
What is 1e100.net? - jstrieb
https://support.google.com/faqs/answer/174717?hl=en
======
degenerate
Google should run a server on 1e100.net and redirect it to this answer. Some
click tracking domains do this, and it helps non-technical people feel less
worried when they punch the domain into their web browser and it goes
somewhere with an explanation.

~~~
walrus01
For some ISPs, if you go to [https://as12345.net](https://as12345.net) (where
the 12345 is their globally unique AS number), you'll get a looking glass
tool. Or a page with a link to their looking glass, contacts for NOC and abuse
for use in NOC-to-NOC communications, etc. I don't think Google would do that,
though.

~~~
delroth
Google has [https://peering.google.com/](https://peering.google.com/) for that
purpose. My understanding is that it provides similar tooling for ASNs that
have a relationship (peering, etc.) with Google ASNs.

~~~
walrus01
Yes, Google is pretty easy to peer with. At major public IXes they will bring
up their V4 and v6 sessions on their side before yours, and leave them in an
enabled state, since they use a suite of automation tools to manage traffic
flows to regional peers. This makes it easy to bring up the session on your
side and immediately see routes and live bgp prefix exchanges going both
directions without having to interact with their noc.

Given the number of peers that they have around the world, it would be very
labor intensive to hand craft a bgp session config and leave it in a down
state until mutual noc contact was made to bring it live.

They obviously have a great interest in getting traffic like YouTube videos to
the residential/commercial downstream eyeball ISP end users as efficiently as
possible.

------
EarthIsHome
After reading their explanation, I don't understand the purpose of 1e100.net.
Maybe someone who is more technical than I am can explain how it is used to
identify Google's servers and why that's useful.

On that note, I should answer their question: Was this article helpful? with
No.

~~~
tlb
Servers need a name that's different from the product(s) they're serving.

For example, when I look up google.com and then reverse-lookup the IP address,
I get sfo07s13-in-f14.1e100.net (you'd get something different depending where
you are). The name sfo07s13-in-f14 could tell someone where to look if that
machine is misbehaving.

If they'd named it sfo07s13-in-f14.google.com, then browsing to that URL sends
google cookies. If it's some server from a recent acquisition that may not be
up to Google's level of security, that's dangerous.

Even fairly small companies are well-advised to have a domain name for their
brand and a separate domain name for their infrastructure.

~~~
EarthIsHome
So, for example, the domain google.com points to the domain
sfo07s13-in-f14.1e100.net (depending on where you're browsing) which then
points to an IP address of the server that's serving you the content.

    
    
        google.com -> subdomain.1e100.net -> server IP address 
    

Then when you run a reverse DNS on the IP address, you get
sfo07s13-in-f14.1e100.net.

    
    
        rDNS: server IP address -> subdomain.1e100.net
    

So, like you said, if something is wrong with the server, you can run a
reverse DNS on the IP address to get the subdomain sfo07s13-in-f14.1e100.net.

Is this the correct understanding?

But don't you already have the IP address of the misbehaving machine?

~~~
peterwwillis
Lots of people look at IP addresses. Most of the people who find the
"1e100.net" records in their network logs would have no easy way of knowing
that 1.2.3.4 (or whatever) was a Google IP. The reverse lookup allows you to
easily find out what domain it belongs to (1e100.net, which a Google search
shows is a Google address).

You can also embed other information in the reverse name, such as the region,
datacenter, floor, switch, rack, or unit number of the machine. It can be
incredibly easy to locate the machine by just looking at its reverse name.
"Oh, 1.2.3.4 is in us-east-1, on floor 3, in rack 27, unit 5. Let me go check
the network cable."

------
thsealienbstrds
FYI, Android phones are always sending pings to 1e100 even if Google Apps are
not installed. This is a system feature that detects 'captive portals'. If you
want to observe your phone doing this, download the app 'Net Monitor' (also on
F-droid).

More info and how to disable this:
[https://www.reddit.com/r/LineageOS/comments/7m8tsq/mysteriou...](https://www.reddit.com/r/LineageOS/comments/7m8tsq/mysterious_system_connections_to_1e100net/)

------
alpb
I also discovered while doing some whois checks that Google's domain registrar
(Google Domains) is owned by a Google subsidiary called "Charleston Road
Registry".
[http://charlestonroadregistry.com](http://charlestonroadregistry.com)

This is the street that goes through the Google campus in Mountain View, CA.

------
xg15
I remember experimenting with traceroute and reverse DNS back in school and
wondering what kind of mystery company even google was renting its servers
from...

