Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At the Safety of Google Public DNS

Posted by kdawson on from the random-enough-maybe dept.

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

13 of 213 comments (clear)

  1. Privacy for what? by Dogun · · Score: 2, Interesting

    My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

    I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

    1. Re:Privacy for what? by DragonWriter · · Score: 5, Interesting

      The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

      The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP.

    2. Re:Privacy for what? by octaene · · Score: 3, Interesting

      An excellent point. That's why I think OpenDNS is a better option. They at least appear to give you a choice in the matter. I'm not sure Google's services are equitable. There's a good blog post from the founder of OpenDNS where he critiques Google's service. It's a good read.

      http://blog.opendns.com/2009/12/03/opendns-google-dns/

    3. Re:Privacy for what? by icebraining · · Score: 2, Interesting

      When you use GoogleDNS, you're providing the request to both of them, as your ISP can see your DNS requests anyway.

      --
      Dilbert RSS feed
    4. Re:Privacy for what? by Idiomatick · · Score: 2, Interesting

      Give a single example of a Google ToS changing for the worst.

      As I said in the other story, Google stands to gain NOTHING by alienating their whole freaking market for this. Only mega nerds will bother changing their DNS to Google's since only nerds have even heard of DNS. And said nerds will abandon Google DNS in a matter of days if they fuck with the ToS. And the streisand effect would be fucking huge in the group that uses the service.

      I think it is a bit more likely that Google is doing this for the data that they SAY they are taking since that alone is valuable. The extra data they'd get by fucking their privacy policy would be minimal, the downside huge.

    5. Re:Privacy for what? by dissy · · Score: 3, Interesting

      My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

      I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

      So what you are saying is, you are upset at the idea of google logging your dns traffic, yet NOT upset with the idea of your ISP logging your DNS traffic and selling it to google?

      Because google only gave you a legal document stating they wouldn't record your traffic longer than 48 hrs and would not tie those results with any other google service. You know, a legal document that you can use in court.

      Your ISP has provided no such document, and as you admit to sincerely doubt google would avoid doing what is now illegal, so you must equally doubt your ISP would avoid doing it too, probably more so since your ISP likely has no such legal document.

      Sounds to me the only way you can sleep easy at night would be to switching to google, and letting your doubt rest easy knowing you now have the law on your side, and moving away from your ISP that most likely IS (and if not, could legally do so) what you are so worried of.

    6. Re:Privacy for what? by pwfffff · · Score: 2, Interesting

      I'm astonished at how seriously paranoid you are. There's literally no way Google could EVER prove to you that they weren't 'spying' on you. There are almost infinitely many ways you could prove they WERE spying on you. Now who do you think would provide a guarantee against spying on you, and who do you think would simply omit the issue and do their spying without bringing attention to it? Now, where exactly in your current DNS server's TOS does it say that they don't log data?

  2. Re:I don't really get it. by ShadowRangerRIT · · Score: 2, Interesting

    Why waste the power? A personal use DNS server is a waste; if your ISPs DNS is slow there are always alternatives (I used Verizon's DNS for years when living in an area where Comcast DNS performance was slow). I know DIY is fun, has geek cread and all that, but your local machine will cache frequently accessed sites anyway, and the benefit gained on uncached sites will be seen so infrequently that you're not benefiting.

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
  3. Re:And the worst case scenario? by CannonballHead · · Score: 2, Interesting

    Live Mesh, is pretty cool.. Live Writer is actually quite good, IMO, and produces very clean HTML (at least, in my brief tests with it with Wordpress... a custom install, too, with a custom theme and everything; integrated just fine and was a very good WYSIWYG editor). Skydrive - 25gb for free - isn't too shabby, either. I don't like hotmail, but it has sure been around for a while. Bing is actually pretty nice for some things. Microsoft's birds-eye-view is sometimes very useful, and it looks like they are doing a street view now, too.

  4. Google DNS Benchmarks by bramp · · Score: 2, Interesting

    I ran some tests against Google DNS and some other DNS providers to measure if Google DNS was actually faster than say OpenDNS, or my local ISP. The results showed OpenDNS completely outperformed Google, but Google did do better than two local ISPs. Read my blog entry about this.

  5. Re:I don't really get it. by causality · · Score: 2, Interesting

    Yes, it might be useful for people whose ISP DNS server is slow. That didn't happen to me since my dialup days. Besides, now I simply run my own caching DNS server. It's not hard to set up at all.

    I wonder about this myself. Google is a marketing company so you would generally expect them to always appeal to the widest audience possible. As valuable as DNS service is, it's also not something that average users care about or think about. Most users who are dissatisfied with their DNS performance would say "the Internet is slow today" and not "I am experiencing unusually high latency from my ISP's DNS server". This is just a guess but they seem to be targeting two broad categories of user:

    • Users who are specifically dissatisfied with their current DNS performance. These are users who are knowledgable enough to understand what DNS is and that they can change servers, yet are unable to or reluctant to run their own caching nameserver.
    • Users who currently use OpenDNS, or who use an ISP DNS server that also breaks NXDOMAIN behavior in order to serve advertisements. Google also wants to serve advertisements, of course, but they do it without breaking the DNS protocol. For these users, switching to Google's server would be a way to protest these practices by voting with their feet.

    Personally, I just run my own caching nameserver.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  6. Everyone will have a web presence (if not already) by strangeattraction · · Score: 2, Interesting

    Think about it. Eventually each of us will have our own DNS entry to identify our individual web presence. The things we make available to do business, social networking etc will be identified through DNS. Why wouldn't Google want to be in on this? Just because there is a profit motive doesn't necessarily mean it is nefarious. This will allow them to add value at a fundamental level. I can see a day when Facebook is irrelevant and people create there own ad-hoc social networks through their own web-presence.

  7. % of users that don't use DHCP assigned DNS by HockeyPuck · · Score: 2, Interesting

    What percentage of total users use DNS that is not assigned from their ISP? I would guess a good percentage of the /. crowd uses a DNS that is not assigned via their ISP. But out of the total population of internet users, using non-IPS DNS servers has got to be pretty small.