Italy Demands Google Poison Its Public DNS Under Strict Piracy Shield Law

"Italy is using its Piracy Shield law to go after Google," reports Ars Technica, "with a court ordering the Internet giant to immediately begin poisoning its public DNS servers" to prevent people from reaching pirate streams of football games.

"Italy's communication regulator praises the ruling and hopes to continue sticking it to international tech firms." Spotted by TorrentFreak, AGCOM Commissioner Massimiliano Capitanio took to LinkedIn to celebrate the ruling, as well as the existence of the Italian Piracy Shield. "The Judge confirmed the value of AGCOM's investigations, once again giving legitimacy to a system for the protection of copyright that is unique in the world," said Capitanio. Capitanio went on to complain that Google has routinely ignored AGCOM's listing of pirate sites, which are supposed to be blocked in 30 minutes or less under the law. He noted the violation was so clear-cut that the order was issued without giving Google a chance to respond, known as inaudita altera parte in Italian courts.

Re:

[Brain-Fu]

Entertainment is subjective. Whatever it is you like to do, someone somewhere finds it boring and pointless.

Re:

[mapkinase]

Soccer (Football)
Global Fans: Approximately 3.5 billion as of 2025.
WorldAtlas
Major Tournaments: The FIFA World Cup is the pinnacle event, with the 2022 tournament engaging around 5 billion people globally.
Statista
American Football
Global Fans: The National Football League (NFL) boasts over 410 million fans worldwide.
geniussports.com
Major Event: The Super Bowl, the NFL's championship game, attracts significant viewership, with recent events drawing an estimated 200 million global viewers

Re:

[dbialac]

• Ireland: Say "football" and you get a completely different sport
• Canada: Say "football" and you get a completely different sport
• Australia: Say "football" and you get completely different sport
• And of course the US: Say "football" and you get a completely different sport

Now comes the explanation. In the 19th century, there were multiple games with football in their names. Rugby ("Rugby Football") is yet another example. It was previously known as "Rugby Football". In that time period, soccer was referred

Re:

[ArsenneLupin]

Ok so, you nicely explained the "foot" part of the game's name.

Any explanation now to the "ball" part? As far as I know, the US variant doesn't involve any such object...

Re:

[dbialac]

Ask the British. American Football is derived from Rugby.

Re:

[ArsenneLupin]

Which doesn't involve a ball either. But at least it doesn't have "ball" in its (current) name.

Re:

[dbialac]

If you're a guy, the things between your legs aren't spherical, but they are still known as "balls". A ball doesn't need to be round.

Re:

[ArsenneLupin]

A ok, I see it now: (American) football is not called football because you kick a ball with your foot, but rather because it is played on foot by people with balls between their legs :-)

But how do you explain this [wnfcfootball.com] then? (Those things in front of the chest are not usually called balls)

Re:

[DamnOregonian]

Any explanation now to the "ball" part? As far as I know, the US variant doesn't involve any such object...

I think there's no explanation for that particular oddity.

However, what's really curious, is that Europe almost universally have phonetic conversions of the English word, which referred to an object that's very much "not a ball" as you point out.

Re: And nothing of value was lost.

[St.Creed]

So polo is basically horseball? I think I like that name better than polo :)

Re:And nothing of value was lost.

[haruchai]

Football often has better diving than most Olympics

Re: And nothing of value was lost.

[Clausewitz4.0]

There are billions involved in those games. People kill each other for this amount.

Re: And nothing of value was lost.

[greytree]

The problem with soccerball when compared with rugby or American Football is that it is all foot tricks and tactics. Because field position is so easily taken or given, there is very little strategy.

Watching foot tricks gets boring way before the 90 minutes are up.

Re:

[thegarbz]

Team A wins, Team B wins, it's a draw, or a natural disaster strikes and the game gets called off.

Did you just describe every sport ever created, along with every competition, even non sporty? Tell us your hobby is sitting alone in a dark room and hissing at people who dare to come near the door without telling us.

Re:

[registrations_suck]

While I do agree with you, you're clearly a moron.

Re:

[Computershack]

Compared to American Football where they play for 20 seconds then spend 10 minutes walking about randomly?

And how hard do you think it's going to be

[wakeboarder]

to figure out how to switch DNS servers. There are millions of DNS servers.

Re:

[Kernel Kurtz]

to figure out how to switch DNS servers. There are millions of DNS servers.

