Google Implements DNSSEC Validation For Public DNS 101
wiredmikey writes "Google on Tuesday announced that it now fully supports DNSSEC (Domain Name System Security Extensions) validation on its Google Public DNS resolvers. Previously, the search giant accepted and forwarded DNSSEC-formatted messages but didn't actually perform validation. 'With this new security feature, we can better protect people from DNS-based attacks and make DNS more secure overall by identifying and rejecting invalid responses from DNSSEC-protected domains,' Yunhong Gu, Team Lead, Google Public DNS, wrote in a blog post. According to Gu, about 1/3 of top-level domains have been signed, but most second-level domains remain unsigned. According to NIST, there has been no progress in enabling DNSSEC on 98 percent of all 1,070 industry domains tested as of March 18, 2013. 'Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment,' Gu said."
Re:What web sites and hosts do you visit? (Score:4, Insightful)
I think your ISP has a much better log of your activities.
Re:DNSSEC is inferior to custom HOSTS file (Score:3, Insightful)
This story is ... (Score:1, Insightful)
more data for google -- a LOT more (Score:2, Insightful)
Awesome... now more people will be tricked into switching to Google's DNS servers, and therefore, more people can be tracked by Google.
Before, Google just watched your browsing habits, your email, your phone calls and cell phone activities, your physical connection, tracked you through advertising, monitored your connections to your friends, and, well, when you took a dump too.
Now, Google plans to monitor every other activity your computer partakes in, as it watches all the DNS lookups you make. Any website you go to, that is not done via a Google search. What other software you use. What forums you go to. What *threads* you look at in forums, as the dns entries will sync with threads Google has already cached. Do you download torrents? Do a lot of MX record lookups?
Google can determine a vast amount of info via DNS lookups.
Google -- can you PLEASE just focus on making your core, search technology less inane? Not everyone wants to search for random, unrelated responses to searches. When they search for "bob cat", they don't want "Robert Kats".
Oh? And while you're at it, please make Verbatim searches work again. You've only had that for what, a year since you SCREWED UP + SEARCHES, and you've already started to DEGRADE IT!
Cornholes!
Re:more data for google -- a LOT more (Score:4, Insightful)
Please explain how you know that, for example, Microsoft doesn't already do a lot of similar things?
For a start, every new connection you check in with Microsoft by connecting to a Microsoft server and downloading a text file (look up NCSI - and, yes, you can change the registry entries to your own server if you wish, but so can you NOT use Google's DNS servers. I actually use it as a primitive "call home" device should someone be stupid enough to steal my laptop - as soon as it's turned on on an unknown Internet connection, it will try to talk to my server as a connection test, which would give me their IP).
Or time.microsoft.com. Same sort of thing. Hell, a lot of security suites "call home" with details of what pages you're going to in order to see if they are malware, etc. Opera Mini/Mobile "calls home" to a server that could even cache your SSL connections in theory, etc. Just what precisely distinguishes Google from anything else that you have voluntarily installed on your computer?
Re:more data for google -- a LOT more (Score:2, Insightful)
Ah, a new tact -- no one is forcing you to use Google, therefore it's OK that they do whatever they do.
No one is forcing you to rent a particular apartment either, so I guess it's OK if the landlord puts cameras in it, and spies on you?
No one is forcing you to go to a particular grocery store. I guess it is OK for that grocery store to poison your food, if you don't like it, shop elsewhere?
Sorry, the "if you don't like that you're being spied on, just shut the hell up and stop using that product" is another red herring. Please stop with the Google fanboism, OK?