveillance from hidden cameras inside the home to bring legal charges against the tenants?

You can be sure every word of this part of the privacy policy was crafted to sound as reasonable as possible without limiting any of their existing behavior.

I'm not discussing the implication of what's written there. Just that if you transform the text for the purpose of that discussion, you can't change the meaning and present it as equivalent to the original. Especially when talking about contractual boundaries.
The way I see it, he's rephrasing the sentence to describe the "set" of things the Eula doesn't explicitly preclude the possibility of.
Bert is a common guest at my favourite Dutch podcast, the terribly named "BNR Digitaal". I hope he doesn't stop doing that! All the best to you, Bert!
Don't worry, I was on BNR last week and will be again :-)
I experienced how many good tech people don’t understand DNS and how this just solidifies control over DNS by the big players.

What a ton of people don’t understand is that you don’t need a DNS forwarder (google/cloud flare/ISP).

If you setup your DNS right it just goes to the ROOT servers and you cut out those parties spying on DNS traffic.

Initial requests are a bit slower because you don’t benefit from the forwarder’s cache, but after a while, most stuff is coached and it’s not a big deal.

Maybe I’m totally wrong here, but this is how I understand it.

Would you care to elaborate how one would start implementing a DNS that goes directly to the ROOT?

Honestly interested here.

If you don't specify a forwarder in the bind9 configuration it should query the root DNS servers directly, iirc.
I think the post is suggesting running your own local resolver instead of using a public resolver or an ISP resolver.
For example you may use the open-source program "dnscache" from Daniel Bernstein.

I have been using this program on all my computers, during the last almost twenty years, without problems.

I think just running bind without a resolver is enough. Make sure you keep bind and thus the roots.hints file up-to-date.
To amplify other replies:

DNS is very easy to run yourself. I use, and highly recommend, Unbound[1] as a caching resolver, and NSD[2] as an authoritative nameserver.

A caching resolver is used for ordinary lookups. If the address for "ycombinator.com" isn't in the cache, the resolver starts at the root and recursively finds the authority for the domain, gets the answer, caches it, and returns it to you. You run this for general usage, and you point your desktop/laptop computers to this address. Google runs their public resolver at "8.8.8.8", etc.

An authoritative nameserver is the ultimate authority on the lookup results for a specific domain. All lookups by other people eventually reach the authoritative nameserver for an answer. You run this for domains that you own, and configure it in your domain record.

(Both can be a bit more complicated than that, but they don't need to be)

These two services need almost zero care and feeding. Set them up once, and you can basically forget about them for years. This article only discusses resolvers, which are literally set-and-forget. Authoritative nameservers only need maintenance if you make changes to your domain. (And if you don't have your own domains, you don't need an authoritative nameserver at all).

[1] Unbound: https://www.nlnetlabs.nl/projects/unbound/about/

[2] NSD: https://www.nlnetlabs.nl/projects/nsd/about/

simply not using your ISP's DNS servers doesn't make your DNS traffic invisible to them. unless your ISP actively messes with the DNS responses, I'm not sure if you're gaining any privacy by going to the root directly
> I experienced how many good tech people don’t understand DNS...

Totally agree there.

Root DNS servers would not answer your computer's (stub resolver's) _recursive_ query. You do need a recursive resolver to do that - whether ran by an ISP or by yourself.

One of the problems mentioned in the article is that all major browsers are starting to automatically set your browser to ignore system settings and just go to Cloudflare or Google DoH servers.

No matter what you do locally (unless you locally serve the do-not-auto-doh flag), you'll have to touch each of your browsers on each system to not have this behavior.

I met Bert a couple of times 10 years ago at meetups in the Netherlands, he is a wonderful person and a great mind.

I think it is great that he walks away when his hart is not in it anymore. I think a lot of big open source projects can become a big burden on its creators and some of them not daring to move on because of the feeling of responsibility. Same with the move of Redis’ founder it think these are great examples for the community.

Looks like he got the idea for PowerDNS from a URL shortening service [1]. They wanted better performance for visitors from the US, and Bert just went ahead and founded a company that made DNS load balancing software. Sounds like 1999 indeed.

I got to work a lot with PowerDNS during my internship, which was at a web hosting company that wanted to implement DNSSEC. What a fantastic piece of software it has become. Thanks for your involvement Bert, and best of luck at the TIB!

[1] https://berthub.eu/articles/posts/history-of-powerdns-1999-2...

I've used powerdns for years to run our company DNS and it has been fantastic. We have now, unfortunately, moved to the cloud.
Bye Bert, I'll miss your informative and entertaining presentations at OXmas :(
Cheers, and thank you!

I have a vanity domain which I use to exercise my internet independence :) I've been using PowerDNS with a hidden master, public secondaries, dns updates with lua authorization for dynamic ips and let's encrypt for years. Also the recursor for local systems.

I received great help and had some fun chats on IRC in the beginning. PowerDNS has been a great part of my "infrastructure". My only complaint is that packagers and other naming can't choose between 'powerdns' and 'pdns' :)

Thank you Bert for PowerDNS, it's a great tool.

While not exciting for you anymore, I am happy that it continues to run without much excitement.

Thanks also for making sure it is in good hands after you step down, much appreciated.

Wishing you the best on your new endeavors. Keep life exciting and live it to the max :)

What an interesting story. Guy who writes dns server fights tirelessly to keep the internet under democratic control, gets bullied by google and cloudflare usurping control of the domain name system, declares defeat and decides to take an easy job being an overseer of intelligence agencies. Well maybe not exactly, but thank you for everything you did to support the community with PowerDNS. It's always a loss when founders of important projects like this need to step back because certain kinds of passion just can't be replaced, but I'm sure you left it in good hands.
Nice description :-) And yes, I am convinced PowerDNS is in good hands.
Also, Google has been very civil.
well now you've got me curious about cloudflare...
Maybe we don't need encrypted DNS for each request... instead we should all have a securely downloaded mirror of all DNS records so that individual requests don't go to third parties...
There was a time when we all passed the hosts file around.

That became unworkable about three and a half decades or so ago, however, and the DNS was created to solve that problem.

It can't be more then a gigabyte... I guess DNS was ahead of its time when it comes to clouds... but clouds are killing the internet as we used to know it
I found this blog really hard to read. It has a static font of "15px" which is an odd decision since browsers default to a 16px.

I would love to see it updated to us em instead. Since I actually have tweaked my browser settings to by default use a larger font that statically defined pixels don't listen to.

Once I zoomed the blog to 125% I was able to read it just fine but read it at 133% since it was more comfortable for me.