How Does the New Google DNS Perform?

Tarinth writes "Google just announced its new Google DNS platform. Many have viewed this as a move to increase ad revenue, or maybe capture more data. This article explores those questions, as well as the actual benchmarking results for Google DNS — showing that it is faster than many, but not nearly as fast as many others." We also recently discussed security implications of the Google Public DNS.

Pointless hype

[suso]

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people
wouldn't care about DNS normally, but since its Google it must be something to get excited about. I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Re:Pointless hype

[drinkypoo]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

You trust your ISP? I sure don't. Perhaps I am asking for abuse, but I trust Google far more. On the other hand, I trust my hosting provider to provide sufficient DNS; but if I were hosting my application on a cloud somewhere, I'd want some cloud-based DNS; if I were hosting my application with Google, then Google would be the logical host for my name service. I'd probably want to use them as my registrar as well. :p

Google has the best uptime and the most distributed architecture of any single computer system, unless you consider the internet to be a single entity; it has slightly better reach overall.

I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Google is distributed. Is there any reason using one IP is unworkable?

Re:Pointless hype

[jhoegl]

I got money on the fact that this DNS server will be a part of their Android and Chrome OS services. You know, a default setting.

Re:Pointless hype

[thisnamestoolong]

I don't trust my ISP -- I use them because I have no other option where I live.

Re:Pointless hype

[Krneki]

I use OpenDNS because in my country they dared to censor the Internet twice using DNS.
Once it was for bwin.com and another time it was a leaked political document (both for 1 week). No, I don't bet, but I do not tolerate this political bulling.

Google DNS could be useful if they don't implement any censorship, considering how much hate P2P sites gets from corporations we will see if they manage to stay neutral.

Re:Pointless hype

[omnichad]

They have two IP's - 8.8.4.4. So even if one IP fails to route to any anycast destination at all, they still have a backup.

Re:Pointless hype

[Akido37]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Personally, I'm sick of DNS lookups resulting in a page of ads.

Re:Pointless hype

[suso]

Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.

Re:Pointless hype

[i.r.id10t]

How about if I *know* my ISP sends out a search domain page instead of a NXDOMAIN response?

Re:Pointless hype

[Monkeedude1212]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

If the option were to trust my ISP or to go without Internet, I suppose I would have to "Trust" my ISP.

If the option were to Trust Google or Trust my ISP, I'd probably "Trust" Google.

Aside from the one time I saw a Google car doing streetview - Google has stayed out of my physical realm. And they can harness all the data they want from me, I don't really care. My ISP on the other hand, knows my home address with postal code, and continuously mails me information on how much of my money I owe them each month.

I would much rather trust someone who has no interest in me than trust someone who has interest in me only for their own profit.

Re:Pointless hype

Fair enough -- you don't trust your ISP.

How does using google's DNS help you? You really think your ISP isn't logging your DNS traffic regardless of if you're using their DNS servers or not? A simple tcpdump udp port 53 on a passive tap is enough for them to collect your DNS traffic no matter what you do unless you use TOR or a vpn.

So, now google *and* your ISP have logs of what you've been looking up. How are you better off?

Oh -- and if you really don't trust your ISP, how are you to be sure that they aren't redirecting your port 53 traffic to their DNS servers *anyway*? Comcast -- I'm looking at you... Why is it that 5% of responses that *should* be an NXDOMAIN from a root server instead are an A record to some site that happens to be running a web server?

Re:Pointless hype

[omnichad]

Nobody's shutting down the root servers. Google still queries them and domain nameservers. This replaces your ISP's DNS. And no, I don't trust them either.

Re:Pointless hype

[Idiomatick]

That is actually an interesting point. Before I didn't think the DNS could be used for evil based on the idea that only informed nerds would ever use it. But, if it were used in android/chrome it COULD be used for evil more easily. Doesn't really make Google guilty just because something could be misused but still, something to watch for.

Also, parent topic is not offtopic.

Re:Pointless hype

[omnichad]

Maybe, like me, GP simply doesn't trust their ISP to be reliable.

Re:Pointless hype

[Idiomatick]

The goal is to stay a step ahead of government. It might take them 5~10years to figure that one out.

Re:Pointless hype

[QuantumRiff]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

I trust my ISP very much. However, I don't trust all the local Coffee shops, small businesses, hotels, airpots, etc to be secure, and not route me through proxies and man in the middle attacks.

This is a great thing for the mobile traveler.

Re:Pointless hype

[Captain+Splendid]

Then you are a fool.

He's a fool because he's stuck between a rock and a hard place? Have a little sympathy. Not even every Slashdotter can (or wants to) set up their own DNS server, so services like Google or OpenDNS are a boon when your ISP censors or even just plain sucks (like mine).

Re:Pointless hype

[bsDaemon]

and one of the world's largest advertising companies, masquerading as a technology company (though only as a vehicle for their advertising) isn't EVER going to start throwing up link farms or ads in response to NX queries? You, sir, have more faith than the pope.

Re:Pointless hype

[riegel]

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists.

Your confused, Slashdot is News for Nerds, not for the other 95%.

Re:Pointless hype

[suso]

I did say I sympathize with him. My wife is from Uzbekistan and I have some friends from other countries and who visit other countries, I know its hard. I'm not calling him specifically a fool, but I'm using strong wording because I'm hoping that people will read my warning so that they will understand that Google DNS is not a solution for security and privacy.

Re:Pointless hype

[ls+-la]

I won't be switching DNS servers until/unless I notice a problem with my ISP's, but if I do need to switch, or even just test my internet configuration, I'll probably use Google's servers because they have addresses I can memorize: 8.8.8.8 and 8.8.4.4.

Re:Pointless hype

[webmastir]

Level3's still is much better, IMO

Re:Pointless hype

They aren't now. Their policy says they won't, but that can change. My current ISP does, and OpenDNS (at least by default) also does weird things with nxdomain. IF Google ever messes this up, I'll switch away from them, just like I'm switching away from the people who CURRENTLY mess it up. There's no contract being signed here saying I'll take whatever Google gives me 1, 2, 10 years from now. This is LESS lockin than essentially ANY other service they provide, and for most of those they have their DLF anyway.

So yes. I trust Google enough to switch to them, and if they abuse that trust, I'll switch away and join the group of people who hurl insults at them. They haven't done anything yet to make me think they will in the future.

Re:Pointless hype

[Bigjeff5]

Do you realise how difficult that would be? Color me stupid, but how many countries have a single ISP with that kind of control over what goes in and out of the country?