Also nothing but speed and politeness keeps you from querying the root name servers directly.

Re:

[DamnOregonian]

The "root nameservers" don't resolve names. Authoritative DNS is hierarchical. What clients use is the result of the hierarchical lookup, given to them by recursors. Because of this, the speed of the roots do not matter, since all you ever use them for is to lookup the list of NS entries for an entire TLD, which you then use to get the authoritative NS records for a specific domain.

More appropriately, use your ISPs recursor, or run your own.

Re:

[Kernel Kurtz]

We all know how DNS works. If you run your own recursor it's going to start at the root unless/until it has a cache, so yeah. The point was you don't actually need Google or any else's nameserver. Presumably Italian ISP nameservers are already trash.

Re:

[DamnOregonian]

If you run your own recursor it's going to start at the root unless/until it has a cache, so yeah.

The root only serves gTLD records, with very very long TTLs.
The speed of it does not matter.
One could argue that the speed of the gTLD servers do matter, since you'll need to get the domain NS records from them. They, however, are not the roots.

I understand what your point was, but accuracy matters too.

Presumably Italian ISP nameservers are already trash.

Don't see why they would be.
I'm the lead engineer of an ISP, and our nameservers are anycast, and much closer connected to any particular network than Google is.
I'll never figure out how the fuck people

Re:

[Kernel Kurtz]

Presumably Italian ISP nameservers are already trash.

Don't see why they would be. I'm the lead engineer of an ISP, and our nameservers are anycast, and much closer connected to any particular network than Google is. I'll never figure out how the fuck people were convinced to start handing their DNS traffic over to Google and Cloudflare, but here we are.

I'm assuming the Italian courts are not going after Google to censor their DNS knowing that people can just use their ISP nameservers to continue along happily, but I'll admit I did not read the article. Whatever they do will certainly bother only the most clueless of pirates in any case.

Re:

[DamnOregonian]

I'm sure the courts have the power to order the ISPs to censor as well- that's just a harder target.
Lots of ISPs. Just one Google.
End of the day, running your own recursor is of course the answer.
Shame more routers don't do that. Most of them just cache requests to your selected recursor, rather than actually recursing.

Re:

[Kernel Kurtz]

Just one Google. Just one Cloudflare. Just one Cisco. I'd think going after people specifically doing business in Italy would be easier than going after multinationals. The presumption of following local laws is much greater, er, locally. Also, Italy is indeed a shithole as internet freedom goes.

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[DamnOregonian]

Just one Google. Just one Cloudflare. Just one Cisco.

One of these things isn't like the others, heh.
I have many Cisco routers forming the cores and distribution layers of my network... Isn't much you could do to order Google to make those machines do something about the DNS requests of my customers.

I'd think going after people specifically doing business in Italy would be easier than going after multinationals. The presumption of following local laws is much greater, er, locally. Also, Italy is indeed a shithole as internet freedom goes.

I think ultimately, you're right here. My perspective was too US-centric.
From the perspective of Italy, with a national ISP regulator- ya, probably no advantage going after the multinats.

However, here in the US, say you're a copyright holder-
There's no such re

Re:

[Kernel Kurtz]

I spent my career working with Cisco networking gear. I'm surprised you are not aware they own OpenDNS, which is a somewhat popular public resolver.

https://www.opendns.com/ [opendns.com]

Re:

[Bert64]

Don't see why they would be.
I'm the lead engineer of an ISP, and our nameservers are anycast, and much closer connected to any particular network than Google is.
I'll never figure out how the fuck people were convinced to start handing their DNS traffic over to Google and Cloudflare, but here we are.

There's a long history of various ISPs having lousy resolvers, which cause people to seek alternatives.

Some are unstable - i was running my own recursive resolver a few years back and one weekend i noticed everything was faster than normal, come the monday i had an email apology from the ISP for the "outage" over the weekend. Turns out their resolvers were down which knocked a majority of users offline. There are many cases of resolvers failing and users either being unable to access anything, or switching

Re:

[DamnOregonian]

There's a long history of various ISPs having lousy resolvers, which cause people to seek alternatives.

While I wouldn't begin to argue that this is an outright falsehood, I sincerely doubt that's even commonly the case.

Some are unstable - i was running my own recursive resolver a few years back and one weekend i noticed everything was faster than normal, come the monday i had an email apology from the ISP for the "outage" over the weekend. Turns out their resolvers were down which knocked a majority of users offline. There are many cases of resolvers failing and users either being unable to access anything, or switching to a third party (and never switching back).

