How Does the New Google DNS Perform? (and Why?) 275
Tarinth writes "Google just announced its new Google DNS platform. Many have viewed this as a move to increase ad revenue, or maybe capture more data. This article explores those questions, as well as the actual benchmarking results for Google DNS — showing that it is faster than many, but not nearly as fast as many others." We also recently discussed security implications of the Google Public DNS.
Re:Pointless hype (Score:5, Insightful)
Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?
You trust your ISP? I sure don't. Perhaps I am asking for abuse, but I trust Google far more. On the other hand, I trust my hosting provider to provide sufficient DNS; but if I were hosting my application on a cloud somewhere, I'd want some cloud-based DNS; if I were hosting my application with Google, then Google would be the logical host for my name service. I'd probably want to use them as my registrar as well. :p
Google has the best uptime and the most distributed architecture of any single computer system, unless you consider the internet to be a single entity; it has slightly better reach overall.
I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.
Google is distributed. Is there any reason using one IP is unworkable?
Re:Pointless hype (Score:5, Insightful)
Re:Pointless hype (Score:4, Insightful)
Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.
Re:Pointless hype (Score:3, Insightful)
Re:Pointless hype (Score:1, Insightful)
They aren't now. Their policy says they won't, but that can change. My current ISP does, and OpenDNS (at least by default) also does weird things with nxdomain. IF Google ever messes this up, I'll switch away from them, just like I'm switching away from the people who CURRENTLY mess it up. There's no contract being signed here saying I'll take whatever Google gives me 1, 2, 10 years from now. This is LESS lockin than essentially ANY other service they provide, and for most of those they have their DLF anyway.
So yes. I trust Google enough to switch to them, and if they abuse that trust, I'll switch away and join the group of people who hurl insults at them. They haven't done anything yet to make me think they will in the future.
Re:Pointless hype (Score:2, Insightful)
Do you realise how difficult that would be? Color me stupid, but how many countries have a single ISP with that kind of control over what goes in and out of the country?
I honestly don't think most countries could pull it off. Look at China - they DO have 100% governmental control over their ISPs and they can't manage it, the have to threaten companies like Google to make this stuff happen.
And do you realise the hardware it would take to start sniffing the packets of the largest search provider in the world? Furthermore, Google has server farms in every country in the world - no doubt when they implimented DNS they put replication points at each of these sites, or at the very least manually routed them through.
And even if they did none of that, unless you have the wherewithall to kick Google out of the country (which would make your actions very public), Google is not the company with whome to fuck over something as trivial as DNS, particularly when they can count on the public crying foul when it goes public. "We tried to block your access to information, but Google stopped us." doesn't really go over to well in a free society.
Re:Pointless hype (Score:3, Insightful)
> and not route me through proxies and man in the middle attacks.
How would using Google's DNS help?
If your problem is man in the middle attacks, you'd have to use a VPN to a trusted network before you can trust DNS and other insecure protocols.
See also:
http://code.google.com/speed/public-dns/faq.html#dnssec [google.com]
Does Google Public DNS support the DNSSEC protocol?
At this time, Google Public DNS does not validate DNSSEC responses. We will continue to work on improving Google Public DNS.
Re:Pointless hype (Score:2, Insightful)
He's a fool because, faced with internet censorship in his country, he decides OpenDNS will protect him.
Re:Pointless hype (Score:4, Insightful)
To summarize, your option to trust google is just useless since it doesn't matter if you trust them or not.
Most ISP's DNS servers are broken. (Score:5, Insightful)
My ISP's nameservers are broken. Whenever I try to resolve a name that doesn't exist, instead of the DNS server telling me it doesn't exist, it returns the address of one of my ISP's web servers, which presents me with an ad-laden search page for whatever name I typed in. This is clearly not what the DNS spec says it is supposed to do.
While this might not sound like such a big deal, for developers it's a pain in the butt. For one thing, if I want to test to see if, for example, a name I have registered has propagated, I can't just do an nslookup to see if I get a response; I have to actually verify that the address that is returned (since all lookups will resolve to something) is the actual correct address instead of my ISP's web server. Also, on the client side, when my applications communicate via the web, they have to not only verify that an address resolved, but actually verify with the back-end application that it is what it's supposed to be instead of an ISP's search page. Just since I changed my DNS servers last week, I've already saved at least a minute or two I shouldn't have had to spend in the first place.
Plus, even if all of that still doesn't convince you that Google is actually doing something helpful, there's the simple fact that my ISP's servers actually had on average an hour or so down time every couple of months. It wasn't scheduled or anything (that I know of, anyway), I would just all of a sudden not be able to resolve any addresses. If I called technical support, the goobs there would insist on me plugging my computer directly into their modem, and when it still wouldn't work, they'd schedule a time a few days out for a technician to come out to my house. They simply wouldn't acknowledge that the problem was on their end, not mine, and they didn't understand simple concepts like nslookups, tracerts, etc. I'd invariably just give up, tell them not to send anyone, and wait without Internet access for their network people to figure it out after a lot more people called in.
I started using OpenDNS a long time ago because of all of the problems with my ISP's DNS servers, even though they also redirect queries that aren't found to their search page. If I wanted other features OpenDNS offers like parental controls and such, I'd probably stay with them. As it is, though, consider me another happy consumer of another helpful Google service. As the informal tech support guy for most of my family and friends, I'll be switching as many of them over as I can too, so I can avoid just a few more "Hey, I can't get to the Internet" calls.