I honestly don't think most countries could pull it off. Look at China - they DO have 100% governmental control over their ISPs and they can't manage it, the have to threaten companies like Google to make this stuff happen.

And do you realise the hardware it would take to start sniffing the packets of the largest search provider in the world? Furthermore, Google has server farms in every country in the world - no doubt when they implimented DNS they put replication points at each of these sites, or at the very least manually routed them through.

And even if they did none of that, unless you have the wherewithall to kick Google out of the country (which would make your actions very public), Google is not the company with whome to fuck over something as trivial as DNS, particularly when they can count on the public crying foul when it goes public. "We tried to block your access to information, but Google stopped us." doesn't really go over to well in a free society.

Re:Pointless hype

[sexconker]

Google has the best uptime and the most distributed architecture of any single computer system, unless you consider the internet to be a single entity; it has slightly better reach overall.

No it fucking doesn't you fucking moron.

Oh this is slashdot. I meant "Citation needed.".

Re:Pointless hype

[TheLink]

> and not route me through proxies and man in the middle attacks.

How would using Google's DNS help?

If your problem is man in the middle attacks, you'd have to use a VPN to a trusted network before you can trust DNS and other insecure protocols.

See also:

http://code.google.com/speed/public-dns/faq.html#dnssec

Does Google Public DNS support the DNSSEC protocol?
At this time, Google Public DNS does not validate DNSSEC responses. We will continue to work on improving Google Public DNS.

Re:Pointless hype

[suso]

And in general people have less options because they settle for crap instead complaining, organizing boycotts on monopolies or taking their money someplace else. I am sorry that you have no other choice for good internet access, that sucks.

Re:Pointless hype

[sexconker]

He's a fool because, faced with internet censorship in his country, he decides OpenDNS will protect him.

Re:Pointless hype

[camcorder]

You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries. Since you have a contract that means that's a card in your hand which you can use in case of violation. However with Google, you have nothing. All the contracts you have with google is the legal aggreements to use their services in return of losing your privacy at all.

To summarize, your option to trust google is just useless since it doesn't matter if you trust them or not.

Re:Pointless hype

[dacullen]

OTOH Google has demonstrated a willingness to filter/block content for some countries. If its in their commercial interest would they blackhole sonme sights?

Re:Pointless hype

If your ISP is like mine, they break basic DNS functionality. Instead of a correct could not find error, they serve up a page of badvertising. If you opt out of that, they serve up a page that says that it could not find, not returning the real error. If you have your iPhone connected to your home wifi, and you attempt to use the google app on your phone, it breaks the search results page...

ALL of these annoyances are fixed with gDNS.

Re:Pointless hype

[natehoy]

There's also 4.2.2.2, 4.2.2.3, and 4.2.2.4, all owned by Level3 Communications.

You can't get much more authoritative than that, though they aren't the fastest DNS servers by far.

Re:Pointless hype

[omnichad]

I agree, but I switched anyway, just because Level3's aren't explicitly public. They plan to start locking down their DNS. I'd rather set it and forget it now. I can live with 20ms extra delay. It's still faster than my ISP.

Re:Pointless hype

[suso]

Over the past week I've seen people who probably don't even know what DNS is an acronym for talk about it on blogs, twitter, and other less techie places and a few have even mentioned it to me in conversations. This is what googlehype does.

Re:Pointless hype

His citation is Google. You can google Google and find out if what he's saying is true.
You haven't even offered the name of a counter-example, so I will call your counter-example "Nothing".

Even assuming your citeless "no it isn't!" is true, all we learn from it is that Nothing is more distributed than Google.

Re:Pointless hype

I doubt really that any significant number of people will switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost.

I bet that chrome will start using it (or maybe they will give users a checkbox during the install). maybe google will start packaging a dns cache server for windows clients to use locally?

That its distributed.

That's not a primary goal of dns.

I'd like to bet that the performance will get better, as they tweak their initial release. Until then, I'm leaving them as my 3rd dns option. Behind level3 (4.2.2.2 - 4.2.2.4) and internet2.

Re:Pointless hype

[Bigjeff5]

one of the world's largest advertising companies, masquerading as a technology company

You realize that one does not exclude the other, right? In fact, they build on each other. The reason Google is such a successful advertising company is BECAUSE it is such a great technology company. Furthermore, as the advertising aspect of their company brings in money, they can funnel that back into the technology they make, which can then increase their advertising revenues.

Google makes the best internet search product on the planet. Period. Nobody, even a software giant like Microsoft or an search giant like Yahoo can even touch them. They accomplished this feat when they were still operating out of their BASEMENT!! To say they are not a technology company is to be a blind fool. Do you even remember what the internet was like before Google? I do, it sucked. I used use a service called Search Hound, which would search about 40 different search engines for your search query - this was essential because you could never find anything without hitting up 2, 3, even 5 or 6 search engines just to get what you were looking for. What did Google do? They invented a better search algorithm and page ranking system, and instead of selling top search slots (like every other search engine before it), the sold unobtrusive add space around real, legitimate search results. A thousand times better, and free to the user to boot.

Fast forward to today, and what is google doing? They are developing new technologies and giving them away for free so they can gain more mind-share for the sole purpose of making sure people use their search engine. This increases their value to advertisers, and Google makes more money. Seriously, Android? Chrome? Chrome is frickin awesome, as soon as I tried it I ditched FF for good, and I'm seriously looking into getting an Android phone. Why are there so many phones running on Android already? Because Google gives it away. You can go download it right now if you want to. And, because it's Google and they are one of the top technology companies in the world, it also happens to be as good or better than any phone/small device OS out there.

Since Google's business model is to give customers exactly what they want for free in order to draw more customers for advertisers, and because most people I know HATE getting a dumbass search page instead of just saying the link is not found, no I don't expect Google will ever start throwing up link farms or ads in response to NX queries.

How stupid do you think Google is to break the trust that has made them BILLIONS over a few extra searches? They have shown themselves to be much, much smarter than that, and I trust them far more than I trust my own ISP, since my ISP already inserts a dumbass search in place of the "page not found".

Google did put such a thing in Chrome, but it simply says the page was not found and auto-fills a search box for you. It can also be turned off. I don't find it usefull, but I dont' find it intrusive either, unlike my ISP's auto-search. Google knows what their users want, and they know that their customers are the Advertisers, not the searchers - their goal is to lure as many searchers as possible to their advertisers. The best way to do that, as Google has shown time and time again, is to give your users something they will like and use, and generally find to be far and away the best version of whatever it may be on the market, and to give it away for free.

