A Look At the Safety of Google Public DNS

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

Re:Privacy for what?

[maxume]

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Re:Privacy for what?

[markkezner]

For me, the dealbreaker with OpenDNS is that, when you type in a non-existant domain, OpenDNS resolves it to an IP that gives you their custom search page. The standards compliant response would be NXDOMAIN, which is what Google (and some others) provide. This alone was enough to make me switch away from OpenDNS.