Suppose that's possible, but that sounds pretty fly-by-night.
I've got 6 anycast servers. The folks I know in other regional ISPs our size are equivalently outfit.
My anecdote, is I have never had an upstream recursor die. I'd be pretty fucking surprised if that happened.

Advertising - some unscrupulous ISPs have been resolving unknown names to a page hosting advertisements.

I suppose that's possible. Never seen it though. Definitely don't use them, if so. Like, at all, probably. That's probably n

Re:

[AvitarX]

There's a long history of various ISPs having lousy resolvers, which cause people to seek alternatives.

While I wouldn't begin to argue that this is an outright falsehood, I sincerely doubt that's even commonly the case.

It became popular when it wasn't uncommon for ISPs to use fake responses for nxrecord (giving an ad). It was a very convenient way to avoid that situation.

Re:

[Bert64]

While I wouldn't begin to argue that this is an outright falsehood, I sincerely doubt that's even commonly the case.

The very article you're responding to. The government in italy (and many other countries) instructs ISPs to block sites by blackholing the dns. In order to circumvent this, users switched to alternative resolvers like google so now the government is ordering them to comply too.

Examples:

Singapore:
https://en.wikipedia.org/wiki/... [wikipedia.org]

UK:
https://en.wikipedia.org/wiki/... [wikipedia.org]

Thailand:
https://en.wikipedia.org/wiki/... [wikipedia.org].

There are lots of others if you care to research.

Suppose that's possible, but that sounds pretty fly-by-night.
I've got 6 anycast servers. The folks I know in other regional ISPs our size are equivalently outfit.
My anecdote, is I have never had an upstream recursor die. I'd be pretty fucking surprised if that happened.

Example from one of the largest ISPs in Singapore, who

Re:

[DamnOregonian]

There are lots of others if you care to research.

As you mention below- you're right. My viewpoint was very US-centric.

Plenty more if you care to research.

This one's a bit dubious, as some of the claims were that even Google's DNS were down.
I'm always suspect of claims like this, because my own customers have claimed my own DNS was bad.
We of course monitor uptime of our servers globally, as well as Google's. Our uptime as 4 9's past theirs, not to mention 1/8th the latency.
But people have perceptions that are based on groupthink- particularly when the discussions happen on some kind of fo

Re:

[DamnOregonian]

I also wanted to mention, that Google will absolutely recurse broken domains with broken DNSSEC if enough people complain.
And I've been forced to turn off validation for domains too, simply because Google does.
Customer's are notoriously unsympathetic to me pointing out the problem is with the domain owner, not us.
For my part, I do what I can to verify something untoward isn't going on, and I assume Google does as well, but DNSSEC causes a *lot* of single-domain DNS outages that ISPs get blamed for.

Re:

[SoonerC]

There's a long history of various ISPs having lousy resolvers, which cause people to seek alternatives.

While I wouldn't begin to argue that this is an outright falsehood, I sincerely doubt that's even commonly the case.

I have personally experienced much of what he claimed multiple times over the last 30 years. I've seen both Cox and AT&T redirecting unknown domains. But speed was the biggest issue. It shouldn't be faster to use Google than it is your own ISP.

Got any data to back that assertion up?

Here's one. Cimtel is the "phone" company, also has exclusivity for cable and Internet. For many years their servers were slower than using Google, and would sometimes fail to resolve. I documented that several times and forward it to their tech support which

Re:

[SoonerC]

It just dawned on me that you might not be able to see the post in the link I provided as that's a group I'm in due to family living in the area. Here's the quote from a user. The problem was getting to the electric company's website to pay their bills

Cimtel changed my DNS servers to the Google DNS servers (8.8.8.8 and 8.8.4.4) and it fixed the issue. They're not sure what cause the issue but using an alternate DNS has remedied the problem.

Re:

[DamnOregonian]

I was able to see it. That's an interesting one.

I have seen occasions where bad DNSSEC sigs were rejected by my recursor, and allowed by Google's. Wonder if it was one of those.
Otherwise, can't imagine what server they were using would be broken for one particular domain.

FWIW- we do exactly what Google does in this case. [google.com]
If Google Public DNS cannot validate a response (due to misconfiguration, missing or incorrect RRSIG records, etc.), it will return an error response (SERVFAIL) instead. However, if t

Re:

[DamnOregonian]

*Indian Electric. Sigh.