Re:Pointless hype

[ProfanityHead]

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people
wouldn't care about DNS normally, but since its Google it must be something to get excited about. I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

No, I can't trust my ISP's DNS servers and I know this from experience. Unfortunately, in my area, there are no alternatives.

Now what?

Re:Pointless hype

[TheRaven64]

I've been to Google and found it down for a few minutes at least twice and there are numerous instances where gmail has been unavailable. Most financial systems would suffer insane losses if they had the kind of downtime that Google users won't even notice. If Google goes down for a few seconds, you hit refresh and blame your ISP. If, for example, the telephone company's accounting system goes down for a few seconds then they lose hundreds of thousands of dollars.

Re:Pointless hype

[suso]

I'm sorry but your comment is not insightful, its ignorant of reality. There are many countries that control the ISPs in their country. Not every place is a democracy. And not all democracies are as free as things are here. Internet access is slower in many other countries and people there probably wouldn't notice if their access was a bit slower because of some kind of DNS filter.

Remember, there are over 200 countries and not all of them have as fast of access as the handful that do.

Re:Pointless hype

[TheRaven64]

Spoofing DNS is trivial. It's connectionless, and you don't even need to block the reply, you just need to respond faster than the other party and the client will, in most cases, ignore the second reply. Any last-mile provider can do it with very little infrastructure investment (it's a trivial routing rule to redirect any UDP packets on the DNS ports to a government server, it doesn't need deep packet inspection). If a government asks them to then it's much cheaper to comply than to fight it.

Re:Pointless hype

[LWATCDR]

Why do you trust your ISP less than Google?

A better question would be why is Google offering this service? What does it have to gain by doing it.
Most users will never switch to Google's DNS they get their DNS through DHCP and never worry about it.
My guess is that Google is hoping that ISPs and big companies will start to use Google's DNS. Hey why bother maintaining a DNS if you don't have too.
You are still left with what does Google gain.
Well without going into the land of evil I can think of a few things.
1. Data. Google can see just how many hits each site really gets for the entire Internet. This should give Google some great metrics.
2. Good will with the ISPs. With the stupid "Google is getting a free ride crap" this is a way that Google can "give" back to the ISPs.
3 Well if Google is running the DNS it is a little harder for the DNS to used to block Google sites.

Under the evil list the mind goes nuts with privacy abuses and redirects but I will let others go there.

Re:Pointless hype

[drinkypoo]

That's the one! I was already using a third-party DNS by their advice, and now I am using Google's. So far, so good.

Re:Pointless hype

[TheRaven64]

The problem is not that you have to trust Google or trust the connection provider, it's that you have to trust the connection provider or trust Google and the connection provider. If you connect from a hotspot then anyone on the local network segment can pretty trivially spoof DNS responses unless you are using DNSSEC, and if you (and the infrastructure) are using DNSSEC then the ISP can't tamper with the responses anyway so you don't need to trust them.

Re:Pointless hype

[riegel]

Ahh, Your comment makes more sense now.

and... DNS is "stuff that matters".

Re:Pointless hype

[David+Jao]

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people wouldn't care about DNS normally, but since its Google it must be something to get excited about.

I'm not normally a fan of Google, but if they spark some sort of increased public awareness on the issue of DNS, that can only be a good thing. DNS receives far too little public attention relative to its importance.

I doubt really that any significant number of people will switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

DNS stopped being distributed when people started abusing domain name registration. The resulting collapse of DNS into, effectively, a single level hierarchy meant that the original design goals (including the goal of distributed lookups) were already unachievable long ago. This is not really Google's fault.

IP anycast to Google's DNS servers is not any worse than the situation that exists today with respect to our reliance on the root name servers.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

This is a good question, for which there are two legitimate responses. One is that, in practice, it is often impossible to change ISPs (there may be only one broadband provider in an area). In such cases, using a third party DNS, especially one that defaults to accurate responses (unlike OpenDNS), is often the least bad option out of all the (worse) alternatives. The second point is that there are cryptographic protocols like ssh and SSL which guarantee (or, in the case of SSL, are supposed to guarantee) session integrity, regardless of ISP interference. So, for most important tasks, you don't need a high level of trust in your ISP. For DNS, however, there is no cryptographic protocol to guarantee integrity (DNSSEC doesn't count). It is thus perfectly logical to trust an ISP for ssh/SSL but not for DNS.

Real geeks won't bother with third party DNS; they'll just set up their own recursive nameserver. But for less technically savvy internet users, Google DNS does fulfill a need that was being left unserved. The old Level3 servers at 4.2.2.* fill this role as well, but they were never (to my knowledge) advertised for public use.

Re:Pointless hype

[mzs]

Google is using anycast for their DNS servers. There are not just two machines at 8.8.8.8 and 8.8.4.4 as the sole DNS servers. You get a relatively close-by server. This is a tried and true technique for DNS. In fact there is a technical feature about the google approach that is neat. It is likely that google is using many of the same servers it is for search for the DNS servers as well. They are running the caching DNS at each facility, such that if one server at the facility gets a record, then any other DNS server at that facility uses that response. That is one cool way to limit the delays for someone else making a DNS request. I've not seen that mentioned much before, and that is neat. I wish slashdot comments about stories that are trying to be technical would have technical comments on them near the beginning, instead of rehashing of all this privacy stuff, for a third or fourth story.

Another approach that was mentioned a lot before is that after the DNS server provides a response, the server checks to see if time is running-out regarding the TTL. If it is and has not expired yet, it asks again and pretends that the TTL counter has begun again. This again is trying to limit a DNS delay for some poor schmuck.

Another technical detail I have not seen mentioned much is that google DNS servers are returning largely authoritive answers only, often in cases where other DNS servers do not. For example, look-up a private IPv4 such as 192.168.1.1 with google's servers and some others. Others typically return non-authoritive responses, say to RFC1918.private.net. There is a lot of subtly misconfigured software-out there, hopefully this will bring it to the fore front about dealing with non-authoritive answers more carefully.

As to regarding the performance of google DNS, from a few locations for me, seems very fast. Is faster (much) than AT&T, bit slower than comcast, bit slower than work, comparison with OpenDNS is in the noise. What is more important is that they treat all records correctly, so for example kx509 _kca._udp.REALM style SRV records are handled unlike the DNS servers from some ISPs which seem to think that DNS is only for A records.

Another interesting feature is that google DNS is playing tricks with case in DNS queries and replies as yet another stop-gap-measure against DNS cache poisoning attacks. That's clever, I believe it was proposed before, but bind folks presented some issues and left it at that.

