The majority of Internet users has not probably come into contact with DNS, the Domain Name System, although it is one of the cornerstone technologies of the Internet.
DNS is basically a system to convert domain names to IP addresses. Domain names are easier to understand, memorize and write for humans, while computers use IP addresses exclusively to communicate.
The Internet Service Provider is usually the one that is providing the DNS servers to the customer. This happens more often than not automatically without customers having to do anything about it.
There are however reasons to switch to other DNS servers with performance, privacy and censorship being three of the major reasons.
- Censorship: Some countries use DNS to block access to websites. This is a weak block that can easily be bypassed by the user by entering the IP address of the website instead of its domain name.
- Privacy: Many ISPs cash in on domain typing errors by displaying a custom error page to the user instead of the simple "page not found" error page.
- Performance: Some ISPs offer DNS servers that are not optimized, slow and sometimes even unreachable.
Users who experience some of these issues can switch DNS servers. One of the most prominent free DNS providers is Open DNS which not only offers a fast independent DNS system but also additional optional values that include phishing and web content filters.
Tip: Make sure you benchmark DNS performance using a program like Namebench before you switch servers.
Google Public DNS
Google today announced that they have started offering public DNS servers as well. The system, called Google Public DNS, was designed to "make users' web-surfing experiences faster, safer and more reliable".
Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.
Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.
Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience.
A Google Developer page details how to change the DNS servers to use Google Public DNS servers.
Experienced users need to set the following two DNS servers for the IPv4 connection on the devices that they are using or in the router.
But what about Privacy? Users who use the Google Public DNS servers will automatically submit extensive data to Google that includes all the websites and other services on the Internet that programs, apps and the operating system itself connect to.
According to the privacy information posted on the project web page Google Public DNS records temporary and permanent data but does not "correlate or combine" these information "with any other log data that Google might have about your use of other services, such as data from Web Search and data from advertising on the Google content network".
Temporary Logs: The temporary logs store the full IP address of the machine you're using. We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users. We delete these temporary logs within 24 to 48 hours.
Permanent Logs: In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena and improve the Google Public DNS prefetching feature. After keeping this data for two weeks, we randomly sample a small subset for permanent storage.
Some users will say that providing public DNS servers is just another step in Google's world domination plans. Others might find out that the benefits outweigh the doubts and concerns. It is definitely not bad to have another option in this field especially with the increasing censorship around the world.