Google Public DNS
The majority of Internet users has not probably come into contact with DNS, the Domain Name System, although it is one of the cornerstone technologies of the Internet.
DNS is basically a system to convert domain names to IP addresses. Domain names are easier to understand, memorize and write for humans, while computers use IP addresses exclusively to communicate.
The Internet Service Provider is usually the one that is providing the DNS servers to the customer. This happens more often than not automatically without customers having to do anything about it.
There are however reasons to switch to other DNS servers with performance, privacy and censorship being three of the major reasons.
- Censorship: Some countries use DNS to block access to websites. This is a weak block that can easily be bypassed by the user by entering the IP address of the website instead of its domain name.
- Privacy: Many ISPs cash in on domain typing errors by displaying a custom error page to the user instead of the simple "page not found" error page.
- Performance: Some ISPs offer DNS servers that are not optimized, slow and sometimes even unreachable.
Users who experience some of these issues can switch DNS servers. One of the most prominent free DNS providers is Open DNS which not only offers a fast independent DNS system but also additional optional values that include phishing and web content filters.
Tip: Make sure you benchmark DNS performance using a program like Namebench before you switch servers.
Google Public DNS
Google today announced that they have started offering public DNS servers as well. The system, called Google Public DNS, was designed to "make users' web-surfing experiences faster, safer and more reliable".
Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.
Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.
Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience.
A Google Developer page details how to change the DNS servers to use Google Public DNS servers.
Experienced users need to set the following two DNS servers for the IPv4 connection on the devices that they are using or in the router.
- 8.8.8.8
- 8.8.4.4
Privacy Concerns
But what about Privacy? Users who use the Google Public DNS servers will automatically submit extensive data to Google that includes all the websites and other services on the Internet that programs, apps and the operating system itself connect to.
According to the privacy information posted on the project web page Google Public DNS records temporary and permanent data but does not "correlate or combine" these information "with any other log data that Google might have about your use of other services, such as data from Web Search and data from advertising on the Google content network".
Temporary Logs: The temporary logs store the full IP address of the machine you're using. We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users. We delete these temporary logs within 24 to 48 hours.
Permanent Logs: In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena and improve the Google Public DNS prefetching feature. After keeping this data for two weeks, we randomly sample a small subset for permanent storage.
Verdict
Some users will say that providing public DNS servers is just another step in Google's world domination plans. Others might find out that the benefits outweigh the doubts and concerns. It is definitely not bad to have another option in this field especially with the increasing censorship around the world.
In the end it will be futile. ISPs like Comcast will start proxying port 53 the way they did port 25, and no matter what you set your machine to locally they will grab your queries and redirect you wherever they want.
I had the same thing on bell before I switched. Then edited my /etc/hosts to redirect domainnotfound.ca to my server where I parsed out the query and redirected to opendns with it. Not perfect but it worked (the shortcuts at least).
I don’t know that Google privacy, security, and non censorship are exactly synonymous. Of all the DNS options out there I’d put this one on the bottom of the list.
Compare DNS speed with Namebench.
NY Times technology blog section has a story on this here:
http://bits.blogs.nytimes.com/2009/12/03/pondering-googles-move-into-the-dns-business/
At the bottom of the story is a link to some users doing speed testing on Google DNS vs. OpenDNS vs. Level3. Results seem to point to Google DNS being better for non-USA users (strange!) while Level3 or OpenDNS better for USA users.
I’ve been using Level 3 for a while now myself and don’t have any complaints with it. Unlike OpenDNS, they don’t try to route mis-types to Yahoo or someplace else.
According to http://x7.fi/2009/12/04/google-public-dns-benchmarking/ Google DNS doesn’t seem to be that fast here in the northern parts of Europe.
Interesting analysis. I have seen reports where users have noted speed improvements. It certainly comes down to the individual DNS server used and the location of the DNS server.
Interesting article (as usual). Putting aside privacy issues (but maybe privacy is a myth…) i guess it’s worth trying it. How does it compare to OpenDNS (http://www.opendns.com/) ? I’ve been using this one for a while after having issues with my ISP’s.
So instead of my ISP key wording my misspells and presenting me with ad click-links, Google wants me to point to them so they can do the same thing. I don’t care about companies making money, but at least the tech writers should be honest about it.
Google isn’t doing this for altruism and faster DNS lookups, they want to capture the misspells and present people with even more ads. Some of you guys froth at the mouth when Google is mentioned, as if they are the saviours of the world or something.
No thank you, I will stick with OpenDNS.
look for “vivilproject dns” on a search engine and list a lot of public DNS other than google dns and opendns… i do not love my private surf can be tracked for ads reasons :-(
@David Stephens says: “No thank you, I will stick with OpenDNS.”
But what you describe is exactly what OpenDNS does itself, David! They redirect you on misspellings so one of their partners can present some content/ads to you and OpenDNS gets a piece of the revenue.
That is why I dropped OpenDNS and switched to Level3:
4.2.2.1
4.2.2.2
google dns is fast for me (East coast USA). However I would be worried about my privacy. I currently use http://www.acevpn.com service to protect my privacy. If I switch my dns to google dns whose IP will get logged? Mine or http://www.acevpn.com ?
http://www.acevpn.com is the address that will be logged on the web severs access log, but Google could log dns requests separately. The dns requests data logged would be massive, and if it were any other company I would say they do not log it, but since it is google, they might. That being said, dns logs do not show what you looked up, only that you looked up the ip address of the server.
@Jojo
Thank you for pointing out the hypocrisy of my whole argument :) I stand corrected.
I did not know about Level3’s public DNS server, I have switched and it is nice. I tried several misspells and not a single ad!
Thank you.
Great move by the giant, but the ISP’s can configure their routers to direct DNS requests to their own servers.
It wont be surprising if Google uses this whole lot of data in their search algorithms, in near future.
I read about using Google DNS here:
http://jaxov.com/2009/12/how-to-use-google-public-dns/
I’m currently using it, but the ping response is little slow than my current ISP’s DNS, I suppose their servers are somewhere in US/Europe, so it’s more beneficial for US/Europe people.
“Last Update:January 7, 2017” <– what's update?
Added information to the article, and updated some paragraphs.