Re:Pointless hype

[Steeltoe]

Odds of this happening, zero. I think Google would face a lot of criticism if they made it that easy to dodge ISP tracking of their users.

DNS over encrypted channel? Would require some client-side changes on the OS / gateway level.

Google would get praise from me if they did something like that. DNS is far too insecure and open these days. UDP should be used for games, not for something you need to rely on.

Re:Pointless hype

[sydneyfong]

If they started doing that, what's to stop you from changing your DNS provider to whatever you were using before?

What if slashdot becomes goatse? OMG block it quick!

Re:Pointless hype

[Monkeedude1212]

It's also illegal to commit murder, sell sex slaves, and to pillage and rape and all that jazz. That doesn't mean it doesn't happen.

Being Legally binded to something means nothing if there is no one there to Enforce it, and even if there IS someone assigned to enforce it, I have no guarantee that they will do their job, or do it properly, or won't be corrupted by those in power.

My Privacy is essentially limited to what I put on the internet - if I never put my SSN, Credit card info, or DOB on the internet, I am not in risk of that information being used to personally Identify me, or to be used without my permission. Heck, if I never put my real name I'm pretty much Scott Free.

But guess what - my ISP already has my name, my address, my phone number, and it's all tied into a number that THEY gave me. I'm instantly searchable in their database. They've probably tied an IP to the Mac address on the gateway they sent me. Everything I use through my ISP can be instantly traced back to ME.

Now, knowing that my ISP is legally obligated to protect my information, but will essentially have MORE information, or knowing that Google has NO obligation to protect my information, but will be limitted to what I give them - which do you think I'll choose?

Re:Pointless hype

[nacturation]

If, for example, the telephone company's accounting system goes down for a few seconds then they lose hundreds of thousands of dollars.

There are 31,556,926 seconds in a year. At a hundred thousand dollars a second, your telephone company makes $3,155,692,600,000 a year from time-metered services?

Re:Pointless hype

[amicusNYCL]

The Level3 servers are actually at 4.2.2.1 through 4.2.2.6, not just those three.

Re:Pointless hype

[Zerth]

I ssh tunnel all my traffic to a rented box as it is, so I've got that already.

Now if you only wanted your DNS done, and didn't have a secure relay, then that'd require some changes on Google's end, but isn't anything particularly weird on the client end.

Re:Pointless hype

[nacturation]

I thought the GP was referring to whois lookups returning a page of ads. A DNS lookup doesn't return a page of ads, it returns an IP address.

Re:Pointless hype

all your traffic ... except UDP. Better luck next time, loser.

Re:Pointless hype

[mcrbids]

On the other hand, I trust my hosting provider to provide sufficient DNS; but if I were hosting my application on a cloud somewhere, I'd want some cloud-based DNS;

Could you give me an example of an "Internet-based DNS" that isn't also "cloud-based"? The definition of "in the cloud" IS "on the Internet". Your arbitrary distinction simply makes no sense at all. You are asking for DNS with a "distributed architecture" but DNS itself IS a distributed architecture!

I hate to sound trollish, but your over-eager Google fanboyism betrays your underlying non-comprehension of the issues involved! DNS is a distributed architecture, and all that's necessary for you to provide extremely high availability is to provide two (or more) DNS servers at different locations. This eliminates the "single point of failure" and with each location providing better than 99.95% uptime, the odds of both going down at the same moment is measured in hundreds of years. When you consider DNS caching, due to its distributed architecture, (there's that word again) if your hosted DNS were actually completely down for an hour or so, that few of your customers would even notice, that makes the problem even that much more tractable.

PS: "Cloud-based" IS "Internet-based". Please don't treat "the cloud" as if it were different. "The cloud" only has relevance in sales meetings - it's otherwise just Internet-based computing! See what Larry Ellison has to say about this!

Re:Pointless hype

[David+Jao]

Your examples of DNS hijacking are legitimate but extreme. There is a large middle ground of ISP behavior where using third party DNS is beneficial. In addition, if widespread adoption of Google DNS leads to increasingly extreme DNS hijacking on the part of ISPs, at least we'll have some concrete evidence of ISP misbehavior to cite in net neutrality debates and the like. (ISPs can hijack DNS, but they can't do so in secret.)

Re:Pointless hype

[VGPowerlord]

I hate to say it, but this is an inverse ad hominem.

I suggest that Google will eventually redirect NX queries, because it follows their pattern of adding advertising to their previously ad-free products. I submit Google Maps and Google Earth as examples.

Re:Pointless hype

[bsDaemon]

Maybe I should turn in my geek card, but I'm just not really interested in most of the new stuff coming out of Google. I'm happy with my Blackberry on Verizon (they don't really lock down the BB devices, so I don't need Google Voice, or Android). I run my own mail servers, so I don't need to use Google Mail anymore.

I've taken a poke at Chrome, but I really wasn't that impressed with it. I don't have any interest at all in ChromeOS, either.

Most of my criticisms against Google could be levied at any other "cloud" type service provider, and that is lack of any real control. But the fact that it is obvious Google indexes your emails and then inserts targeted ads based on the context of personal communications is just disturbing to me.

Re:Pointless hype

[theantipop]

Is it legal for your ISP to simply dump this information bound for another server into a log and keep it?

Re:Pointless hype

You don't need a single ISP. ISPs peer at Internet exchange points. In almost all countries all traffic in and out of the country flows through two or three physical buildings. Some have just one.
http://en.wikipedia.org/wiki/List_of_Internet_exchange_points

Re:Pointless hype

[Jasonv]

I use OpenDNS because in my country they dared to censor the Internet twice using DNS.

Google DNS could be useful if they don't implement any censorship, considering how much hate P2P sites gets from corporations we will see if they manage to stay neutral.

As a non-American, I may trust Google's ethics, but unfortunately, I don't trusts America's. I don't want my personal data subject to American DMCA, wiretapping, or other laws any more than I have to. Fortunately my country hasn't gone that route... yet. I'll stick to my ISPs DNS and my local privacy laws.

Re:Pointless hype

[Dog-Cow]

You mean "if no one puts up...". It's rather naive to think that this information is not available just because YOU never posted it.

Re:Pointless hype

[flex941]

maybe he tunnels openvpn over ssh. therefore udp included and he is a winner. or maybe not ...

Re:Pointless hype

[dzfoo]

>> They aren't now. Their policy says they won't,

Read it again. It says that the will not mine the log files of their DNS service and correlate that with their other data. That's all it says they won't do. It says nothing about sampling traffic en route, or grabbing it outright with an intermediate proxy, or any of a hundred other ways they could access this (pressumably valuable) information.