Re:Pointless hype (Score:2, Insightful)
one of the world's largest advertising companies, masquerading as a technology company
You realize that one does not exclude the other, right? In fact, they build on each other. The reason Google is such a successful advertising company is BECAUSE it is such a great technology company. Furthermore, as the advertising aspect of their company brings in money, they can funnel that back into the technology they make, which can then increase their advertising revenues.
Google makes the best internet search product on the planet. Period. Nobody, even a software giant like Microsoft or an search giant like Yahoo can even touch them. They accomplished this feat when they were still operating out of their BASEMENT!! To say they are not a technology company is to be a blind fool. Do you even remember what the internet was like before Google? I do, it sucked. I used use a service called Search Hound, which would search about 40 different search engines for your search query - this was essential because you could never find anything without hitting up 2, 3, even 5 or 6 search engines just to get what you were looking for. What did Google do? They invented a better search algorithm and page ranking system, and instead of selling top search slots (like every other search engine before it), the sold unobtrusive add space around real, legitimate search results. A thousand times better, and free to the user to boot.
Fast forward to today, and what is google doing? They are developing new technologies and giving them away for free so they can gain more mind-share for the sole purpose of making sure people use their search engine. This increases their value to advertisers, and Google makes more money. Seriously, Android? Chrome? Chrome is frickin awesome, as soon as I tried it I ditched FF for good, and I'm seriously looking into getting an Android phone. Why are there so many phones running on Android already? Because Google gives it away. You can go download it right now if you want to. And, because it's Google and they are one of the top technology companies in the world, it also happens to be as good or better than any phone/small device OS out there.
Since Google's business model is to give customers exactly what they want for free in order to draw more customers for advertisers, and because most people I know HATE getting a dumbass search page instead of just saying the link is not found, no I don't expect Google will ever start throwing up link farms or ads in response to NX queries.
How stupid do you think Google is to break the trust that has made them BILLIONS over a few extra searches? They have shown themselves to be much, much smarter than that, and I trust them far more than I trust my own ISP, since my ISP already inserts a dumbass search in place of the "page not found".
Google did put such a thing in Chrome, but it simply says the page was not found and auto-fills a search box for you. It can also be turned off. I don't find it usefull, but I dont' find it intrusive either, unlike my ISP's auto-search. Google knows what their users want, and they know that their customers are the Advertisers, not the searchers - their goal is to lure as many searchers as possible to their advertisers. The best way to do that, as Google has shown time and time again, is to give your users something they will like and use, and generally find to be far and away the best version of whatever it may be on the market, and to give it away for free.
Re:Pointless hype (Score:3, Insightful)
Re:Pointless hype (Score:3, Insightful)
You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries. Since you have a contract that means that's a card in your hand which you can use in case of violation.
Indeed I can. I can:
Win win situation (Score:3, Insightful)
Google offering free DNS makes sense for everybody:
a) it is a low cost / low bandwidth service Google can integrate into its infrastructure for negligible cost, and the public get free reliable DNS
b) ISPs are 'stealing' search traffic by hijacking millions of misspelled domains, Google can try and eliminate this fraud which will more than cover the costs of (a)
c) why do people need to invent a (c)?
At the end of the day, Google's money-spinner is ads on search results. The free DNS is a move to protect this. As people write above, a bonus side-effect is that makes life easier for developers of sites and browsers when ISPs don't corrupt the RFCs.
Phillip.
Re:Pointless hype (Score:3, Insightful)
Mandatory censorship.
That doesn't seem like a very mandatory way of censorship. Not being able to translate a site's domain name to its IP address has nothing to do with not being able to access the site.
Re:Pointless hype (Score:4, Insightful)
At a hundred thousand dollars a second, your telephone company makes $3,155,692,600,000 a year from time-metered services?
That's easily explained if said telephone company is a mobile operator in USA.
Re:Dumb (Score:1, Insightful)
It's not 1995 any more. Google have way more important things to worry about than getting POP3 working. Switch to IMAP and stop whining.
Re:Pointless hype (Score:4, Insightful)
DNS servers are just DNS servers. There's a pool of them that handle requests to a given server. If google Public DNS is implemented like other Google services, your queries will be handled by whichever google node is nearby, idle, and knows the address you're requesting.
And... how is this different than your "local" DNS server? how do you know that Google's DNS is "nearby, idle, and knows the address"?
This seems robust than the way even the existing root servers are implemented. Google has more sites than almost anyone else non-government (there are a few notable exceptions, but none of them have an architecture like google's) and is continually opening more.
Perchance, because this is pretty much how existing root servers are implemented? There was a slashdork article a while back about the challenges of running a root DNS server. Let me assure you, redundancy is paramount - they've NEVER all been down. Ever.
Again, I defy you to please clarify what you mean by "cloud" computing to be any different than "Internet" computing? Because there is no difference. The Internet IS the cloud. Drawing a distinction between the two is like drawing a distinction between your pants and your britches.
And, once again, DNS is a redundant, multi-point, caching, distributed-architecture protocol, and has been for some 20 years.
Do you not know what this means?
"Cloud based" is a marketing term that describes what hosted application providers have been doing in various forms for some 20 years.