Google Public DNS
by Volker Weber
Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider.
Weiß Zensurulla davon?
Comments
I give them less than six month before they introduce filtering, based on which Country you're from.
And I think it is extremly scary, when they suddenly get every net request reported from a user. They will know which mail services are used, which IM, IRC, etc..
Yes, it is anonymous, but this huge pile of data is so much worth, it's just unbelievable, people actually want to give it to Google on a silver tablet.
Well, my guess it goes just the opposite way. While everybody tries to fuck with DNS, they are just going to deliver.
They filter search results already, so why would they don't do so with their DNS? There must be the same rules why they obey the search filters given to them by governments.
What would you suggest? Deutsche Telekom, OpenDNS?
I don't have the expertise to fix OpenDNS's problems.
But I see a huge problem with giving Google all that information. I'd rather setup my own DNS on some server.
I have my own DNS server. What are you suggesting as forwarder?
I really know too few about the whole issue.
And I know that internet providers already use their stats for analyzing the web. So I really do not see the point of giving Google all that data. They state to be faster and more secure.
I honestly don't see a security threat to me and I also do not see DNS speed as a major problem for my web experience. It's rather amusing that Googles new Webmaster tool only complained about their own ads and Analytics itself as speed problem because of not being gzipped and causing multiple DNS requests for some of the sites I use their tools with...
Volker is right: they are just going to deliver. And they won't fuck with the DNS (i.e. do things like not return NXDOMAIN for non-existing queries) like others have done and are still doing! (Names already stated above). And that, dear Sirs, is the biggest bitch of all, when you can't rely on honest to goodness DNS answers.
And yes, they are going to get more data. So what? Google already has what they need. Who cares if they know that your IM client is connecting to whatsitserver.org? You probably used Google's search a moment ago to find whatsitserver.org anyway!
(Volker: if your DNS server is a caching recursor, you don't need a forwarder: your server is getting the data starting at the root. If you are using a forwarder, then 8.8.8.8 and 8.8.4.4 are neat-looking numbers. :-) )
Dirk, your answers sound more like "I don't know what I am talking about, but it must be bad because it is Google" by the minute. Find a better argument. I also believe that you don't even know if you have DNS speed issues.
Actually, I trust Jan-Piet a lot more. He wrote the book on DNS servers. :-)
Most things that Google does it does very well. But I understand the general concern of Dirk. I think there is a general distrust of any large organization having this much control. Google gathering medical data is a case in point. That has caused a lot of discussion.
Anytime power is centralized in one area, eventually some group or groups is disenfranchised. Worse, it is an easy takeover target for a bumbling government to use for their own (possibly abusive) purposes (I was thinking China but you may be thinking U.S. ;). Censorship comes to mind once that happens.
Point taken. But it's not like Google is going to replace DNS. They will offer one DNS forwarder. DNS root servers would be a different issue. You can think U.S. here. ;-)
I've been very happy with OpenDNS.
Volker, I don't need to know how DNS works (in fact I do, but I don't know the exact way of the probable security issues with OpenDNS) and still can say that I don't understand why people would willingly give this information to Google.
And of course I normally wouldn't care less if someone just operates another DNS out there. But Google is the only company out there being able to call off such a stunt: "We make the internet faster and better, just use this DNS."
They do know what kind of data they will be able to get and as the worlds largest advertising company, it is all about information. So, this is where I'm concerned. And of course nobody will force me to use it, I just really wonder where this will lead and if we are in a "frog sits in slowly warming pot of water" situation here.
The privacy policy is pretty straight forward.
Hier ein kleiner Versuch, deine Eingangsfrage zu beantworten:
1. Sie und ihre Mitstreiter wissen es sicher nicht;
2. Wenn sie es wüßten, würden sie es nicht verstehen;
3. Wenn sie es verstünden, würden sie ihre Sicht der Dinge doch nicht durch Fakten beinflussen lassen.
Piraten ahoi ?
Dirk, the frog is a hoax. Google provides services of tremendous value to me. So far they have not asked for any money in return. I paid thousands to Deutsche Telekom for the wires that let me access Google services. Currently I feel more obliged to Google than to Telekom.
As the page you linked to states: 'Like a fable, the "boiled frog" anecdote serves its purpose whether or not it's based upon something that is literally true.'
But I agree with you, that Google actually is very clever. And of course you pay for their services. I bet you bought products or services from companies that paid for ads on Googles network.
