March 17th, 2010 at 17:46 UTC by Richard Clayton
It used to be simple to explain how browsing works. You type a link into the browser, the browser asks a DNS server at your ISP to translate the human-friendly hostname into the IP address of the web server, and then the browser contacts the server with an HTTP request requesting the page that you want to view.
It’s not quite that simple any more — which is rather bad news for the National Enquirer, the US tabloid which decided, three years or so ago, following a brush with the UK libel laws, that it would not publish a UK edition, or allow visits to its website from the UK. Unfortunately, the Enquirer’s blocking is no longer working as effectively as it used to.
In the US, a public figure cannot be libelled unless there is “actual malice” whereas in the UK, publishing defamatory untruths can lead to substantial damages being awarded. This has led to “libel tourism“, with foreigners with tenuous links to the UK taking action in the UK courts.
In 2005 the National Enquirer, published a defamatory (and untrue) story about Cameron Diaz — and a writ was issued in the UK because the story had been viewed 279 times from UK Internet addresses. As a result, in March 2007, shortly after apologising to Ms Diaz (and paying damages) the Enquirer blocked access to their website from the UK.
This has all come to notice again because of the present campaign to reform the UK libel laws and the National Enquirer’s decision has come back into the popular consciousness. More significantly, several other (perhaps more likely to be missed) newsites such as the New York Times, Boston Globe, and Los Angeles Times are considering following suit.
However, some UK-based people claim to be able to see the National Enquirer’s website just fine. The reason is that the blocking mechanism that is being used is not as effective in 2010 as it probably was in 2007.
Remembering how browsing works (see above); we can see that at the point at which www.nationalenquirer.com is resolved by the DNS server, a UK specific answer is given:
www.nationalenquirer.com. 3600 IN CNAME ne.ami.nsatc.net.
ne.ami.nsatc.net. 1800 IN A 22.214.171.124
the “126.96.36.199″ machine is the one giving the unavailable page, whereas in the US, the answer would be
www.nationalenquirer.com. 311 IN CNAME ne.ami.nsatc.net.
ne.ami.nsatc.net. 1771 IN CNAME www.nationalenquirer.com.c.footprint.net.
www.nationalenquirer.com.c.footprint.net. 201 IN A 188.8.131.52
www.nationalenquirer.com.c.footprint.net. 201 IN A 184.108.40.206
www.nationalenquirer.com.c.footprint.net. 201 IN A 220.127.116.11
which, as you can see, will lead you to the National Enquirer site on the footprint.net (Level Three) content distribution network (CDN).
So it’s the National Enquirer’s DNS server that knows about UK Internet addresses. This makes some engineering sense, since doing the address lookup at the web server, on the CDN, would be rather more expensive and inconvenient.
However, the National Enquirer has a serious problem in that a great many UK Internet users will not be making DNS queries from UK address space, and that number is almost certainly substantially increasing.
Two common choices of DNS server that people make are OpenDNS (who claim to offer security, by suppressing lookups to “bad” places), or the “18.104.22.168″ (feeling lucky?) service offered by Google (who are trying to improve web response times). If you change to one of these services then the DNS request to the National Enquirer will no longer be done from a UK IP address, and the site will be visible — in all its (sometimes defamatory) glory!
So it looks like more work for Eady J and colleagues, more damages for aggrieved Hollywood starlets (will I get a cut for expert assistance?), and a system redesign for the National Enquirer when they get around to reading this little corner of the web.