------
emondi
Interesting that they group the machines by IATA airport codes. I guess that's
the nearest airport for that datacenter.

~~~
plttn
From my understanding it's more of a "what's the most well known airport".
Google LA is in Venice, so it's closest airport should be SMO, it's still
referred to in corp speak and machine naming as LAX.

~~~
ryanobjc
The point of naming convention isnt to be painfully pedantically correct, like
this comment. It's to provide a useful guidepost to humans, who know LAX but
don't know about SMO.

Why didn't you mention ICAO codes, they'd be more universally correct anyways,
right? KSMO, KLAX?

------
0x0
You will often see the 1e100.net in reverse domain lookups, such as those
produced by traceroute and ping.

Try a traceroute to google.com and you should see at least one if not several
1e100.net hops.

------
sannee
Heh, I never realized doubles can fit a googol. I knew they work up to
1e300-ish, but never made this explicit connection.

~~~
simonbyrne
Well, only approximately: as a double it is actually
10000000000000000159028911097599180468360808563945281389781327557747838772170381060813469985856815104

~~~
undersuit
It still 'fits'. The box is just very weird and sometimes the object that
comes out is slightly different in size, but at least it's predictable.

------
dboreham
See also : atdn.net ; tfbnw.net ; cloudfront.net

In today's world of CDNs and IP anycast, I'm not sure how accurate it is to
talk about these IPs corresponding to "a server". Obviously packets go to some
NIC somewhere, but probably not the same one for each of us and likely not the
same hour-to-hour.

Seems that Facebook, Yahoo/AOL don't seem to go along with the convention that
endpoint IPs reverse resolve to a different domain -- elsewhere in this thread
mentioned as a cookie-payload-leak countermeasure. Google and Amazon do.

~~~
ryanobjc
I don't think people appreciate how much effort Google does to minimizing
cookie leakage. It's good security and privacy hygiene, and it also speeds
requests - transmitting sizable cookies isn't free, and takes up time,
especially when you're paying by the millisecond.

This is why there are various different domains for static content, domains
for user content (googleusercontent.com), domains for certain cloud services,
etc. Protections against XSS and cookie leakage is taken very seriously.

------
skunkworker
Interesting nomenclature but with google this makes sense.

1e100 = googol, which is 1 followed by 100 zeroes. And a googlgolplex is 1
followed by a googol zeroes.

------
RyanShook
So is all Google Cloud infrastructure routed through 1e100.net as well?

~~~
deelowe
Domain names aren't routed. I assume every public ip maps to a name on this
TLD, if that's what you're asking.

------
equalunique
Be sure to hit "YES" under the "Was this article helpful?" prompt.

~~~
kfrzcode
Unless, of course, the article wasn't helpful. Then hit "NO" under the same
prompt. Because, you know, YMMV.

------
Zillion
1e100=1, not googol (which is 10e100). They should fix the name.

~~~
chrismorgan
In scientific notation, “e” means “×10^”, not “^”. “1e100” thus means
“1×10¹⁰⁰”, which is correct.

------
keajer
yes, this is the standard way to do the cookie syncing business.

~~~
syncsynchalt
Cookies will only use this domain if it's used in hostnames, but I think
google only uses 1e100.net for reverse lookups (PTR results).

------
beamatronic
A googol is a 1 with 100 zeroes after it.

1.0 x 10^100

------
gwerks
Scientific notation for the number one google. I'm sure no one else knew that
so I won't scroll down and check before answering.

------
sigjuice
Why not use a google.com subdomain? The first time I saw 1e100.net in the
output of netstat, it confused the heck out of me.

~~~
shizcakes
I recommend reading some of the other comments under this post - they dig into
concepts like cookie leakage, reverse DNS separation, etc.

------
cik
The real reason they opted to do this, is make mobile firewalling more of a
pain. If each application talked to the specific (types of) google services
they needed, firewalling would be easier.

Instead, users cannot have a global rule to block _.1e100.net across their
devices, due to this choice. In my case, this results in having literally
dozens of rules - really one per application, in order to ensure that
applications that are granted upstream internet access, are not
granted_.1e100.net access unless I explicitly feel that they need access to
Google Services.

~~~
imglorp
So, it's basically domain fronting.

It's okay for them, when they do it to shroud their individual services and
keep you from blocking one. If I want to pass Mail and block Adsense, no dice
for me.

But if I want to domain front, because I need to pass through a third party
censor, tough darts for me.

~~~
cik
Exactly this, exactly my issue.

~~~
jwandborg
Why do you even try to block using the rDNS name? It's literally backwards.

