

What is 1e100.net? - ColinWright
http://support.google.com/bin/answer.py?hl=en&answer=174717

======
Mithrandir
[https://encrypted.google.com/search?hl=en&q=site%3A1e100...](https://encrypted.google.com/search?hl=en&q=site%3A1e100.net)

I wonder how exactly this works. I'm guessing 1e100.net has various subdomain
names that can correspond to different Google servers (i.e. Youtube.)

Edit: Apparently different subdomains correspond to different IP addresses.
For example, gx-in-f191.1e100.net points to 74.125.65.191 and qw-
in-f18.1e100.net points to 74.125.93.18.

~~~
enneff
As a Google employee I can answer quite honestly (albeit uselessly): it's
complicated.

~~~
anigbrowl
why didn't you pick something like 'googleserver.com'? I have been seeing all
these obscurely named TCP connections on my machine in recent months and I
resent the time wasted to look each one up and verify that it's a trusted
provider rather than a botnet. It may seem like a cute gag, but for those of
us not in on the joke it is, literally, a waste of time. Amusements like this
are for consumer-facing stuff, not server identities.

~~~
enneff
Your complaint is ironic given that 1e100.net is the result of an effort to
standardise the naming of all Google's addresses. Once you know that 1e100.net
is Google you never have to look it up again.

Besides, even if we picked some other domain you'd still need to look it up to
determine whether it was actually us or someone pretending to be us.

~~~
qjz
Well, then why not just use 1e100.google.com for this purpose? There's a
reason it's called a _domain_ , and it seems kind of silly to create and
maintain unrelated hierarchies.

~~~
gwillen
Because being under google.com would mean the javascript security model allows
it to be the "same domain" as google.com, which has cross-site scripting
implications: there are applications for which google serves user-supplied
javascript, and if one of those was accessible under the google.com domain, it
would allow an attack.

~~~
saurik
Are you willing to describe the threat more? (I am legitimately curious, run a
bunch of websites, use CDNs, may at some point have similar constraints
involving also needing to host user content, and both respect and acknowledge
the value of getting handed down understanding and explanations from people
who have been doing things longer. ;P)

"a.google.com" and "b.google.com" are not "same origin", so cross-site
scripting should fail. You can, however, have the two domains opt in to
communicating with each other by having them both set their document.domain to
"google.com"; does Google normally set document.domain on their pages, thereby
allowing injected iframes to take advantage of this?

(I had thought the most common reason for having separate top-level domain
names were due to performance and security implications involving cookies,
which sometimes are scoped at the level of a domain name rather than at the
level of a subdomain in order to allow sharing between related properties,
such as plus.google.com and www.google.com.)

~~~
gwillen
I am not directly experienced with the threat involved. I know it is
crossdomain-related; if you tell me it's cookies rather than JS, I'll believe
you.

I have no idea whether Google normally sets document.domain, but I could
certainly imagine it doing so; I feel like the "google.com" domain is one that
any page under google.com is likely to believe it can trust, whether or not
that trust is expressed programmatically. Certainly serving untrusted js
anywhere under the google.com umbrella is likely to violate _someone_'s
assumptions somewhere. I do not actually know it to be exploitable.

~~~
Someone
Why, then, did we get plus.google.com and not google+.com? (and aside: I find
those (google.com) suffixes on HN that turn out to be links on plus.google.com
confusing. For google.com URLs, I expect either search results or pages that
represent google's position)

------
qthrul
1e100.net is chatty.

[http://www.senderbase.org/senderbase_queries/detaildomain?se...](http://www.senderbase.org/senderbase_queries/detaildomain?search_string=1e100.net)

Specifically...

[http://www.senderbase.org/senderbase_queries/detaildomain?se...](http://www.senderbase.org/senderbase_queries/detaildomain?search_string=1e100.net;amp;max_rows=50;amp;snext_set=0;amp;tdaorder=lastmonth+desc;amp;dnext_set=0;amp;tddorder=lastmonth+desc#page)

~~~
jemfinch
One of the largest webmail providers on the Internet and you're surprised it
has a page worth of email-sending computers?

~~~
qthrul
I just think it's neat to see scaled services from the point of view of
senderbase when a RHS rDNS pattern is available.

Also, I don't recall using the /surprised/ tag in my post.

------
jshb
Why do Google continue to aquire IP4 adresses other than 66.0.0.0/8 they
already own but do not appear to be using much at all. Do they even have
legitimate purpose for assignment of 66.0.0.0/8 under ARIN justfification?

