A Look At the Safety of Google Public DNS

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

And the worst case scenario?

[Monkeedude1212]

It fails miserably, Google revokes it, and we all go back to loving them.

Everyone loves taking a shot at Google, but when they are providing a new FREE service - I can't see it destroying their public image all that much.

Re:And the worst case scenario?

[outZider]

Most of the Live services, especially Hotmail.

Re:And the worst case scenario?

[icebraining]

Don't be a troll. That was not the problem and you know it.

Re:And the worst case scenario?

[CannonballHead]

Everything?

If you're saying that because it runs on Windows (for thick-client apps), you can point the finger at Apple just as much or more, too.

If you're talking about providing software for Windows or online services...

• Hotmail
• SkyDrive
• Live Mesh (pretty cool, actually)
• Live "Spaces" or whatever they are called
• Windows Messenger
• NetMeeting (I think?)
• Microsoft LiveOffice or whatever it is called... Office Live...
• Live Photo Gallery
• MovieMaker
• Live Writer (actually quite cool/useful)
• Live Mail (I've heard this is actually a very good client)
• ...

Some of the above can be seen here. There services can be seen here. Zune is also free (the software, anyways). Media Player is free, I believe, and actually plays back better than iTunes on Windows, I think.

Nope. Nothing free!

Re:And the worst case scenario?

[CannonballHead]

Live Mesh, is pretty cool.. Live Writer is actually quite good, IMO, and produces very clean HTML (at least, in my brief tests with it with Wordpress... a custom install, too, with a custom theme and everything; integrated just fine and was a very good WYSIWYG editor). Skydrive - 25gb for free - isn't too shabby, either. I don't like hotmail, but it has sure been around for a while. Bing is actually pretty nice for some things. Microsoft's birds-eye-view is sometimes very useful, and it looks like they are doing a street view now, too.

Re:And the worst case scenario?

[Monkeedude1212]

Except that no one I knows blasts Hotmail or Live messenger or those services because they do exactly what they aim to do.

Re:And the worst case scenario?

[crispytwo]

who uses Hotmail or Live messenger?

Long live ICQ!

Re:And the worst case scenario?

[eleuthero]

In addition to the Live services listed in other comments, other "Live" services are available: SkyDrive is free, Mesh is free (and works quite well--better than MobileMe and right up there with box.net and with more free space) and then there's office online which will apparently have a free googledoc's-esque system in the future.

Re:And the worst case scenario?

[kdemetter]

Well , the being free part i guess.
Which is correct : it's not because it was free that it was a problem , but that it was completely integrated , giving it a near monopoly position in the browser market.

And in the case of IE , it's so much part of the OS , that you don't get it for free, you pay for it in the price ( the developers of IE don't work for free , they are payed with the money Microsoft gets from the sales ).

Re:And the worst case scenario?

[thetoadwarrior]

Hotmail was only ok before MS owned but now it's bloated ugly and not better for much more than a spam box. Most other live services are just inferior alternatives to something Google has done better and serves as nothin gmore than an attempt to take down Google.

Re:And the worst case scenario?

so's herpes

Privacy for what?

[Dogun]

My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

Re:Privacy for what?

[beefnog]

The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

Re:Privacy for what?

[LOLLinux]

And what strikes me as even more silly is when people use the comeback of "But [insert person, group, company, etc] is (probably) already doing it too!" as if that justifies the actions of someone else.

Re:Privacy for what?

[maxume]

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Re:Privacy for what?

[DragonWriter]

The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP.

Re:Privacy for what?

[beefnog]

I'm not saying that it justifies it in any way. I'm merely pointing out that scapegoating a company that does genuinely good things while ignoring the company that routinely dicks its customers is odd. Plus, if you had read yesterday's article, you would understand that google is purging IP addresses from the records.

Re:Privacy for what?

[octaene]

An excellent point. That's why I think OpenDNS is a better option. They at least appear to give you a choice in the matter. I'm not sure Google's services are equitable. There's a good blog post from the founder of OpenDNS where he critiques Google's service. It's a good read.

http://blog.opendns.com/2009/12/03/opendns-google-dns/

Re:Privacy for what?

[MozeeToby]

And what strikes me as even more silly is that Google has a privacy policy for the service that says all logs are deleted after 48 hours and aren't linked back to other Google services whereas I have no privacy statement at all about DNS from my ISP (since they slipped it in silently about 4 months ago).

Re:Privacy for what?

[sonnejw0]

Except that Google has a lot of other information on us already, too. Cross-referencing data sets provides true statistical power. Our ISPs do not have the same information that we voluntarily give Google. There's regulation against our ISPs stealing the information that gets passed through them. There's no stopping voluntarily giving Google control of our email, calendar, health records, DNS requests, marketing information, voicemail transcripts, blog articles ...

