Cloudflare Pledges to Fight Global DNS Blocking Orders * TorrentFreak

House > Anti-piracy >

Copyright owners are expanding their web blocking horizons by attacking DNS resolvers. Cloudflare is one of the main targeted players. While the internet infrastructure company complies with targeted blocking orders related to the websites of its CDN customers, it feels that blocking domains on its DNS resolver is going a bit too far.

Website blocking has become an increasingly common anti-hacking tool around the world.

In dozens of countries, ISPs have been ordered by the courts to block pirate sites. In some cases, these blocking efforts are part of voluntary agreements.

Cloudflare “pirate” block orders

In the United States, these types of injunctions are rare. However, since the Internet has no clear boundaries, the effects sometimes spill over. US internet infrastructure company Cloudflare, for example, has been ordered to block pirate sites in Germany and Italy.

This week, Cloudflare released its latest transparency report covering the second half of 2021. The company explains that after assessing the potential impact on free speech, it generally complies with blocking orders that target websites operated by its CDN customers.

These blocking efforts are not global. Instead, Cloudflare only blocks access to the location a command originates from. These sites include DDL-Music in Germany and nearly two dozen sites in Italy.

“If we determine that the order is valid and requires action by Cloudflare, we may limit blocking access to content to areas where it violates local law, a practice known as ‘geo-blocking,'” explains Cloudflare in its Transparency Report.

Target: DNS

The aforementioned blocking orders apply to Cloudflare customer websites. However, Cloudflare also operates a DNS revolver which is the target of a new anti-hacking campaign.

DNS resolvers are the address books of the web. They link domain names to the correct IP addresses to make them accessible through a web browser. They are a key part of a well-functioning Internet.

Interestingly, these DNS servers are often used by ISPs to comply with site blocking orders. By deleting a domain from the address book, users cannot load the site in question.

This is a relatively simple blocking method that is easy to circumvent by using an external DNS resolver, such as those provided by Google, OpenDNS, Quad9, or Cloudflare. For this reason, DNS resolvers have also become the target of blocking requests.

In Germany, Quad9 had previously been ordered to block a pirate site via its DNS resolver following a complaint from Sony. Similarly, in Italy, a court ordered Cloudflare to block several domains of hacker sites at the DNS level.

Cloudflare opposes blocking

In its Transparency Report, Cloudflare makes a clear distinction between blocking requests that target its customers’ websites and those that apply to DNS functionality. DNS blocks can target any website on the web and aren’t easy to geo-restrict, the company writes.

“Because such a block would apply globally to all users of the resolver, regardless of location, it would affect end users outside the jurisdiction of the blocking government.

“We therefore evaluate all government requests or court orders to block content via a globally available public recursive resolver as requests or orders to block content globally,” adds Cloudflare.

Cloudflare doesn’t want to meddle with its DNS resolver, which puts the company in a tight spot that requires a creative solution.

The company says that, so far, it hasn’t actually blocked content through the public DNS resolver. Instead, he is relying on an “alternative remedy” to comply with the Italian court’s order.

“Given the extended extraterritorial effect, as well as the different global approaches to DNS-based blocking, Cloudflare has taken legal action before complying with requests to block access to domains or content through the DNS resolver. public DNS or other identified mechanisms to comply with relevant court orders.

The above clearly shows that the company is determined to fight DNS blocking orders in court. And even if it loses, Cloudflare will look for alternatives. It’s unclear what these alternatives entail, but Cloudflare likely has the know-how to find a technical “workaround” mechanism.

A copy of Cloudflare’s S2 2021 Transparency Report is available here (pdf)

Previous Why do you need secondary DNS
Next How to change your DNS settings and why you should