Google Launches Public DNS Resolver 540
AdmiralXyz writes "Google has announced the launch of their free DNS resolution service, called Google Public DNS. According to their blog post, Google Public DNS uses continuous record prefetching to avoid cache misses — hopefully making the service faster — and implements a variety of techniques to block spoofing attempts. They also say that (unlike an increasing number of ISPs), Google Public DNS behaves exactly according to the DNS standard, and will not redirect you to advertising in the event of a failed lookup. Very cool, but of course there are questions about Google's true motivations behind knowing every site you visit."
Why? (Score:5, Insightful)
But why would one change to use Google's DNS? If you're technical enough and care about such, you're way better off setting up your own recursive DNS server.
Google is just datamining from DNS requests here, it's another source of information. At least with your own ISP you can reasonably think that theres no datamining going on (excluding US ISP's, of course, who serve ads on non-existing domains for their users anyway)
8.8.8.8/4 (Score:4, Insightful)
"To try it out:
Configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers..."
Simple enough to remember which is great. Also - could this be used to circumvent some of the internet security at some workplaces where they seem to run a blacklist of specific sites?
Re:Why? (Score:4, Insightful)
Re:I guess it is good news... (Score:5, Insightful)
Congratulations, this would then be the first free service that I know of which doesn't do redirect ! ;-)
I guess they're using that as a selling point and to come of "nicer". If they're just after datamining the DNS requests, this service can happily run on negative income, because it improves Google's other things and provides them even more data.
Google is datamining everywhere and everything already.
Not everyday (Score:4, Insightful)
Forget everyday use, but on public wifi, I'm all about this!
Questions? (Score:5, Insightful)
...but of course there are questions about Google's true motivations behind knowing every site you visit.
No there aren't. You'd have to have been living under a rock for the past decade to have any questions about their motives. It's dead simple - they want to know what people are looking at so that they can better target people with advertising thereby increasing the value of their service. In return for offering various free services, all they ask for is some information on you so that they can better target advertising that interests _YOU_. It's not rocket science - it's just incredibly effective marketing.
Re:Why? (Score:3, Insightful)
Because setting up and maintaining your own recursive DNS server is a pain in the ass? (Especially compared to the workload of "here, just change this one setting and it will go faster")
Why not do both? (Score:5, Insightful)
Set up your own DNS server and point it at google's.
Then you can take advantage of your cache and their cache.
google could do us a great service by also making it available on some other port, that way we can get around the ISP interception of DNS requests.
and there's the other motive for Google. (Score:4, Insightful)
If you're on $garbage_DNS and you're served an advertisement/search page instead of NXDOMAIN, you (or your browser's auto-search) won't search Google. For that matter, just having something like this around will discourage $garbage_DNS.
Google cares about the Internet. It's where they make their money.
Re:Don't get me wrong, I love Google. (Score:5, Insightful)
There is a lot of amazing advantages to having your data aggregated the way that Google has it, and it's not rocket science to manage the downsides.
Re:Why? (Score:5, Insightful)
You know what? If I did what comcast has done with intercepting DNS requests and corrupting DNS responses, I would be committing 2 or more federal felonies, for profit no less. I would like some justice.
Re:Questions? (Score:5, Insightful)
And sorry, but just to complete the thought, there's a very good reason why Google would want to do this even if they don't get any data mining or ad revenue in any direct way: Think about all the other services (OpenDNS or ISPs) that redirect failed searches to their own search page. Every time that happens, that's a search that doesn't go through Google. As far as Google is concerned, you getting a proper response of "This page doesn't exist" is good for them, because they know your next stop will be Google.com.
Re:At least they have a clear privacy policy (Score:3, Insightful)
Add to that the fact that some IP addresses are shared by a lot of virtual sites which makes statistics about as precise as the slashdot polls.
Re:Don't get me wrong, I love Google. (Score:1, Insightful)
Are you sure about that "...except who I am!"??