          -dZ.

Re:Pointless hype

[suomynonAyletamitlU]

I pretty much thought the same thing; the only thing I can think is that a cloud-based solution would work the same no matter where you were, where if you depend on your ISP but take your laptop to a coffee shop wireless kiosk, it's not the same service.

To that and only that degree the term might have any application here, AFAIK.

Re:Pointless hype

It's illegal to pillage and rape? Oh, damnit.

Re:Pointless hype

[shentino]

I recently had to deal with a firewall that just flat out BLOCKS outbound DNS. You HAVE to use the network's DNS, which of course is site-filter enforcing.

Mandatory censorship.

Re:Pointless hype

[horza]

He's not a fool because, faced with internet censorship in his country, he decides to use OpenDNS that works for him now. At least he is doing something. When it fails, then he can turn his ingenuity to finding the latest innovation for privacy protection that does work. sexconker does not appear to appreciate the cat-and-mouse game that those that live in oppressive regimes have to play.

Phillip.

Re:Pointless hype

[drinkypoo]

Could you give me an example of an "Internet-based DNS" that isn't also "cloud-based"?

DNS servers are just DNS servers. There's a pool of them that handle requests to a given server. If google Public DNS is implemented like other Google services, your queries will be handled by whichever google node is nearby, idle, and knows the address you're requesting. This seems robust than the way even the existing root servers are implemented. Google has more sites than almost anyone else non-government (there are a few notable exceptions, but none of them have an architecture like google's) and is continually opening more.

Re:Pointless hype

[dzfoo]

No, he actually meant a DNS server that, when asked about a non-existant domain, instead of returning an error, returns an IP address to a host running a web server hosting ads.

        -dZ.

Re:Pointless hype

[Bengie]

My ISP hijacks invalid DNS requests and forwards to their own version of yahoo search.

Since Chrome/etc let you type anything you want in your address bar and will just "google" search any invalid entries, this get's broken when the DNS returns "valid".

Re:Pointless hype

[Krneki]

Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.

If and when this happens, I'll Google for a solution. I didn't implement OpenDNS before I was hit by the censure.

Like they say: trick me once, shame on you, trick me twice, shame on me.

Re:Pointless hype

[rgigger]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Do you mean, trust as in trust to not do shady things like violate my privacy or trust as in trust them to be competent when setting up their DNS servers?

I don't really trust any ISP to not be shady. But since I want to have the internet I haven't got much choice. I don't know if comcast or our local municipal fiber provider is better in this regard but I know which one is a lot faster.

I also know that sometimes the line just goes down for like 10 minutes with no explanation. And sometimes their DNS servers crap out for like 10 minutes. I can't do much about the line itself going down. But by switching to google DNS I can avoid issues with my ISPs DNS not working.

For me it's pretty much that simple.

Re:Pointless hype

[shentino]

Well if the ISP can't tamper with it then they may as well block outbound DNS and FORCE you to use their own servers.

I found out because I had installed BIND and was using that...and it did not work.

Re:Pointless hype

[jimicus]

I thought the GP was referring to whois lookups returning a page of ads. A DNS lookup doesn't return a page of ads, it returns an IP address.

And a whois lookup sure doesn't return a page either, unless you're using a web-based search.

However, there are dozens of examples of DNS services providing an IP address where they should instead provide an error - and that IP address is a website which is there for the express purpose of advertising.

Re:Pointless hype

[drinkypoo]

?DNS over encrypted channel? Would require some client-side changes on the OS / gateway level.

False. It's called IPSEC and it's been around for quite some time now. Windows NT from Windows 2000 on provides administration tools to all users; there's a couple implementations for Linux but setup is generally not that torturous these days. It would require some configuration changes, but that's it; DNS will work just fine over IPSEC, as will pretty much everything else, which is what separates it from more or less all the other options. Of course, your ISP has to pass AH and ESP for you to get all the functionality... So it wouldn't work for everyone.

Re:Pointless hype

[natehoy]

Sorry, good point. I forgot about 1 and 6.

Re:Pointless hype

[Krneki]

Yap, still he has gave me an insightful comment.

If I'll be faced with a new type of censorship I'll know what to look for. Shame he didn't gave us a solution to this problem. Apart from the classic do a SSH / VPN tunnel.

Re:Pointless hype

[jimicus]

You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries. Since you have a contract that means that's a card in your hand which you can use in case of violation.

Indeed I can. I can:

• Complain to the regulator (who will spend 6 months sitting on their arse before coming back with an answer to a totally different problem)
• Take them to court - though if I win they'll likely ignore the verdict and appeal it until such time as I lose or I run out of time/money. That is assuming by sheer blind luck the judge I get is reasonably tech-savvy to begin with.
• Take my business elsewhere. Though seeing as there is one cable ISP in my country and one ISP supplying wholesale ADSL to the majority of retail ISPs, I'm going to run out of options pretty damn quick.

Re:Pointless hype

[Grayputer]

Ahhh, as far as I know, DNS is still distributed under this model. Google is not hosting DNS, they are providing a look-up server for DNS, just like your current ISP does (usually set when you get your IP address via DHCP). The root servers still exist, I'm still serving my domain's DNS, HP is still serving their DNS, ...

Google is providing an alternative to the ISP's servers for look-up, not hosting.

Re:Pointless hype

[suso]

Did you realize what you just said? You'll Google for a solution. Was that a joke, because honestly that's starting to be scary. Obviously Google has way too much power on the Internet.

This is starting to sound like that sports drink that is used for everything in the movie Idiocracy.

Re:Pointless hype

[drinkypoo]

Then you are a fool. [...] all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers

I love to be the one to break this to you, but using packet inspection it's just as easy (perhaps easier) to just mangle every DNS response, not just the ones from Google, or insert_server_here. Not using your ISP's name servers (if they even have them, which many don't any more — you hit their provider's nameservers directly) will however successfully protect you from an attack against your ISP's name servers. If you think google's name servers will be compromised, that's a valid concern, but it seems less likely than your ISP's. Or, at least, mine.

Re:Pointless hype

[TooMuchToDo]

We had a bunch of customers call and complain that Level3's DNS servers weren't working when they used them for their dedicated servers, so I'm fairly certain Level3 has already started sticking IP restrictions into their DNS configuration files.

