Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Launches Public DNS Resolver

Posted by timothy on from the their-interest-is-understandable dept.

AdmiralXyz writes "Google has announced the launch of their free DNS resolution service, called Google Public DNS. According to their blog post, Google Public DNS uses continuous record prefetching to avoid cache misses — hopefully making the service faster — and implements a variety of techniques to block spoofing attempts. They also say that (unlike an increasing number of ISPs), Google Public DNS behaves exactly according to the DNS standard, and will not redirect you to advertising in the event of a failed lookup. Very cool, but of course there are questions about Google's true motivations behind knowing every site you visit."

6 of 540 comments (clear)

  1. At least they have a clear privacy policy by Edgewize · · Score: 5, Informative

    They state very bluntly that IP addresses are expunged from the logs after 48 hours, and that no data is shared with Google Accounts or other Google services. They still get to play with a lot of aggregated data, but this seems like a fairly non-evil way to do it. Good for them. http://code.google.com/speed/public-dns/faq.html#privacy

  2. Re:SPDNSY by SanityInAnarchy · · Score: 5, Informative

    everything resolves to Google's proxies.

    Really?

    $ host slashdot.org
    slashdot.org has address 216.34.181.45
    slashdot.org mail is handled by 10 mx.corp.sourceforge.com.
    $ host slashdot.org 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases:
     
    slashdot.org has address 216.34.181.45
    $ host 216.34.181.45
    45.181.34.216.in-addr.arpa domain name pointer slashdot.org

    You, sir, are a liar.

    Cue *whoosh* in 3..2.. actually, I still don't get it. Either you're trolling because you hate Google, or there's some obscure joke that I still don't understand. I really don't get how your list of crap it requires (most of which doesn't exist or doesn't apply to DNS) is funny -- are Google known for requiring random stuff like that?

    I mean, they don't even touch NX:

    $ host aoeusnth.com
    Host aoeusnth.com not found: 3(NXDOMAIN)
    $ host aoeusnth.com 8.8.8.8
    Using domain server:
    Name: 8.8.8.8
    Address: 8.8.8.8#53
    Aliases:
     
    Host aoeusnth.com not found: 3(NXDOMAIN)

    That's more than you can say for most ISP-level resolvers.

    --
    Don't thank God, thank a doctor!
  3. Re:trying it... by Sir_Lewk · · Score: 5, Informative

    disregard that, I suck cocks.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  4. Re:DDoS attacks by darkmeridian · · Score: 5, Informative

    Google's DNS service defends against DDoS amplification attacks by using rate-limiting techniques. From Google:

    The best approach for combating DoS attacks is to impose a rate-limiting or "throttling" mechanism. Google Public DNS implements two kinds of rate control:
    Rate control of outgoing requests to other nameservers. To protect other DNS nameservers against DoS attacks that could be launched from our resolver servers, Google Public DNS enforces per-nameserver QPS limits on outgoing requests from each serving cluster.
    Rate control of outgoing responses to clients. To protect any other systems against amplification and traditional distributed DoS (botnet) attacks that could be launched from our resolver servers, Google Public DNS performs two types of rate limiting on client queries:
    To protect against traditional volume-based attacks, each server imposes per-client-IP QPS and average bandwidth limits.
    To guard against amplification attacks, in which large responses to small queries are exploited, each server enforces a per-client-IP maximum average amplification factor. The average amplification factor is a configurable ratio of response-to-query size, determined from historical traffic patterns observed in our server logs.

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  5. Re:It is not the fastet DNS, at least not for me by WARM3CH · · Score: 5, Informative

    Oh crap! I reported the Minimum time, not the average! Here is the full report:

    (Min | Avg | Max | Std.Dev |Reliab%)

    My university:
    Cached Name | 0.001 | 0.002 | 0.003 | 0.000 | 100.0
    Uncached Name | 0.008 | 0.060 | 0.225 | 0.065 | 100.0
    DotCom Lookup | 0.181 | 3.984 | 4.203 | 0.633 | 100.0

    OpenDNS (208. 67.220.220)
    Cached Name | 0.005 | 0.006 | 0.008 | 0.001 | 100.0
    Uncached Name | 0.008 | 0.066 | 0.190 | 0.053 | 100.0
    DotCom Lookup | 0.009 | 0.131 | 0.198 | 0.064 | 100.0

    Level 3 (4. 2. 2. 3)
    Cached Name | 0.024 | 0.025 | 0.028 | 0.001 | 100.0
    Uncached Name | 0.026 | 0.071 | 0.206 | 0.056 | 100.0
    DotCom Lookup | 0.025 | 0.081 | 0.191 | 0.058 | 100.0

    Google (8.8.8.8)
    Cached Name | 0.044 | 0.061 | 0.206 | 0.038 | 100.0
    Uncached Name | 0.048 | 0.144 | 0.322 | 0.075 | 97.9
    DotCom Lookup | 0.069 | 0.158 | 0.261 | 0.051 | 100.0

  6. Re:I guess it is good news... by Anonymous Coward · · Score: 5, Informative

    Brief history lesson:

    DARPA asked BBN to build the arpanet. They built and owned Autonomous System Number 1. (ASN1)
    BBN split into BBN Technologies and BBN Networking. BBN Technologies went of and did their own thing. BBN Networking kept ASN1 and grew into a tier 1 ISP.
    GTE bought BBN Networking and renamed the division GTE Internet ( aka GTEI )
    Southern Bell bought GTE but wasn't allowed to keep all of it due to monopoly laws put in place during the Ma Bell breakup. They renamed the Telco part Verizon and spun off the infringing internet bit as Genuity.
    Genuity was funded through a 'guaranteed' $2B revolving credit line by Verizon.
    Verizon lobbied enough people to overturn enough of regulations such that they no longer needed Genuity at all, and dumped the loan.
    Genuity's remaing assets were sold in bankruptcy to Level 3 Communications, including ASN1, the 4.0.0.0/8 and 8.0.0.0/8 ARIN allocations and the gtei.net name.