Re:Privacy for what?

[icebraining]

When you use GoogleDNS, you're providing the request to both of them, as your ISP can see your DNS requests anyway.

Re:Privacy for what?

[shentino]

First off, ANY DNS server will be getting your IP address. After all, that's how the hell it knows where to send the fracking reply.

Secondly, logging of IPs is a basic step in holding your clients accountable to make sure you aren't being abused. If some fucktard uses a hole to hack into your system, having a log of where he came from will help nail him.

Google doesn't really have a choice but to have your data. We should judge them based on what they DO with that data.

Re:Privacy for what?

[maxume]

Ya know, if I had an answer to that, I might have phrased my statement a little differently.

I guess the best answer at this point is simply to point out that they haven't done a great deal to suggest that you shouldn't believe them, and on some level, they are regulated by a reasonable government (depending quite a lot on how one chooses to define reasonable).

Re:Privacy for what?

[shentino]

You do realize the inherent conflict of interest in criticism from a competitor right?

Do remember that at least and load up on grains of salt.

Re:Privacy for what?

[markkezner]

For me, the dealbreaker with OpenDNS is that, when you type in a non-existant domain, OpenDNS resolves it to an IP that gives you their custom search page. The standards compliant response would be NXDOMAIN, which is what Google (and some others) provide. This alone was enough to make me switch away from OpenDNS.

Re:Privacy for what?

[natehoy]

I think his article was well-thought-out and well articulated, but I have a few problems with it.

First, he does address Google's claim that Google does not redirect to ad-laden placeholders then cleverly redirects the argument to one of privacy. If OpenDNS is directing me to an ad-laden site if I mistype a URL or enter an invalid one, then I have a bunch of ad servers who now have my IP address and probably know what site I meant to go to. This may be better than giving all of my DNS lookups to a company, but at least with Google I'm giving them all to one company that I know and can decide if I want to trust. With OpenDNS, if I typo a URL, my error is, in effect, being sold to an unknown third party. I think it's somewhat disingenuous to tout privacy then use redirect pages to send users to third-party advertisers who may or may not respect the OpenDNS privacy policy. At least Google is subjecting my DNS lookups, both good and bad, to a consistent privacy policy.

He does, however, make an excellent point about their Dashboard service and the level of control you as an OpenDNS customer have over your experience. Of course, in return for that you do have to sign up for an account to use it, and you get usage logs associated with your account and email address. Their privacy policy on such information appears excellent, but Google promises to anonymize the data as well, so that boils down to a matter of who you trust more. Personally, I'd be inclined to trust both, so it really boils down to what features are most important to you - proper domain handling, or detailed controls over everything BUT proper domain handling?

Re:Privacy for what?

[Brian+Recchia]

Now read chapter 1 of their Terms of Service and see how it takes precedence over EVERYTHING else.

Actually, this is quite the opposite.

1.5 If there is any contradiction between what the Additional Terms say and what the Universal Terms say, then the Additional Terms shall take precedence in relation to that Service.

In the document, "Additional Terms" refers to additional ToS documents and Privacy Policy documents, etc., and "Universal Terms" refers to this. I think this is pretty much the most straightforward legalese I've ever seen, and it very clearly states that if the privacy policy of their DNS solution says they're not going to keep your data more than 48 hours, they are not going to, regardless of what the Universal Terms document states.

Re:Privacy for what?

[markkezner]

That may be true, but their preferences only work if OpenDNS can tell which networks are yours. They detect this when you use your browser to log into the control panel, or if you install client-side software (OpenDNS Updater, which is Win\Mac only). You could do it with DynDNS too, but not everyone uses that.

Anyway I'd rather not go through all that effort, and would prefer the NXDOMAIN behavior to be the default for anonymous requests.

Re:Privacy for what?

[Gerald]

It looks like you can disable this behavior if you have an account. I haven't tested it extensively but it seems to work as advertised.

Re:Privacy for what?

[Pearlswine]

I use OpenDNS at home and it is possible to disable the NXDomain redirect if you setup a free account. http://www.opendns.com/support/article/312

Re:Privacy for what?

[Idiomatick]

Give a single example of a Google ToS changing for the worst.

As I said in the other story, Google stands to gain NOTHING by alienating their whole freaking market for this. Only mega nerds will bother changing their DNS to Google's since only nerds have even heard of DNS. And said nerds will abandon Google DNS in a matter of days if they fuck with the ToS. And the streisand effect would be fucking huge in the group that uses the service.