Re:Pointless hype

[bendodge]

they don't really lock down the BB devices, so I don't need Google Voice, or Android

Really? Can the Curve use its GPS chip yet? Last time I tried Google Maps I was forced to use tower triangulation and it was worthless. VZW wanted me to buy their overpriced navigation software to use the GPS chip for anything but e911. And, last I checked, other carriers let me use the GPS chip normally.

Note: this post is not designed to defend Google, just to bash Verizon.

Re:Pointless hype

[thisnamestoolong]

How are we going to organize a boycott? How many nerds do you think really care enough about these issues? Do you really think Comcast is going to see 14 nerds out in front of their building and go OH NOES WE NEED TO CHANGE OUR WAYS? My options are Comcast or dial-up. As I need (not want, need) high speed Internet access to fulfill my work responsibilities, my options are Comcast, or move.

Re:Pointless hype

[Krneki]

Did you realize what you just said? You'll Google for a solution. Was that a joke, because honestly that's starting to be scary. Obviously Google has way too much power on the Internet.

This is starting to sound like that sports drink that is used for everything in the movie Idiocracy.

What would you recommended? Yahoo, Bing, some obscure search engine, ... or reading the DNS manual?

I see you have developed a Googlephobia, but the rest of us don't have any problem using their service even if it means they index everything.

Re:Pointless hype

[Kryis]

You found it down "for a few minutes at least twice", over how many years? Just because financial systems would suffer insane losses if they had that kind of downtime it doesn't mean that it can't happen - within the last couple of weeks the London Stock Exchange was suspended for several hours due to technical problems. Even if you find Google down for a few minutes once a month, it is still doing better than the LSE this year.

Re:Pointless hype

[Danathar]

Until DNS becomes something that is signed digitally between client and host....

Re:Pointless hype

[arminw]

...they are legally binded to protect your privacy...

Unless it is the government wants your information or someone who has the ability and money to use the government (lawsuits & courts) to get the information. You might as well face it, there is no privacy whatsoever in any shape or form on the Internet. Anybody who has the will and the money can get whatever they want if it's there. Even the data on your own hard drive is subject to the legal system's access.

Re:Pointless hype

[nacturation]

And a whois lookup sure doesn't return a page either, unless you're using a web-based search.

"whois google.com" returns several "pages" worth of information at the command prompt, including two advertisements for MarkMonitor and an ad (or, more charitably, a public service announcement) for Internic:

$ whois google.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net/
for detailed information.

Domain Name: GOOGLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com/
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 18-nov-2008
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2011

>>> Last update of whois database: Mon, 07 Dec 2009 18:04:20 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Ma

Re:Pointless hype

[interval1066]

You didn't know DNS could be used for evil??? Boy have I got a tale of woah for you involving an unsecured telnet port and a pair of forgotten BSD machines doing DNS duty deep in the bowels of one organization...

Re:Pointless hype

[tomtomtom]

At least for me, 4.2.2.3 is WAY faster than (about twice the speed of, in fact) either of google's addresses. The other two are about the same as google.

Re:Pointless hype

[Sleepy]

>Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

And the logical extension:
    if you don't trust your Internet provider at all, should you give them your business?

I can just see it now - masses of folks ditching their Comcrap and Road Runner connections, running self-administered DNS on "dedicated" 128k lines from the phone company.

Assuming you can even GET direct Internet service like that in your area... you think that somehow by using their DNS (or running your own) the DNS infrastructure is "more distributed" than Google? Yes because we all live in a perfect "open market" with 12 ISPs to choose from, and when an ISP crashes everyone bails for the better run ISP.

Give me a f'n break. Anyone opting-in to Google DNS or OpenDNS is at least *thinking* about the issue... so when their ISPs DNS goes down, they are still running. What's wrong with that?

Maybe this will pressure ISPs to look at DNS from a marketing-collection perspective, instead of an "expense". If that makes the ISPs suddenly WANT to provide better DNS service to compete, so be it.

Re:Pointless hype

[JWSmythe]

    I've done that in the past, when I had a good reliable endpoint on a fast connection. I was on providers who did all kinds of nasty stuff, including rate limiting various things, redirecting SMTP and DNS to their own servers, etc, etc. PPP over SSH is a real easy thing to do. One little script, and ppp available at both ends, and voila, you're now re-homed, and the transit from your location to your other endpoint is encrypted.

    And I know someone's going to say it, so ... no PPP over SSH isn't slow or unreliable. It's actually pretty good. It'll handle some pretty substantial outages, and connection quality issues without a problem. Like, I had a provider who would go down for about 5 minutes every hour, and my connections were never "lost". They kept retrying and picked right back up where they were. On top of that, they frequently had 10% packet loss. Really, you have to love cablemodems. :)

Re:Pointless hype

[NeutronCowboy]

Depends at what time. If the accounting system goes down during end-of-year billing, they could indeed lose hundreds of thousands of dollars. As an example, the accounting system of one of the largest companies in the world experienced hiccups (not even a full meltdown) during end-of-year billing cycle. The end-result was that a huge contract could not be entered in time, and revenue could not be booked for that particular quarter and year. The tax and revenue implication was immediate - and the company essentially lost hundreds of thousands of dollars because of a slowdown, not even a downtime.

Re:Pointless hype

[Sleepy]

>Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.

A non-sequitur. More people using Google DNS or any other DNS resolver does NOT make it more likely that a country or corporation can impose censorship.

In your previous statement you even hint that you know this - you suggest that a country could "change the UDP packets coming from Google DNS to change the answers", but why would a country target JUST GOOGLE DNS for censorship?

If you took 30 seconds to Google the world's best known DNS censorship project (http://www.google.com/search?q=great+firewall+of+china) you would know that China does not target *specific* DNS resolvers (such as you suggest might be done with "Google DNS"). No, China hijacks ALL port 53 traffic which should be obvious then that the DNS provider is 100% irrelevant.

In fact, a third party DNS provider is MORE likely to offer DNS resolver service on a non-standard DNS port, thus becoming an ANTI-censorship tool that China can not defeat (not without blocking or filtering ALL ports which kills their Internet entirely).

You should be careful about calling someone else a "fool", when speaking of topics on which you have your facts wrong.

Re:Pointless hype

[Jah-Wren+Ryel]

You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries.

I don't know about what countries you are thinking of, but that is certainly not the case in the USA. They've got carte blanch do anything they want with whatever info they can glean out of their users.

Re:Pointless hype

[TheRaven64]

Glitches in the system that last a second typically cause an entire call to be lost from the metering system. One second won't cause you to lose one second of calls, it will typically prevent you from being able to bill for any calls initiated in that second, many of which will last an hour, be to premium rate numbers, and so on.