Re: And how hard do you think it's going to be

[Z00L00K]

ISP nameservers are already poisoned worldwide for various reasons. That's why people uses Google or other public nameservers.

Re: And how hard do you think it's going to be

[vbdasc]

Until Italy orders ICANN and IANA to poison the root zone too.

Re:

[Kernel Kurtz]

Until Italy orders ICANN and IANA to poison the root zone too.

That would suck, but for now doing your own lookup is still the most censorship-proof method.

Re:

[quenda]

to figure out how to switch DNS servers. There are millions of DNS servers.

Even my teen daughter, who has zero interest in computers, knows the IP address of the Google DNS servers.

Re:

[thegarbz]

to figure out how to switch DNS servers. There are millions of DNS servers.

You misunderstand the problem here. They aren't telling ISPs to poison their DNS servers. They are telling Google I.e. they want to poison 8.8.8.8. Do what you want at home at the ISP but leave the rest of the world out of it.

There are millions of DNS servers.

Yes but there's only 13 that matter. If you excuse someone going after a highly popular international server, what's to stop them from requesting poisoning the root servers next? Then where will your millions of others get an authoritative answer from?

Re:

[wakeboarder]

You didn't have to use Google. Google is a downstream provider from the 13.

DNSSEC?

[mattventura]

I'll admit I don't understand all the ins-and-outs of DNSSEC, but isn't it supposed to protect against exactly this sort of thing? It would completely remove the ability for a man-in-the-middle to provide bogus DNS results to a client that validates DNSSEC signatures.

Re:

[DeHackEd]

All DNSSEC provides is authenticity of the answer. Assuming the pirate DNS sites use DNSSEC, clients will know something is up. But what are said clients going to do about it? They can warn the user, but unless they can find an alternative DNS server to query they're still stuck not watching the game. Which is all the copyright holder cares about.

Re:

[arbiter1]

yea cause there isn't 1000 other DNS servers they could use besides google. Kappa

Re:

[martin-boundary]

Most people don't even know where their files are stored on their computer (or not). Why do you think that most people will figure out how to change their DNS servers away from Google's?

In the real world, actions don't have to be 100% successful to achieve their intended effect. Nontechies operate in an 80/20 world.

Re:

[taustin]

This order does not include suppressing Google search results on "how to change DNS servers."

Re:

[martin-boundary]

Agreed!

"What's DNS servers? And why do I need it?"

Re:

[ukoda]

There is also the money factor. If legal options are seen as grossly over priced then people will make the effort to learn how to change DNS settings. If the legal options are seen as being a fair price the motivation to learn about DNS setting disappears.

I don't know what it cost to watch soccer in Italy but given the effort the government is putting into protecting these businesses it is a fair guess they are make decent profits.

Re:

[TheReaperD]

I looked it up and the pay per view price of the world cup looks upwards of ~$30 for the game itself and ~$2.50 per lead up game. Note, this is in addition to your normal cable rate, which may be between ~$125-200 if you have sports packages (many cable companies won't allow you to drop sports packages, because of how much money they make off them). And, if you are a sports fan, many games aren't shown anywhere but cable, making games impossible to watch legally if you're a cord cutter. The entire indust

Re:

[ukoda]

Yes, that sounds like enough money to motive Joe Average to learn how to change DNS settings.

Re:

[Bert64]

Google is not the default, someone must have changed it to google in the first place.

Re: DNSSEC?

[vbdasc]

I'm going to be a bit cynical here, but if you're from the 80 rather than the 20, you just pay and watch what you need. Nobody ever said piracy was for everyone.

Re:

[Bert64]

DNSSEC prevents spoofing, you won't be able to serve a rogue result (ie you cant redirect the site elsewhere), but you'd get a failure which still makes the site inaccessible.

As soon as they can force Google

[rsilvergun]

To break the internet for fucking football They can do it for absolutely everything else. It's amazing how quickly fascism took over. Only this time I don't think there's going to be anyone to save us. America's rapidly falling the fascism. And all it took was a little bit of voter suppression to make it hard for casual voters and people with kids to vote.

Maybe Europe will pull back from it. There have been signs in both directions so it's hard to tell. But it's going to be rough when the United States is pushing fascism globally.