You use Google services, such as Gmail, right? Even though you sign up with a bogus Gmail account let say with a bogus name like "John Doe", and you send a personal email to a friend of yours. Your friend replied "Hey Mike". There! Google knows your real name and your IP of course.
Whenever you go other websites with those Google's AdSense ads or Analytic snippets, you will be identified by Google with the help of that magic numbers called IP address.
You think you can escape from Google? Think again pal. They know so much about you than you can imagine.
Google DNS is another way for them to track your movement at the lowest level with more accuracy.
Re:Questions? (Score:3, Insightful)
Re:Why all the paranoia over Google? (Score:3, Insightful)
Any intelligence service that doesn't have at least one mole in Google is worthless.
motives (Score:3, Insightful)
Very cool, but of course there are questions about Google's true motivations behind knowing every site you visit.
Nonsense.
They want to cut the ISPs and other DNS providers out of their (dishonest) ad revenue streams. For a lot of competitors, this is virtually the only straw left (AOL, anyone? I know at least in Germany if they hadn't forced the marketing of the "Alice" ISP to add such a DNS-misdirect, their portal and search space would be able to count its visits in "hits per hour").
It hurts their competitors while giving Google an image plus. And the amount of overhead and traffic is neglectable if you already operate on the scale that Google does.
Re:I guess it is good news... (Score:3, Insightful)
4.2.2.2 and their ilk are free and non-redirecting
Yes, but who is gtei.net?
Re:At least they have a clear privacy policy (Score:3, Insightful)
I don't see any reason Google (or any other for profit company) would offer a service like this and say that they will never ever look at any of the data.
Oh they'll look at the data. They'll just pseudonymize it first.
Re:DDoS attacks (Score:3, Insightful)
Re:At least they have a clear privacy policy (Score:5, Insightful)
Re:Why? (Score:3, Insightful)
> if you think a business is not going to collect
> all the information they can about their
>customers, you are quite deluded.
``We don't run any sort of transparent proxies or other systems to covertly log what you do on the internet, and do not sell data to anyone.''
That's from my ISP. Doesn't yours say something similar?
If not, change.
Re:Why? (Score:5, Insightful)
That depends on whether you're running a Linux box at home in a "reliable enough" way to be functioning as a server. And in the example you give, as your primary machine as well. While I realize that many /. users do this, I would certainly say that most people don't.
I actually stopped doing it several years ago. I concluded that I have to maintain enough complex systems at work; I don't see any need to be a sysadmin for a complex system that requires nonstop patching and understanding of 30-year-old system internals at home, too. Plus the desktop environment was frankly primitive compared to modern machines. So I ditched it and started running OS X. (And I should say that I'm an experienced Linux sysadmin and engineer professionally, so this was not the "I don't know how to use it and it appears to have been designed by badgers" issue)
It's definitely true that, if you're already doing all of the work to run your own system at home, adding a DNS server isn't a big deal. But that's really a hobbyist thing to do. If your home system is primarily for the purpose of getting things done, rather than for playing with systems, it's an enormous amount of extra work. Yet having faster DNS lookups is still a win.
Re:At least they have a clear privacy policy (Score:3, Insightful)
mod parent up!
the current google is somewhat evil; we have no idea what happens LATER when, uhh, the TOS get changed (somehow...)
"the first one is free". remember that phrase. it applies here, too, in concept.
Re:I guess it is good news... (Score:2, Insightful)
Link(s) to corroborate?
So, are you volunteering? (Score:5, Insightful)
No, but we're smart enough to realize that no one is going to pay out of pocket to provide all the services that Google does for free with no revenue model at all, not even to pay for the infrastructure servers and network necessary to do it.
I'll make you a deal. Multi-billionaire technology philanthropist that you seem to be, you set up a company to compete with Google, one that provides all that they do and that has exactly zero sources of revenue, and I'll willingly become your fanboy.