Re:Pointless hype

[Zerth]

My provider blocks raw VPN because they want business class $$$ for it.

If my ISP already screws with DNS, why do you think they aren't all-around jerks?

Deleting a line from the config to use the remote DNS for all my traffic actually made life easier, if slightly laggier.

Re:Pointless hype

[Neil+Hodges]

DNNSEC, anybody?

Re:Pointless hype

[metamatic]

Fair enough -- you don't trust your ISP.

How does using google's DNS help you?

My ISP offers a slow DNS server with occasional timeouts that screws around with NXDOMAIN responses and replaces them with false information.

So Google's offering is instantly and verifiably more trustworthy than my ISPs.

Previously I had to use OpenDNS and turn off redirections to get the same result. Google DNS is even faster.

Competition is good. If you don't like Google DNS, set up something that competes with it. Crappy ISP DNS service, in my experience, does not compete.

Re:Pointless hype

[NathanM412]

No, but you know they will have to pay out almost as much for their Service Level Agreement if financial institutions lose their connectivity.

Re:Pointless hype

[Idiomatick]

Opt-in dns through google is ONLY for well informed nerds. And any evil they tried to commit with it would have failed horribly. And I mean exploded in google's face.

This idea for spreading opt-out dns could however be used for evil. With a lesser chance of it exploding in their face since not 100% of the users are well informed nerds.

Re:Pointless hype

In fairness he said "a few" seconds. Thus his telephone company only makes 1,051,897,533,333.34 from time metered services.

Re:Pointless hype

[VGPowerlord]

And do you realise the hardware it would take to start sniffing the packets of the largest search provider in the world?

That's a nice straw-man you have there, it's a shame I have to burn it up.

Do you really need to be reminded that we're talking about packets over UDP on port 53 sent in standard DNS format, with no DNSSEC since Google doesn't support it? The ISP doesn't need to sniff it, just redirect it to their own DNS servers and rewrite the response to look like it came from Google's DNS servers.

Re:Pointless hype

[Monkeedude1212]

True, but Given that my Social Security number is known by me, my mother, my employers, and whoever recieves my taxes - if I can't trust any of those to keep it private - I am in more trouble then if I trust Google.

Re:Pointless hype

[SydShamino]

The odds are good that such privacy does not exist in the OP's country, since that country is probably the U.S. and his ISP probably sells data to the federal government.

Re:Pointless hype

[jimicus]

Ah, I've got used to 14 year olds on /. who seem to think that the only way to do a whois search is using a website. Apologies.

Re:Pointless hype

[johny42]

Mandatory censorship.

That doesn't seem like a very mandatory way of censorship. Not being able to translate a site's domain name to its IP address has nothing to do with not being able to access the site.

Re:Pointless hype

LOL, what countries are that? In Sweden you have to sign a 4 page contract basically agreeing that the power is in the hand of your ISP, there is no clause that they can't tamper with DNS, basically they don't even have to provide me with internet access, they just have to try to give me internet access, if they fail they still get to bill me according to teh contract, of course they won't... but not because of the contract but because of the fear of the free press.

Re:Pointless hype

penalties for downtime in agreements. being down for greater than threshold is largely as costly as being down for much more than threshhold (probably large up front fee + incremental cost thereafter).

Re:Pointless hype

[RulerOf]

an unsecured telnet port and a pair of forgotten BSD machines doing DNS duty deep in the bowels of one organization...

Ahem. We read slashdot for the purposes of hearing the entirety of these types of stories. Please continue.

Re:Pointless hype

[voodoowizard]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Well no and yes. I just really hate the redirects and would prefer to use something like OpenDNS.That and I have a feeling that OpenDNS is more proactive in filtering fishing sites. Do I really care? No, it was just easy to switch so I did. Should this be big news? Hell no. Now would I use GoogleDNS if there was no other options. Maybe I would, I mean I primarily use google to search, it's not like they don't know what I am doing most of the time from that. It is easier for me to type youtube in the search then click the link as apposed to finding it in my favorites or typing all those letters in the address bar.

Re:Pointless hype

Whoah, I'll buy those shares!

Re:Pointless hype

[Logic+and+Reason]

Boy have I got a tale of woah for you...

Keanu, is that you?

Re:Pointless hype

[dUN82]

During the dark ages of internet in China[i only say dark because it is darker now], google.com was hijacked by chinese isp to redirect all traffic to baidu.com. think about that!

Re:Pointless hype

[Ephemeriis]

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people
wouldn't care about DNS normally, but since its Google it must be something to get excited about.

I don't think I've seen any talk of Google DNS in the mainstream media... Pretty much just on the technical/network sites. Which is where folks actually know and care about DNS.

I doubt really that any significant number of people will
switch to using 8.8.8.8

Home users? Probably not. Businesses? Maybe.

I know I'll be using Google DNS as an alternative to OpenDNS for our clients with dynamic IP addresses.

I worry that if they do, one of the the original goals for DNS will be lost. That its distributed

Well, first of all, DNS isn't all that distributed. I mean, it is... But ultimately you're talking to the same few root servers. So if something goes seriously wrong at the root, it doesn't much matter what DNS server you're using.

Second, they have the standard primary/secondary server thing going on. So if one of their addresses goes down, the other one can still respond.

Third, just because they're only handing out two IP addresses doesn't mean there are literally two servers. I assume that they've got some kind of distributed cluster thing going on.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

My ISP does a crappy job of DNS. I'm not entirely sure what their problem is... Maybe the hardware is overworked, maybe the admins are incompetent, whatever. The end result is that their DNS servers are slow and flaky. I switched to OpenDNS a year or so ago in order to fix problems with my DNS.

That's not to mention the NXDOMAIN hijinks that some ISPs pull... Redirecting your NXDOMAIN results to a search or portal page of some sort to generate more revenue.

As for why I'd trust them at all if they can't handle DNS... Well, I guess trust is a fairly strong word. I don't trust them. I have no confidence that they're going to provide quality service or that they'll defend my privacy or that some admin somewhere isn't snooping on my traffic. But they're pretty much the only game available at my location. So, I put up with their problems.

Re:Pointless hype

[Ephemeriis]

Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.

Actually, it'd be far easier to just capture all DNS queries and send them to the server you control. We set such things up all the time. Doesn't even take crazy-expensive hardware.

But why does using OpenDNS or Google DNS make this guy a fool?

Is he supposed to just sit back and enjoy the censorship?

So what if the government notices this and implements better censorship... Are you then going to suggest that he not try to circumvent that?

