ISP Blocking of No-IP's Dynamic DNS Enters Week 2

Reports that No-IP's dynamic DNS service had stopped functioning date back more than a week. After blocking the service, Spanish ISPs displayed 'Error 451'andat least one sent requests to 127.0.0.1. For local internet users, artificial internet disruptions like these are now part of everyday life. They arrive unannounced and disappear a few hours later, usually coinciding with football broadcasts sandwiched in the middle. Those who know who's responsible for blocking ddns.net only mention a court order. It doesn't help. In a legal dispute now at the U.S. Supreme Court, the world’s leading record labels and Cox Communications disagree on many things, including how to respond to online piracy. The labels’ preferred solution is to sever subscribers’ access to the internet. Cox believes that denying internet access is excessive. The case is much more complex than that as the venue suggests, but one aspect seems clearer when viewed in its own light. When a person gets caught pirating music online, should everyone in their household be denied access to banking, health care, education, and everything else people need to simply exist? Is collective punishment the right way to satisfy a commercial dispute, between a record company and an ISP, over alleged activity of which the family likely had zero knowledge, and were never in a position to control or prevent? Collective Punishment, Every Single Week The proposition above sounds fundamentally unfair, because punishing innocent people is always unfair. Billions of people understand and respect the principle of individual responsibility and violations are quite rightly viewed with contempt. Yet, some will argue that life is full of unfairness. Inconvenience for a few people is inevitable when solving important copyright disputes involving a lot more money than most people have ever seen. In Spain, an important copyright dispute and accompanying site-blocking order certainly don’t authorize collective punishment on an unprecedented level. Yet, for several hours, several times each week, local ISPs now block hundreds of Cloudflare IP addresses to prevent access to unidentified pirate streaming services run by unidentified people. There’s no discrimination; ISP’s deploy blocking measures that affect their own customers, denying access to websites using Cloudflare’s services and any others that also happen to be blocked. There appears to be no warning and little transparency. ISPs never inform customers of incoming blocking, and it’s not uncommon for questions about suspected blocking to be brushed aside or simply ignored. Fingers invariably point to an unspecified court order, obtained by an unspecified entity, on unspecified grounds. As a solution to their current access problems, the information is totally useless to any customer. The Blocking of NO-IP’s Dynamic DNS For well over a week, users in Spain have been reporting problems with ddns.net, a dynamic DNS service offered for free by NOIP.com. DDNS.net and similar services offer a solution to an issue affecting anyone with an IP address that periodically changes. When not at home, for example, gaining access to CCTV cameras might suddenly prove impossible when an ISP allocates a new IP address. Using a service like DDNS.net allows users to associate their IP address with a DDNS.NET subdomain ([email protected]) with future IP address updates handled automatically. A selection of DDNS services built into ASUS routers Not only are services like these useful, some routers have them built in, so people may be using and benefiting from them without even knowing. Some users recognized the problem immediately, and with records showing almost 350,000 URLs associated with the ddns.net domain, there’s plenty of scope for disruption. The above post on X is a fairly typical report with some useful additional detail. It mentions an ISP called Digi, which, instead of returning the correct IP address associated with the user’s DDNS.net subdomain, points it to the 127.0.0.1 loopback address that refers to the user’s current device. A follow-up post by the same user a day later reveals that blocking actually began on October 8, and despite requesting information from Digi, no explanation had been forthcoming. Another user affected by the issue eventually received a response earlier this week. While a court order was confirmed as the root issue, refusal to elaborate any further isn’t just common; it’s the standard across all ISPs in Spain. To our knowledge, blocking orders to date haven’t carried any non-disclosure conditions, so in most cases, there’s no legal reason underpinning the lack of transparency. DDNS.net is Definitely Subject to Blocking Confirmation that Digi continues to block at the time of writing is available via the unofficial third-party blocking transparency portal hayahora.futbol. Current information shows that Digi continues to block the service, but details reported elsewhere show that this wasn’t a lone action. Local reports state that Movistar displayed Error 451 (Unavailable for Legal Reasons), MásOrange displayed the message “Content blocked at the request of the Competent Authority, communicated to this Operator,” while Vodafone said it could do nothing about the outage: “For reasons beyond Vodafone’s control, this website is unavailable.” Alone in the Dark The lack of transparency is pervasive, and the indifference to the problems experienced by subscribers all over Spain is evident every week. People with zero connection to any of the parties involved in blocking disputes continually pay the price, wasting hours finding workarounds to bypass deliberate network blockages that, for no good reason, are shrouded in secrecy. A user who could no longer access his server using Wireguard reported the problems to his ISP, Digi, on October 13. He was informed that, having looked into it, no issues could be found. That led to an entire thread of potential solutions, including replacing the ISP’s DNS with another service and replacing DDNS.net with a similar service operated by DuckDuckGo. Consolation: Could’ve Been Significantly Worse Tests suggest that the blocking efforts target the DDNS.net domain, but how far the damage goes in respect of subdomains is difficult to determine by users of non-blocking ISPs. Digi operates at least two public DNS servers, but remote tests yielded no useful information. Fortunately, domain blocking doesn’t appear to be accompanied by IP address blocking, at least in this case. DDNS.net has thousands of subdomains, but if its IP address had been targeted too, the exponential scale of the fallout could’ve been extraordinary. The situation in Spain has no parallel in Europe. Blocking is expanding elsewhere, including in the UK, most recently to protect a company behind several well-known weight loss drugs. However, avoidable collateral damage on this scale has never happened. That it takes place in a member state of the increasingly heavily regulated European Union remains completely unfathomable.