I know, that's far fetched, but as everything is connected, I like to keep all this things connected and thus Google's Public DNS is not a single act of charity.
Dirk, I am losing you. Google is not a charity. I also have no issues with ads as long as they don't get in my way, and lead me to interesting goods and services.
You try to make a point I should not be using Google's DNS forwarder. Since I need DNS, which other one should I be using instead?
You made it pretty clear that you have no problem with using Google's DNS forwarder, so no one is keeping you from doing it.
I just don't feel comfortable with the idea what happens when everyone would do so - all being happy with the little extra service they get.
I really don't know where this will get us. I myself use Google-Mail, Talk, Reader, Adsense, Analytics, Webmaster Tools and Code. All because it is simply more convenient than the next solution out there.
Somehow this DNS thing is different to me: when I would use it, it would affect all my internet activities, because it is so much hidden at everdays usage. Hell, even me playing on my PS3 would get recognized - assuming Sony uses DNS, which I now blindly do. And yes, this information would not be bound to me as a person, but still: why give this information so willingly to Google?
Maybe my concerns are based on how I can not (at least not with reasonable effort) choose/switch DNS that easily. I don't use Google Mail exclusively for all my mail, GTalk is only one of at least four different IM I use, I surely use Google Reader a lot, but there are still some sites out there that I visit without Google currently able to track that. Take Blogger.de for example (for the record: I own thats site). Many blogs there removed the Google ads that come with the default layout. There is no Analytics on it, so very often pages there get viewed without Google knowing about it.
Now Google would even know that. Just the numbers: x DNS requests. Nothing more. And still I feel uncomfortable with it.
And for what? More speed? I honestly doubt that, because at times where I wait for websites, it's been mostly the website so far. And overall: I don't need a perfect website load that blink faster. And large downloads would not be affected anyway. More security? I cannot argue with that, because I do not know enough of it, but I keep my eyes and ears open and so I guess it currently is no issue, either. My last provider did redirect on unresolvable hosts and it pisses me off. That was a reason to change the provider, but I have to admit that I rather would deal with that, than use Google's DNS.
Do you think that is paranoid? What exactly is your position? Would you use a free broadband connection for all your internet activities, when Google would provide it?
There are a some differences between Google and Deutsche Telekom.
I suspect Google might be evil. For Deutsche Telekom it's a proven fact.
I choose to use the services provided by Google. For Deutsche Telekom, I have no choice (based on where I live and who I work for, but even if I could change providers, DT has the last mile).
With my customer information and their proximity to the German government, Deutsche Telekom is in a position to do a lot worse things with my data than Google could.
Dirk, you seem to be unable to get out of the hole you are digging. It does not help to explain what people shouldn't do. You need to come up with something that they should. Otherwise you will just be ignored. What do you recommend?
If you don't know how to change your DNS (hint: it takes less than 10 seconds), you are probably trusting Vodafone (was Arcor). What makes you think they are more trustworthy? After all, they were the first to offer censorship. Do you have a mobile phone? Do you carry that with you? Whom do you trust with your location data? Vodafone as well?
After reading this article, I just switched my DNS first to the Google Service and then to openDNS. Both of them are much faster then the unitymedia DNS Server which come with my line. :-)
Thanks for showing up the topic.
Volker,
I think you miss the point being brought by dirk about the information Google would get. Volker .... did you ever hear of Business Intelligence. If used on this data they will gather with their DNS service they could for instance take out enemy companies (by buying them) before the world even know it would get a hit ! Now this data lays with your local provider the information load is much less and therefore not usable as a Business Intelligence model (because it would only represent the data of the users of the local provider).
And of course everybody has its own free choice but I go as far with dirk that I don't trust google with this data just for how big the company is becoming on the internet !
Even in the real world we use the phrase "Divide and Conquer" often so why not use that phrase on DNS ?
Scott has hit the nail on the head. What the Germans are doing is far worse than anything Google will do. Period. And it'll get worse.
> did you ever hear of Business Intelligence
Just assume I am a bozo who has not heard about anything and keeps on overlooking the vital information.
The thing is that Google keeps on building a better mousetrap. A better search engine, a better webmail experience, a federating calendar, a better GIS application, a faster browser, you name it, they build it.
A better mouse trap is a lot more powerful than any conspiracy theory. You don't have to use it. Build your own. But please, get out of the way while you are doing that.
