Verisign launches Public DNS service that respects user privacy - gHacks Tech News

Verisign launches Public DNS service that respects user privacy

Verisign Public DNS is a free DNS service that promises better connection times, stability, security, and privacy when compared to the majority of public DNS services available on today's Internet.

The DNS services that Internet providers offer are often not the fastest, and it is easy enough to verify that by running programs like DNS Benchmark which test the performance of multiple DNS servers on the host system to find out which performs the best.

When it comes to third-party Public DNS services, there are plenty to choose from. While speed and reliability should definitely be a point of consideration, there may be others of interest including privacy, restrictions and extras that services may offer.

Companies may sell data that they collect based on your computer's look ups, and others may redirect you to custom error pages with their ads on them instead of the web browser's default error page.

While it is easy enough to find out about custom error pages, whether a company is selling or processing your data may not always be that obvious.

Verisign's newly launched Public DNS service promises to respect user privacy:

And, unlike many of the other DNS services out there, Verisign respects your privacy. We will not sell your public DNS data to third parties nor redirect your queries to serve you any ads.

The setup guide walks you through setting up the DNS server on desktop and mobile operating systems. Note that there is no program or app that you can run to set Verisign Public DNS automatically on a system.

Before you do that, you may want to test the performance of the DNS service. This can be done with the excellent DNS Benchmark which ships with dozens of DNS servers. You do need to hit the Add/Remove button to add both Verisign Public DNS IP addresses to it. The IP addresses that you need to add are 64.6.64.6 and 64.6.65.6.

verisign public dns

As you can see on the screenshot above, it came in second right after the local network nameserver used on the test device.

The status tab confirms furthermore that it won't intercept bad domain names which means that the browser's error page will be used whenever you try to load a domain name that does not exist.

Public DNS is a bare-bones DNS service apart from that offering no filtering options for you to configure for example. That's not necessarily a bad thing considering that you may not need these options at all. It is quick to set up and if you run into issues, quick to remove as well.

Verisign promises not to sell the data but it will still process it internally as mentioned in the Terms of Service.

Verisign uses the Service Data to provide the Service and for internal business and analysis purposes. [..] Verisign will not sell, distribute any personally identifiable information (PII) collected as a result of performing the Service. Verisign will not permanently store the PII and will retain such PII for no longer than is necessary.

Closing Words

Benchmark results may vary depending on where you connect to the Internet from. It is therefore suggested to run benchmarks if you consider switching to the DNS service.

Now You: Which DNS service are you using and why?

Summary
Verisign launches Public DNS service that respects user privacy
Article Name
Verisign launches Public DNS service that respects user privacy
Description
Verisign Public DNS is a free DNS service that promises fast look ups, privacy and stability.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Dan82 said on October 12, 2015 at 9:33 am
    Reply

    I’m using the Google one (8.8.8.8) mostly because it’s a free DNS service without blocks and because it’s easy to remember. The secondary one, which will only be used if the primary server is unavailable, belongs to my ISP. I guess I should run DNS benchmark, thanks for the reminder ;)

    1. not_black said on October 12, 2015 at 1:28 pm
      Reply

      So Google not only tracks you with cookies and JavaScript on ca. 90% of all websites, your web searches, your email, but you willingly offer them every single domain name you ever visit. Good for you.

      Anyone who is even a little bit concerned about privacy should NOT use Google DNS.

  2. Dan said on October 12, 2015 at 9:36 am
    Reply

    It didn’t say it’s non-logging, or does it say that it won’t censor sites. I’ll stick with dns.watch and censurfridns.dk for now (and dnscrypt.eu for DNS Crypt support).

  3. Tom Hawack said on October 12, 2015 at 11:13 am
    Reply

    I’ve just pinged both Verisign DNS resolvers’ addresses (64.6.64.6 and 64.6.65.6) and results are indeed excellent.
    At this time I’m using DNSCrypt and therefor available DNS resolvers are limited. OpenDNS is still my choice, even though it does log, because it has built-in as well as user defined filtering capabilities. Built-in filters defeat all other public DNS resolvers (as well as system default) and moreover OpenDNS handles DNSCrypt, so the choice here is rather quickly done at this time.

    I had a look on Verisign Public DNS’ forum and read that a user had brought up the wish of having Verisign propose a DNSCrypt connection ( https://verisign.vanillacommunity.com/discussion/16/support-dns-crypt-and-also-non-standard-ports ). If done I’d be most interested.

  4. Ben said on October 12, 2015 at 12:16 pm
    Reply
  5. wybo said on October 12, 2015 at 12:22 pm
    Reply

    A few months ago I ran DNS Benchmark and OpenDNS-3 was the quickest at the location were I am most of the time. As OpenDNS has a good rep I was happy to use it.

