Slashdot Mirror


A Look At the Safety of Google Public DNS

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

3 of 213 comments (clear)

  1. Re:Privacy for what? by DragonWriter · · Score: 5, Interesting

    The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

    The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP.

  2. Re:Privacy for what? by octaene · · Score: 3, Interesting

    An excellent point. That's why I think OpenDNS is a better option. They at least appear to give you a choice in the matter. I'm not sure Google's services are equitable. There's a good blog post from the founder of OpenDNS where he critiques Google's service. It's a good read.

    http://blog.opendns.com/2009/12/03/opendns-google-dns/

  3. Re:Privacy for what? by dissy · · Score: 3, Interesting

    My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

    I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

    So what you are saying is, you are upset at the idea of google logging your dns traffic, yet NOT upset with the idea of your ISP logging your DNS traffic and selling it to google?

    Because google only gave you a legal document stating they wouldn't record your traffic longer than 48 hrs and would not tie those results with any other google service. You know, a legal document that you can use in court.

    Your ISP has provided no such document, and as you admit to sincerely doubt google would avoid doing what is now illegal, so you must equally doubt your ISP would avoid doing it too, probably more so since your ISP likely has no such legal document.

    Sounds to me the only way you can sleep easy at night would be to switching to google, and letting your doubt rest easy knowing you now have the law on your side, and moving away from your ISP that most likely IS (and if not, could legally do so) what you are so worried of.