The practical situation is that there ain't no such thing as a free lunch. When Google came along, we were headed towards every web site--especially search engines and directories--pushing out more and more pop-ups, pop-unders, interstitials, graphics-heavy, annoying ads, and they changed that. God forbid any of them actually contribute back to the community in the form of numerous open source projects and free services.
Google changed all that by providing a much more customer-friendly "less is more" philosophy, and their customers have supported their efforts in a very free market-friendly way. So while you can take potshots at targeted advertising if you want, I honestly can't think of a less obtrusive and relatively harmless revenue model that can support all that Google does and how much they are contributing to advancing technology.
While I'd love for someone to volunteer to do all that Google does without making money for it, given that that's not going to happen, yeah, targeted advertising is about the least annoying way I can think of to get the bills paid and continue providing service.
Re:DDoS attacks (Score:2, Insightful)
Isn't that more indicative of the quality of the BIND code, more than the complexity of DNS itself? Contrast it with the number of djbdns releases.
Better Google than your ISP (Score:5, Insightful)
Google is datamining everywhere and everything already.
When I first read about this, I immediately thought about datamining. But after another second, I figured that I would prefer Google to have this information than Verizon (where my caching DNS server currently forwards to). It is true that Google is better at datamining, but do keep in mind that whoever is providing your DNS service has the information about your DNS requests.
Another difference between Google and your ISP is that your ISP knows who you are from your IP address. So they can link DNS resolution requests to specific, named, customers. Google can't do that directly.
Re:Why all the paranoia over Google? (Score:3, Insightful)
"But ... there is a level of suspicion and fear directed at Google that just seems extreme. Has Google actually done something "Evil" that I missed?"
They might have. Would we be able to know, at this point, if they did? Do we still have third parties able to compete with them and provide checks and balances over the information they feed us?
The problem with Google (and the other big players, such as the social networks) is that they are increasingly *centralising* control over the data we see. In the 1990s, the Net was a very decentralised place. You'd get an IP address, DNS lookup and SMTP from your ISP, a domain name from a domain registrar, web hosting somewhere else, webmail from a fourth place, search from a fifth place... and all of those would be different from your hardware and your operating system... and all this decentralisation kept the big corps mostly honest. There were people like AOL and Microsoft trying for lock-in and vertical integration, yes. Which is why Google initially seemed like a shining knight, a different force. And them funding Mozilla gave us a breathing space from the Microsoft lock-in empire.
But now Google themselves are becoming the Microsoft of the Web. Not in terms of abusive practices - necessarily. But in terms of edging towards single-provider monopoly power, which gives the *potential* for abusive practices on a huge scale.
Remember Sandra Bullock, The Net, mid 1990s? Back then it seemed total science fiction because it was really silly to think that any one organisation could get censorship control over the fractious, decentralised Net of that era. It's not so funny now. You could now have:
* a Google Android phone or a Google ChromeOS device
* running Google Chrome
* getting DNS from Google DNS
* using Gmail for mail
* using Google Wave for social networking
* using Google Search for all searching
* getting their news from Google News
* buying their books from Google Books
* doing academic research on Google Scholar and patent searches on Google Patents
* sharing documents on Google Docs
* viewing Usenet through Google Groups
and all of that information is logged, analysed, data-mined and cross-checked by a single organisation answerable to a very few people. And potentially modified in transit.
Fortunately it's still possible to compare most of what Google tells us with the source websites, so they can't easily change the information we receive. Yet. But they certainly can get a very close-up view of exactly who we are and what lines of knowledge we're interested in, and flick this on to whatever organisation - private, criminal, government - asks nicely enough.
Centralisation is always scary, because you just. don't. KNOW. what is being done with that data, either coming or going.
Google's best weapon against paranoia is openness... but what if we end up seeing just the *appearance* of openness and not openness itself?
For that reason I hope Google never becomes the only information service we use on the Web, and I'm even unhappy with the way we all rely on its search results to such a huge extent. It's a potential choke point in the Net, a single point of failure. Right now it seems okay... but.... loss of alternatives is never a safe place to be. Why has open source search never taken off?
