A Look At the Safety of Google Public DNS

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

Re:Privacy for what?

[HangingChad]

your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

I set it up on my laptop and I can't see any difference between that and my desktop in terms of speed. I'm going to leave it on my laptop which connects through different hotspots with different DNS providers.

Google can have my DNS records while I'm on the road. I think it's a great service and the kind of really neat thing that's pretty rare in corporate culture these days. We should be giving them props even if you choose not to use it. But around here no good deed goes unpunished.