I think it is a bit more likely that Google is doing this for the data that they SAY they are taking since that alone is valuable. The extra data they'd get by fucking their privacy policy would be minimal, the downside huge.

Re:Privacy for what?

[_Sprocket_]

It might suprise you, but everyone has a contract with their ISP yet there are ISPs that act against their customer's best interest. That "comeback" didn't do squat. So much for accountability.

The point here is history. Show that Google is doing something wrong, and people WILL raise a stink about it. Google gets a lot of milage out of good will and that won't last long if they misstep.

Re:Privacy for what?

[dissy]

My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

So what you are saying is, you are upset at the idea of google logging your dns traffic, yet NOT upset with the idea of your ISP logging your DNS traffic and selling it to google?

Because google only gave you a legal document stating they wouldn't record your traffic longer than 48 hrs and would not tie those results with any other google service. You know, a legal document that you can use in court.

Your ISP has provided no such document, and as you admit to sincerely doubt google would avoid doing what is now illegal, so you must equally doubt your ISP would avoid doing it too, probably more so since your ISP likely has no such legal document.

Sounds to me the only way you can sleep easy at night would be to switching to google, and letting your doubt rest easy knowing you now have the law on your side, and moving away from your ISP that most likely IS (and if not, could legally do so) what you are so worried of.

Re:Privacy for what?

[natehoy]

So you're saying that a clear, readable statement about privacy is more suspicious than total and complete silence on the issue? Or am I missing something? That's not really what you meant, right?

Google feels the need to do this because every time they offer a new service "privacy" is the very first word off everyone's lips. How many times have we all read diatribes against Latitude, Gmail, etc for lack of a clear disclosure of privacy terms before the service even goes beta? And now that Google has released clear, plain English privacy statements about a new service, it's suspicious behavior? Sounds to me like Google is giving the general public what they asked for.

I'd say that if Google is the first ISP or service to have a privacy policy (which they are not, but let's say they are) then this is to be commended, not criticized. Again, they are not. OpenDNS, at least, has a clear policy and it seems to be a good one. And kudos to them for offering it.

I'd rather have a clear cut policy, even if it is subject to change, than total silence where the vendor can do anything they want without telling me. Google has been pretty good about telling me when the privacy policy for specific services changes, and for the most part they have been responses to accusations of what people THINK they MIGHT do with the data, and by and large they've been "no, we don't do that." I don't think I've ever seen them update a privacy policy for the purpose of giving them more rights than they had prior to the change.

If you don't trust Google, fine. They, like any other company or person, certainly could be lying. Fair enough.

I think they've certainly held up well to public scrutiny of their actual privacy practices, overall. They've certainly made some mistakes, but they've also been pretty good about discussing them openly, correcting them when their user base decides that a particular practice is unacceptable, and (like Microsoft with security) seem to be taking privacy extremely seriously.

Of course, Google also does not provide any core services. Email (Gmail), IM (GoogleTalk), DNS, search, mapping, collaboration (Wave), news aggregation (Google News) - every one of these services is available elsewhere. Just make sure you look at the privacy policies of your chosen vendor, and please consider that a lack of a written policy is generally not a good sign.

Re:Privacy for what?

[pwfffff]

If you're just going to be a paranoid fuck and ignore all discussion in favor of your prejudices then why even waste your time coming to this site? Obviously nobody's going to change your mind without buying you a fucking plane ticket to Google's data center so you can read the code yourself, and you're certainly not going to convince anyone of anything by making trite, sarcastic, baseless remarks. Even if someone were to take your point to heart, it still wouldn't prove what you're obviously trying to imply: that they're lying THIS time.

Way to post as AC too, ensuring that nobody will ever be able to communicate back to you just how fucking USELESS you are.

Re:Privacy for what?

[pwfffff]

I'm astonished at how seriously paranoid you are. There's literally no way Google could EVER prove to you that they weren't 'spying' on you. There are almost infinitely many ways you could prove they WERE spying on you. Now who do you think would provide a guarantee against spying on you, and who do you think would simply omit the issue and do their spying without bringing attention to it? Now, where exactly in your current DNS server's TOS does it say that they don't log data?

I don't really get it.

[Corporate+Troll]

Yes, it might be useful for people whose ISP DNS server is slow. That didn't happen to me since my dialup days. Besides, now I simply run my own caching DNS server. It's not hard to set up at all.

Re:I don't really get it.

[ShadowRangerRIT]

Why waste the power? A personal use DNS server is a waste; if your ISPs DNS is slow there are always alternatives (I used Verizon's DNS for years when living in an area where Comcast DNS performance was slow). I know DIY is fun, has geek cread and all that, but your local machine will cache frequently accessed sites anyway, and the benefit gained on uncached sites will be seen so infrequently that you're not benefiting.

