Slashdot Mirror
A Look At the Safety of Google Public DNS
darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"
Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.
Nerd rage is the funniest rage.
Ya know, if I had an answer to that, I might have phrased my statement a little differently.
I guess the best answer at this point is simply to point out that they haven't done a great deal to suggest that you shouldn't believe them, and on some level, they are regulated by a reasonable government (depending quite a lot on how one chooses to define reasonable).
Nerd rage is the funniest rage.
For me, the dealbreaker with OpenDNS is that, when you type in a non-existant domain, OpenDNS resolves it to an IP that gives you their custom search page. The standards compliant response would be NXDOMAIN, which is what Google (and some others) provide. This alone was enough to make me switch away from OpenDNS.
Dangerous, sexy, turing complete: Femme Bots
Well , the being free part i guess.
Which is correct : it's not because it was free that it was a problem , but that it was completely integrated , giving it a near monopoly position in the browser market.
And in the case of IE , it's so much part of the OS , that you don't get it for free, you pay for it in the price ( the developers of IE don't work for free , they are payed with the money Microsoft gets from the sales ).
Slipping shoelaces ?
Now read chapter 1 of their Terms of Service and see how it takes precedence over EVERYTHING else.
Actually, this is quite the opposite.
1.5 If there is any contradiction between what the Additional Terms say and what the Universal Terms say, then the Additional Terms shall take precedence in relation to that Service.
In the document, "Additional Terms" refers to additional ToS documents and Privacy Policy documents, etc., and "Universal Terms" refers to this. I think this is pretty much the most straightforward legalese I've ever seen, and it very clearly states that if the privacy policy of their DNS solution says they're not going to keep your data more than 48 hours, they are not going to, regardless of what the Universal Terms document states.
That may be true, but their preferences only work if OpenDNS can tell which networks are yours. They detect this when you use your browser to log into the control panel, or if you install client-side software (OpenDNS Updater, which is Win\Mac only). You could do it with DynDNS too, but not everyone uses that.
Anyway I'd rather not go through all that effort, and would prefer the NXDOMAIN behavior to be the default for anonymous requests.
Dangerous, sexy, turing complete: Femme Bots
Reports from my friend inside the GFW, both DNS servers already banned by the Chinese government...wth...and openDNS stayed untouched for like ever...