Usage of ISP Proxys and DNS resolvers

I like to get an estimate if the percentage of users

1. Using their Providers HTTP-Proxy to surf the web
2. Using their Providers DNS-Servers/recursive resolvers to resolve DNS queries

Background:

I'm writing a research paper on government mandated web filtering in germany (see http://www.politechbot.com/p-03983.html for an overview on the matter). Basically the government want's censorship done by blocking IP-Addresses, faking DNS entries or doing filtering at http-proxy level.

Trying to determine the effect of this approaches on the average user it is important to know how many users would be affected by this measures. I guess:

* Users with leased lines usually do not use the providers proxy
* Dial-in/DSL users with use a provider supplied setup-tool usually don't change the preset staying with using the Proxy.
* Big Customers with many users might run their own DNS resolver
* Most other users use their ISPs DNS resolver

I would be most grateful if someone could provide me with actual numbers on this or at least an educated guess. If you think there is a better place to look for this numbers I would be most grateful if you point me there.

If you wish reply directly to me - I will post a summary.

Best Regards

Max Dornseif

I like to get an estimate if the percentage of users

1. Using their Providers HTTP-Proxy to surf the web

Well if its forced, a transparent proxy.. you could do what you suggest below.
It appears to be common place, seemingly more so amongst the larger access
providers (residential?) to do this..

2. Using their Providers DNS-Servers/recursive resolvers to resolve DNS
queries

Again, if you want to enforce the idea you can force DNS also..

Of course if you want to filter certain IPs, why not do it in routing rather
than messing with these applications?

Bit of a can of worms if you ask me tho.. censorship, freedom of speech, and
once you start actively policing you need to keep it up else surely your liable
if you allow a bit of the type of content through that your aiming to stop? (eg
if you claim your dialup is children safe then allow porn thro that makes you at
fault, at least being a pure "network operator" keeps you out of this legal
mess)

Steve

* steve@telecomplete.co.uk (Stephen J. Wilcox) [Tue 22 Apr 2003, 18:24 CEST]:
[..]

Of course if you want to filter certain IPs, why not do it in routing rather
than messing with these applications?

The objective probably is content filtering. Name-based virtual hosting
breaks filtering certain IP addresses.

Bit of a can of worms if you ask me tho.. censorship, freedom of
speech, and once you start actively policing you need to keep it up
else surely your liable if you allow a bit of the type of content
through that your aiming to stop? (eg if you claim your dialup is
children safe then allow porn thro that makes you at fault, at least
being a pure "network operator" keeps you out of this legal mess)

Given:

Background:

I'm writing a research paper on government mandated web filtering in
germany (see http://www.politechbot.com/p-03983.html for an overview

I daresay there'll unfortunately be little harm in the government
claiming to operate a Nazi relic-free network but failing at it.

Sane network operators do not wish to filter content.

Back to the subject: In my experience most leased-line customers use the
provider's caching nameservers, virtually all the dialup customers do
(you can't change it in Win9x anyway), and almost nobody uses a web
proxy out of their own will - or if they do, they stop doing it the
minute it has a small outage or they find another excuse to blame it for
a web page not loading correctly (users like to play with their settings).

  -- Niels.

Last month I asked:

I like to get an estimate if the percentage of users
1. Using their Providers HTTP-Proxy to surf the web
2. Using their Providers DNS-Servers/recursive resolvers to resolve DNS
queries

While I got no answers to these questions I received some helpful pointers from the nanog community. Probably the most helpful one was the powerpoint presentation at http://darkwing.uoregon.edu/~joe/proxies/ which gave a great overview about HTTP-proxies.
Seems NOBODY is actually controlling the ROI of their HTTP-Cache-Proxies ... at least nobody seems to do proxy stats in relation to their total user base.

Also Ben Edelman's paper: "Web Sites Sharing IP Addresses: Prevalence and Significance" at http://cyber.law.harvard.edu/people/edelman/ip-sharing/ was a great hint. While not about proxies it helps estimate the number of sides hit 'accidently' by using IP-filtering to block Web content.

I'm just finishing a paper on the subject of censoring web content via IP-filterning, HTTP-proxies and DNS-tampering. I would be glad to send a draft of it to people interested in this matters. I would be even more glad to find somebody willing and able to review my papers coverage on the performance impact of IP-Filtering and the real-world configuration problems of BIND (only as related to blocking domains/censorship =:-). The final paper will be available on the web.

Regards

Max