Been busy for a few days and missed this. I think Volker and Jan-Piet have the tone about right and certainly see no need for further Google owns my life type paranoia.
One thing though - It is evidently said by some that OpenDNS has problems.
If by that people mean that it messes about and, for example, does not always return NXDOMAIN when it "should", then that behaviour is both completely configurable by the end user and often highly desirable. The benefit of a service like OpenDNS is that it allows users to have a degree of control over what resolves and what does not, thus eliminating a lot of Internet unpleasantness at source.
If I set my home router to use OpenDNS and then say I don't want the kids surfing RedTube (and, if you Google that, note well that it is NSFW), then OpenDNS returns a result, but it is not the one expected. Is this messing with DNS? Sure. Do I care? Yes. I prefer it that way.
The Google DNS service is also sanitised to a degree but only to deal with common attack vectors.
In my opinion both Google DNS and OpenDNS are preferable to the services offered by pretty much any ISP but I'll stick with OpenDNS for now.
Ah, you beat me to a conspiracy theory comment.
While I do agree over the past 11 years, Google has grown substantially and let's say could potentially use this data for malintent, remember that Google is a public company, and allows the public to see a great portion of what they do; there are plenty of private companies and governments that collect data as well, and people are concerned with the one willing to share?
They have offered free of charge many innovative solutions to the general public; gaining data is how Google earns its revenue to provide these solutions.
I am reading the comments coming over the day one by one. I have to say I am surprised by the reaction of Volker initially in the comments thread above. Why the emotion?
Dirk has valid points, and I trust Google as far as I can throw them. I do not see where he said everyone using it is stupid, it was more an explanation of his own reservations as far as I read them. YMMV, not a problem...
On the other hand I am sure Google will work, who really knows if the chinese government will at some day ask them to play with their DNS resolvers in China or they get banned out of the country? Time will show? Actually, thinking of changing the A record and setting the TTL before- hand in anticipation of the change, finding out DTAG DNS resolvers ignore the TTL was just outright painful when I worked at an ISP several years back. Google will work better, it is difficult to screw that up when done right.
I would advise to carefully use it though. OpenDNS is maybe fast, maybe better, maybe always reachable. However, knowing how many CDNs use Anycast BGP for their DNS servers, and in any case almost always use the resolver's IP for directing you to the right server farms, this might be quite a different result as compared to your provider's DNS resolvers. I worked for a CDN, and I know the methods used by Akamai, Limelight, Edgecast, BitGravity, Panther Express (CD Networks) etc very well. OpenDNS users usually got directed to the wrong server farms. This will be the same for Google DNS I am sure, but of course maybe in a much smaller way based on how much they use BGP Anycast for it and they have a much wider network footprint really.
Also I can assure you the CDN support staff world- wide will say 'argh no!' with this thingy from Google. It will screw up the well- established methods to finding your nearest server farm. No doubt it might be close enough network- wise to not matter maybe, but I would not be too sure about that personally.
Mind you all, I am not advising to not use it, far from it. I will test it myself even. I expect it to be a) faster, but b) resulting in less optimal routing to CDN content.
Knowledge=Power
Power corrupts, absolute power corrupts absolutely
Volker reasons from his own experience. He doesn't have any bad disease that he doesn't want his future employer or insurance company to know about.
As a German, I think you are quite naive (no insult intended).
You may not have a problem with it now, you don't know what the future will bring. In my country (the Netherlands) a politician who get's more than 10% of the votes wants people who have committed a criminal act and are muslim to be deported. Who sets the rules? Who will set the rules for my children? Which punishments will future governments invent? How will they use easy available sources of information to control your behaviour?
I am with Volker, Scott and Piet: Which of the above mentioned companies has a "safer" track record and is therefore more "trustworthy"? Conspiracy theories are often about what might have happened or that could happen. I prefer to make my decisions on what did happen and is likely to happen. And the pink one doesn't look good in that department...
@Felix:
In april, Deutsche Telekom (largest ISP) stopped returning NXDOMAIN for unresolved queries.
Instead, users see a website littered with ads. Because VPN clients need NXDOMAIN results to know when to use the tunnel, the VPNs stopped working. That's hundred thousands of users who are fucked just because the marketing department found an opportunity to rake in more dough.
This is just one example for what is going wrong with DNS lately. There is no time for ivory tower talk. We already are deep in the shit.
Of course google has it's own interests and we should definitely keep an eye open. But let us judge them by their actions.
Right now, they did something good.