Re:What's their motivation? (Score:3, Insightful)
"So in other words, for less than two days, their DNS log, and nothing else, will know that a particular request was made from a particular IP."
So they say. You have more than their word for that?
Oh right. A big US corporation would never lie, even in the service of compliance with national security and law enforcement directives which require them to.
Re:At least they have a clear privacy policy (Score:3, Insightful)
Other companies, perhaps. But when has Google ever made their ToS more evil?
As far as I'm concerned, Google has done nothing to undermine our trust in their sincerity. If you have examples, though, I'm more than willing to dig in to it.
Re:Why? (Score:3, Insightful)
Why would I invest two hours and a spare machine into setting up my own DNS server when I can spend thirty seconds changing a setting on my router?
As for maintenance... Why should I invest time updating the software that runs these servers every time a new security vulnerability is discovered? Why should I even have to check for updates, when someone else is doing it all for free? Why should I pay for the electricity to run the additional machine? (You're going to say "run it on your desktop", but what if I dual-boot? Why should my wife's laptop be unable to resolve sites while I'm rebooting or shut down for the night?) And so on and so forth.
Maybe you like spending your free time dealing with all of that crap. Most of us don't.
As for "most consumer-grade routers have a DNS server built-in", I'm not sure you know what you mean. Sure, most have a caching DNS server built-in, but they merely defer to your ISP's DNS server when they don't have the address cached, which means you're going to be querying your ISP's DNS servers every $TTL anyway - so if your ISP is redirecting NXDOMAIN queries to ad pages, you're still going to get them.
Re:I guess it is good news... (Score:4, Insightful)
I think that Google gets the free pass because they have so far shown themselves to be the least intrusive, paternalistic and/or come the closest to giving us what we want. And they stand out a fair distance from the rest of the bunch.
Most of us acknowledge that there isn't a free lunch, so Google *so far* has been enabling the internet to function on its technical capabilities while making a profit. Surely you recognise that a lot of business models block the capabilities of technology to bolster their profits? Google seems to take the opposite approach. This often leads to businesses complaining about their methods, but consumers/customers/collaborators are enabled.
Re:I guess it is good news... (Score:3, Insightful)
Read 1984. Not just to get my joke, but it's also a great book. Plus you'll understand what people mean by Big Brother (it's *much* more sinister than just someone else taking care of you).
Re:Better Google than your ISP (Score:3, Insightful)
What makes you think Verizon isn't doing packet inspection to datamine regardless?
It takes leaving a default setting unchanged to have logs of all DNS requests that Verizon's servers answer. The effort spent: zero. The data volume: minimal (only DNS requests.)
It takes a lot more to inspect all packets (TCP and UDP) that may be related to DNS. It has to be bought, then connected to the main data link(s), then configured to log what you want, then maintained. On Verizon's scale it's some serious money right here.
Since Verizon is not in datamining business, I don't see why they would want to trouble themselves with such a complex arrangement.
On top of that, logging users' Internet traffic is not something that Verizon needs to do as part of their usual business. Logs on the DNS server may be easily explained because the server is needed and they need to know what goes wrong when it does. However the packet inspection box has no business reason to be there, and it can affect Verizon's common carrier status.
Re:I guess it is good news... (Score:3, Insightful)
Virgin Media keep extensive logs of DNS requests, as the government requires them to, for at least one year.
Your country requires them to keep logs of your DNS requests for 12 months? You have my sympathy.
Re:At least they have a clear privacy policy (Score:2, Insightful)
Re:I guess it is good news... (Score:2, Insightful)
Re:Better Google than your ISP (Score:3, Insightful)
Dude, all of your traffic are passing through your ISP already, what makes you think they won't log your DNS requests to Google if they found enough people are using it?
There is a big difference between keeping logs for a service you are running and doing deep packet inspection. And if our ISPs are doing that, then Google is the least of our worries with respect to privacy.