Re: As soon as they can force Google

[zawarski]

That suppression stuff is such bullshit. Northampton county in Pa went red, pretty much a bellwether for the state. You lose Pa, you lose the election. No suppression required.

Re: As soon as they can force Google

[zawarski]

And for the record, Iâ(TM)m not a silvergun hater, Im just sick of the suppression trope. Like Texas was ever going to go blue, if not for suppression. JFC. Want to never win again? Keep telling yourself it was suppression.

Re:

[DamnOregonian]

Soft voter suppression helps, but you are right- the election wasn't determine by it. The win was too large in this case.
There are likely 10s of thousands of votes in the US every year that are thrown away, because of rules specifically designed to target those people.
The courts have, bizarrely, ruled that it's OK to target groups of people for their political association, as long as it isn't racial.

So making it hard to vote for a group of people that vote strongly Democrat is ok, as long as you don't m

Re:

[haruchai]

"It's amazing how quickly fascism took over"
Well this is a story about Italy so there's that

Re:

[JBMcB]

And all it took was a little bit of voter suppression to make it hard for casual voters and people with kids to vote.

Are you still on about that. Last time you brought up voter suppression you linked to an article that referenced a US voting statistics sheet that said half a million registrations were culled between 2020 and 2022 because they hadn't voted in several years and never sent back the card mailed to them to keep them on the rolls. The article called every one of those culled registrations a suppressed vote. It's beyond stupid.

Re:

[Anonymous Coward]

Italy has been fascist for a VERY long time. It wasn't quick. There are tons of Italians that think Mussolini was the greatest leader ever. Seriously, the guy failed at everything but they think he was awesome. Sound familiar?

Re:

[techno-vampire]

Now, now, let's be fair. Benny the Moose did make the trains run on time, although there are persistent rumors that he did it by having the schedules changed to reflect reality. And, he managed to get the Pontine Marshes drained [wikipedia.org] and turned into productive farmland, although it required constant pumping out of excess water to keep them that way. Then, during the Battle of Anzio [wikipedia.org] the Germans stopped the pumps, allowing the marsh to come back as an obstacle to the Allied advance. After the war, the damage w

Re:

[thegarbz]

It's amazing how quickly fascism took over.

There was nothing "quick" about it in Italy. They've dabbled with it a lot over the years.

Re: As soon as they can force Google

[vbdasc]

Well, it was a legal decision, by the court of law. For now, it is in the name of fighting crime. If and when courts of law start peddling fascism, it's game over, Internet or no Internet.

Who uses Google's DNS anyhow?

[Valgrus Thunderaxe]

What about the billion other DNS servers on the internet?

Re:

[ArmoredDragon]

It's kind of stupid to target DNS when they could just have their domestic ISPs blackhole whatever IP the domain name points to, also ensuring that they only have to deal with local companies that are subject to their local laws, instead of foreign ones who probably aren't. Sure, it won't block VPN as a means of circumvention, but neither will DNS, and VPN has a higher barrier of entry than simply switching DNS servers. But you know these Europeans; not exactly a clever bunch.

Re:

[Bert64]

Because of the shortage of legacy IPv4 we now have "http virtual hosting" whereby a single IP can host thousands of sites... It's still commonly used with IPv6 due to inertia despite there being no shortage of IPv6.

You block one IP and you could block thousands of other unrelated sites.

This solution always makes me laugh.

[Revek]

Like you couldn't just use some other DNS. Even if you had to tunnel out to do so. These ignorant politicians will never take the the time to learn. Knowledge has always traditionally been the enemy of the politician.

Kids playing house

[AcidFnTonic]

Just reminds me of little kids playing house. Make up their own little rules, try to force everyone around to follow them because they are so special and important. But in the end everyone is going about their adult lives and laughing at the little children making their own toy government. It's rulings are *very* important after all. They even make up special kid words when the rulings get to violate international companies rights "inaudita altera parte" ie. "neener neener boo boo". They called "shotgun" an

And so it begins...

[rocket rancher]

What Italy is implementing here is government-ordered DNS filtering, not DNS poisoning as Ars' clickbait headline claims. The real issue is Italy’s aggressive "Piracy Shield" law, which forces DNS providers like Google and Cloudflare to block pirate sites within 30 minutes—without any prior judicial review. Worse still, if a site or IP is mistakenly flagged, the block remains in place for six months before it’s even eligible for review or removal. Let's be clear: Italy's Piracy Shield is i