Two Flavors
Internet Domain Name Space servers come in two flavors.[ul]
[li]Content Servers
[li]Proxy Servers
[/li][/ul]The East Pacific forum you are on now is served from a content server. It provides your client (AKA browser) with a partial answer, which means it delivers to your computer the data from www.theeastpacific.com and, because it’s free server space, we tolerate ads from other content servers.
NationStates does this as well. On my computer, the game pops up right away but the part of the response to the client request “give me teh game” that says “game includes teh Google ads from another content server” slows down the page load. Partial answers always do that. Clients demand complete answers (all of the content) and those are delivered most quickly if the content server contains everything on the page.
Even in the world of superfast fiber optic transfers, one can notice the difference between complete answers and partial answers from content servers. If you use an adblocker plug-in popular with Firefox users (and not at all with advertisers), some partial answer content servers will try to shove the ad at you several times before giving up, taking a slice of your bandwidth and degrading the speed of your page load significantly.
Some people experience no problem, but if you do, try a configurable adblocker that allows you to exclude certain sites where you do a lot of clicking around and test it to see if allowing the annoying ads is less annoying than the lag in page load.
We All Use Proxy Servers
OMG! Say it ain’t so! Oh yeah. I’m three rooms away from one right now and writing this from behind it. But Barb, you say no to every citizen applicant who posts from behind a proxy server, we thought you hated those! No silly, they’re very useful and necessary parts of the Internet. I say no to something different.
Your client never talks to a DNS content server directly. Only proxy servers do that. All of us are using proxy servers or we wouldn’t be receiving content from the Internet.
A DNS server should be either a proxy or content server. It should not be both. Because combining the two slows performance.
Why is exactly the opposite of what Internet Service Providers will tell you: using our proxies will speed up your access to the Internet. That’s bull. It reduces the ISP’s traffic over the backbone (all them fancy routers across the planet) by giving you the impression that the version of this morning’s New York Times is from the NYT content server, when it’s from a cached version they update once every few minutes. Why? It’s cheaper because they pay once for that transfer of data every 10 minutes (think of it as a telephone call) rather than allowing 15,000 of their customers to make simultaneous calls.
The second and more insidious reason is that by routing all of your traffic through their servers, they can database your traffic. They aggregate the data (number crunch) and sell it to everyone: Apple, Microsoft, Dell, Sony, Google, other ISPs - anyone with cash. The more cash, the more data and finer grained detail. Will pay for Steam Internet games but won’t pay for porn. Will buy paperback books but not electronic books. Consistently looks up Italian restaurants and never Chinese restaurants. Loves March Madness, never accesses hockey sites. If they want to sell it to you and can afford the data = they’ll buy it.
By using your ISP’s proxy server, the ISP saves more of the money you gave them and they can sell your data. Some ISPs have even been accused of “breaking” or slowing our access to popular sites to encourage us to use their proxy as a “solution.”
Two Flavors of Proxy Servers
You can haz:[ul]
[li]Forwarding Proxy Serving
[li]Resolving Proxy Server
[/li][/ul]A resolving proxy server talks to content servers and sends you teh Interwebz goodies. Your client and a forwarding proxy server can talk to a resolving proxy server. Resolving proxy servers need to talk to all accessible content servers on the Internet.
A forwarding proxy server can’t talk to content servers. Your client can talk to it but it can only talk to you and to other proxy servers. Forwarding servers don’t need to talk to all the servers on the Internet. They simply focus incoming traffic into efficient streams.
A local proxy server should only listen to Internet Protocol (IP) addresses in a restricted range of private addresses. The range of private IP addresses at this moment looks like this:
10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0 - 192.168.255.255
You logs on to teh t00bs. A server tells your client what its address is. Your computer tells you that your address falls within one of them above ranges. But no one can see that. Because there should be a border between your local area network and the Internet. Your public address - which is typically provided by the same DNS server you got your local address from - can’t fall in that range.
Please read my Geek Speak 1.0 post for an explanation of how this happens. What a DNS server does is essentially what a router does.
Smart and paranoid Internet users - particularly businesses - install “middle boxes” that create anything from a tiny to mighty hurdle for hackers so they can’t get past your DNS server to teh good stuff.
So What’s the Proxy = No Citizen Thing?
The Intert00bs is a wild west environment. There are social expectations of privacy of personal data and public expectations of not allowing circumstances that ignore best practices for security. Then there’s reality. No one enforces expectations.
The compliant ISPs provide you a public IP different from your private IP and don’t conceal the location of the DNS server doing that. If everyone did that, we’d have about 80% more bandwidth, because spam e-mail from non-compliant servers has been estimated as exceeding that. The people who create the “why we can’t have nice things” situation allow DNS servers to return no data or resolve your address to a private, and obviously false, public IP address - because it conceals your actual public address. In Interwebz speak, that’s a blackhole server. If one looks for a public address, the IP resolves to a private address.
If your IP address resolves to a moving address - which means it keeps changing DNS servers in quirky ways - that’s easy to figure out. You’re logging in using a wide area network operated by a business and middle boxes prevent us from knowing who you are. If you log in and your IP address is private, the server you use fails to follow the rules of Internet etiquette (it resolves to a private address) which creates the same problem we have knowing one player from another.
One citizen = one vote. You won’t succeed in creating a workaround to democracy. That’s undemocratic and an insult to the citizens who didn’t intentionally conceal their IP address. Using a blackhole DNS server is a multi-step deliberate act. No one buys a computer configured to do that.
Viceroy says no to blackhole servers.