Re:I don't really get it.

[Jellybob]

This also helps in situations where your ISP is highjacking responses stating that a domain doesn't exist, and rerouting them to a search engine.

It's all very well having that happen for HTTP requests, but it can cause havoc with things like e-mail.

Re:I don't really get it.

[causality]

Yes, it might be useful for people whose ISP DNS server is slow. That didn't happen to me since my dialup days. Besides, now I simply run my own caching DNS server. It's not hard to set up at all.

I wonder about this myself. Google is a marketing company so you would generally expect them to always appeal to the widest audience possible. As valuable as DNS service is, it's also not something that average users care about or think about. Most users who are dissatisfied with their DNS performance would say "the Internet is slow today" and not "I am experiencing unusually high latency from my ISP's DNS server". This is just a guess but they seem to be targeting two broad categories of user:

• Users who are specifically dissatisfied with their current DNS performance. These are users who are knowledgable enough to understand what DNS is and that they can change servers, yet are unable to or reluctant to run their own caching nameserver.
• Users who currently use OpenDNS, or who use an ISP DNS server that also breaks NXDOMAIN behavior in order to serve advertisements. Google also wants to serve advertisements, of course, but they do it without breaking the DNS protocol. For these users, switching to Google's server would be a way to protest these practices by voting with their feet.

Personally, I just run my own caching nameserver.

Yeah, sure, give them even more information

[cheros]

I find it amazing that nobody seems to notice that adding an ECHELON and a DCS1000 feed to Google is making it like the NSA, but where people actually VOLUNTEER data. In addition, it's Terms of Service give it more legal freedom to use and abuse your information and intellectual property than even the US border control can with accessing laptops of people entering the country.

It appears 8+ years of indoctrination is paying off big time - nobody appears to remember that privacy is a basic right. All it takes is some BS about "not being evil" for people to miss the shocking depth to which they can access all your personal data. Even the stuff they don't hold themselves will come up through the search engine. By matching up DNS records they will be able to add your entire Internet activity to your identity.

That's going to be fun when you catch some sort of virus downloading porn - and the next time you apply for a job..

Re:Yeah, sure, give them even more information

[bigstrat2003]

There's a very big difference between "government forcibly taking data from me" and "voluntarily giving up data to Google in exchange for services".

Furthermore, I simply don't care and never have. You, along with others who raise concerns about privacy interests, miss that very basic possibility. Most people just don't give a damn.

Google DNS Benchmarks

[bramp]

I ran some tests against Google DNS and some other DNS providers to measure if Google DNS was actually faster than say OpenDNS, or my local ISP. The results showed OpenDNS completely outperformed Google, but Google did do better than two local ISPs. Read my blog entry about this.

Limited privacy problem for cached routers

[cenc]

So I am giving Google DNS a try on my networks.

I do not see the privacy issues, as they are very limited if you are using a cache on your router with Google as the DNS server. Google gets to see one lookup, and then my home router (with dnsmaque) serves any repeat visits for me or the other computers on my network. For the majority of the sites I visit on a regular basis, my router provides the DNS.

I would suspect that a majority of people using home routers have some sort of cache now in the firmware that does similar work, in their OS, or their browser. It is not like Google is able to see me hit their DNS (although I am sure that is true for some users), every time I want to visit a site again. It is of little value, other than in the most general sense of determining what sites are popular.

Re:Jenny

[bunratty]

Google, Google, who can I turn to? 8.67.53.09

Everyone will have a web presence (if not already)

[strangeattraction]

Think about it. Eventually each of us will have our own DNS entry to identify our individual web presence. The things we make available to do business, social networking etc will be identified through DNS. Why wouldn't Google want to be in on this? Just because there is a profit motive doesn't necessarily mean it is nefarious. This will allow them to add value at a fundamental level. I can see a day when Facebook is irrelevant and people create there own ad-hoc social networks through their own web-presence.

Already banned in China

[dUN82]

Reports from my friend inside the GFW, both DNS servers already banned by the Chinese government...wth...and openDNS stayed untouched for like ever...

% of users that don't use DHCP assigned DNS

[HockeyPuck]

What percentage of total users use DNS that is not assigned from their ISP? I would guess a good percentage of the /. crowd uses a DNS that is not assigned via their ISP. But out of the total population of internet users, using non-IPS DNS servers has got to be pretty small.

"Small range of ports"? Really?

[maXXwell]

"In his view, it looks like the source ports are sufficiently random,
even though they are limited to a small range of ports."

The distribution graph appears to show Google resolver using random ports
between 32768 and 65535. While that's only half the ports available,
it's misleading to characterize it as "a small range of ports".