    I have to admit I know little about DNS servers. DNSCrypt is something I am not familiar with.

    Maybe you can do a tutorial/blog about the whole DNS thing for the less informed. That would be great.

    Thanks Martin.

    1. Bond said on October 12, 2015 at 5:57 pm
      Reply

      That would be good, i always had interest in DNSCrypt but it feels too complicated to configure.

      1. chesscanoe said on October 12, 2015 at 6:16 pm
        Reply

        I’ve been using DNSCrypt for years. I suggest you start it manually after you’ve started Windows. It’s an option not to auto start it when Windows starts. Otherwise, see
        https://www.opendns.com/about/innovations/dnscrypt/

      2. Dan said on October 13, 2015 at 2:51 am
        Reply

        If you use a *buntu or derivative distro (like Mint), I would suggest http://www.webupd8.org/2014/08/encrypt-dns-traffic-in-ubuntu-with.html

        Fairly easy to follow, and it works.

  6. not_black said on October 12, 2015 at 1:38 pm
    Reply

    Interesting, at my location the Verisign DNS performed the worst.

    1. jasray said on October 13, 2015 at 2:21 am
      Reply

      Likewise–Adding Verisign to DNS Jumper and running a test resulted in 167ms and 177ms compared to, say, Ultra at 30ms and 31ms.

  7. flyli5411 said on October 12, 2015 at 2:04 pm
    Reply

    Been using OpenDns for years wont touch google,Giving this Verisign a try ,So far
    very fast ,Also ran Spoofability test https://www.grc.com/dns/dns.htm, Results Excellent.
    I,L continue to use so far very good.

  8. RottenScoundrel said on October 12, 2015 at 5:13 pm
    Reply

    Take your pick…
    Logging, a little logging, no logging, logging disabled …
    http://wiki.opennicproject.org/Tier2

    You do know what Verisign actually does for their income? {gas}{horror} Google would be better and that is so far down my list it is barely a dot. :)

    1. not_black said on October 12, 2015 at 6:08 pm
      Reply

      >You do know what Verisign actually does for their income?

      No, what?

    2. Dan said on October 13, 2015 at 2:53 am
      Reply

      I have reliability issues with OpenNIC servers. They go down a fair bit (at least the ones nearest to me in SE Asia).

  9. Anonymous said on October 12, 2015 at 8:17 pm
    Reply

    9. Compliance with Laws. You agree that you will use the Service in compliance with these Terms of Service and all applicable local, state, national, and international laws, rules and regulations, including any laws regarding the transmission of technical and personally identifiable information data exported from the United States or the country in which you reside.

    – Verisign will not sell, distribute any PII collected as a result of performing the Service. Verisign will not permanently store the PII and will retain such PII for no longer than is necessary.

    So they are now in the explicit business of collecting your personal information to provide to the US (and the country you reside) and notice that they have not said that they will not turn over this information ONLY if it is required by court order etc.

    Pass…

  10. Rick said on October 12, 2015 at 8:31 pm
    Reply

    “Respects user privacy” .. NOT

    Read section 9; all of your personal information collected (they don’t even break it out), will be transmitted to the US (and to authorities of your country of residence); ALL information they collect, regardless if it required by law, they just do it in accordance with the law.

    Required Accordance

    Pass… I’d rather have my information combined with that of others and sold rather than to have my individual information handed over.

  11. CHEF-KOCH said on October 12, 2015 at 10:09 pm
    Reply

    DNSCrypt + Unbound as a cache till I die.

    1. Bond said on October 12, 2015 at 10:47 pm
      Reply

      Care to guide me to some tutorial, an easy/clear one for Windows?

  12. CHEF-KOCH said on October 13, 2015 at 1:47 am
    Reply

    @Bond

    https://github.com/alterstep/dnscrypt-unbound
    http://yvoinov.blogspot.com/2014/05/windows-7-unbound-dnscrypt.html

    The options/settings like resolver is random because everyone like to use other resolvers, but most if not everything is already explained over official documents. The only real think you need to be careful is that the internal dnsclient needs to be disabled + DNSCrypt need to be set to another port. The clients are very easy to use, because if something is wrong, windows can’t start them and you need to look at the logs. Pretty easy (imho).

  13. Doug said on October 13, 2015 at 2:19 am
    Reply

    I use Swiss Privacy Foundation also Ben, their address was changed earlier this year. IPv4 and IPv6 addresses available. Would bookmark and visit this site more often if the connection was more secure. As of now I come in through Daily Rotation on occasion, another unsecured connection. Oh well, my shared email address inbox or spam folder might get flooded, and they have my first name, but I can deal with that.

Leave a Reply