Re:Pointless hype

[Ephemeriis]

and one of the world's largest advertising companies, masquerading as a technology company (though only as a vehicle for their advertising) isn't EVER going to start throwing up link farms or ads in response to NX queries? You, sir, have more faith than the pope.

One of the big complaints about NXDOMAIN redirection is that it breaks certain bits of the Internet that rely on DNS lookups functioning properly. And Google has a pretty big interest in making sure that the Internet keeps working correctly. So they've got some incentive not to play around with NXDOMAIN results too much.

OpenDNS provides typo-correction and search lookups for NXDOMAIN results. That's how they make money. But they also allow you to opt-out. Unlike the opt-out that some cable companies use, there is no cookie. It is configured by your IP address. Which means that your NXDOMAIN behaves correctly on any computer behind that router, even if you aren't using a web browser with that cookie set.

If OpenDNS can both garner advertising revenue and keep NXDOMAIN working correctly for the folks who need it, I'm going to assume that Google can do the same.

Re:Pointless hype

[Dahamma]

He also said "hundreds of thousands" - so, with the amazingly precise math this thread is employing, "hundreds of thousands" divided by "a few" therefore does equal exactly 100,000!

Re:Pointless hype

[shutdown+-p+now]

At a hundred thousand dollars a second, your telephone company makes $3,155,692,600,000 a year from time-metered services?

That's easily explained if said telephone company is a mobile operator in USA.

Re:Pointless hype

[Ephemeriis]

You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries.

Yeah, right.

How many stories have there been on here about various telecom companies handing records over to investigators with very little, if any, reason to do so?

How often do we hear about records being lost or leaked or stolen?

How often do we actually hear about ISPs or telecom companies getting in trouble for any of this?

Regardless of whatever laws and contracts you may think you have on your side... The ISP is going to do pretty much whatever it wants, and you can either put up with it or go find a different ISP (which will also do pretty much whatever it wants).

However with Google, you have nothing.

You have a privacy policy that states their logs will be deleted every 48 hours. You can believe that or not... But it's about as substantial as anything you'll get from your ISP.

Re:Pointless hype

[guruevi]

3.1 Billion dollars is not all that much for a phone company:

AT&T:
Revenue: USD 119.3 Billion (2008)
Operating income: USD 18.165 Billion (2008)
Net income: USD $10.463 Billion (2008)

They probably didn't generate all that through time-metered services (usually subscriptions) but every call does get metered no matter what (even if it's $0.00). $3 Billion is only 3% of their revenue so it might well be that GP is correct. Unfortunately for the GP, the billing services are most likely distributed and probably not even on the same software although if a single software glitch would suspend all meters for a few seconds - eg. due to the Unixtime overflowing (say 2 minutes to reboot) they would lose a huge chunk of money.

Re:Pointless hype

[LordLimecat]

You trust your ISP? I sure don't. Perhaps I am asking for abuse

Attempting to go to http://www.wasdjfioaiofjiwji.com/ and getting a lovely Cox-sponsored yahoo search seems like abuse to me. Go google.

Re:Pointless hype

[dave562]

How is Google's DNS service any more reliable than a tier 1 service provider? It seems to me like your Tier 1 provider is going to have peering arrangements with just about any other ISP you'd ever connect to. I like Google and all, but I will stick with 198.6.1.5 and 4.2.2.2 for my DNS. In ten plus years I've never had a problem with them.

Re:Pointless hype

Theres overhead on outages. That is not the flat rate per second you retard.

Re:Pointless hype

Read it again. 3.1 trillion.

Re:Pointless hype

[dave562]

I have an 8300 and the GPS works fine with Google Maps. I'm on AT&T though so as you mentioned, your problem might be Verizon centric.

Re:Pointless hype

[ckaminski]

That's not Billion, that's 3.1 TRILLION dollars - almost a 3rd of the US GDP.

For the newbs:

1000 Thousand
1000000 Million
1000000000 Billion
1000000000000 Trillion
- - - - - - - -
315569260,000 Trillions!!

Re:Pointless hype

[daveime]

Yes, like OpenDNS is *any* better behaved in that respect ?

Have a look at the "Refine Your Search" options on the right. The first few are probably valid alternative suggestions based on the spelling ... but the last 7 are blatant Click-Thru revenue generators.

Was Fio
Was AIO
Was Fji
Homes for Sale
Apartments
Dating Services
Chat Rooms
Airline Tickets
Travel Guides
Las Vegas

So seems like *everyone* is basically evil, and it's just a case of "better the devil you know".

Re:Pointless hype

Sorry to hear you mistrust your ISP, better take care of that ASAP buddy because far beyond just giving you some DNS servers to use, they can technically snoop on every last unencrypted byte you send and receive.

Stop making such a big deal out of Google DNS; its nothing, its non-news its just straight plain vanilla DNS.

STOP IT

Re:Pointless hype

[vcgodinich]

3.1 trillion for a few seconds of no phones? that is a large overhead.

Re:Pointless hype

[electrosoccertux]

I got money on the fact that this DNS server will be a part of their Android and Chrome OS services. You know, a default setting.

Eh. I don't care anymore. They want the data they can have it. Having thought about it for two years, I've realized they don't have the time to look into anybody in particular. It's all statistical data. The more they can disseminate that, the more they can provide ads that interest me, which means I'm more likely to buy the stuff, which means I get more free things from google.

Re:Pointless hype

[interval1066]

Hey, that's fucking hilarious.

To continue, and briefly, a friend of mine worked for a company who had a network spur that was little used, and served by these two OpenBSD machines, and these machines sat for a few years almost forgotten when one day their whole network started acting funny, a few name queries would end up in strange and obviously incorrect domains. A days of poking around led me to these two machines. Seems whomever set them up wanted them as a back door into this intranet, so they let one serve up a telnet port as well as name service. I don't think it was anything malicious, but whatever it was whomever set it up let the machine serve up bare, un-covered telnet, like a fool, no ssh tunnel, no nothing. Late at night I noticed both machine unusually active, so I took a look. Connected to the one machine was a telnet session with an endpoint somewhere in China. A closer look revealed the server's kernel had been recompiled. I didn't do any further analysis, I just shut down that port at the firewall and reported what I found. I think the company ended up retiring those servers and bringing that part of their intranet into the main fold of the corporate server stable.

Re:Pointless hype

[DaleSwanson]

Google's DNS service doesn't do this.

Re:Pointless hype

Mandatory censorship.

If they're filtering, then ok. But I can't help remembering that we've blocked outgoing DNS for all our customers' desktops, due to the recent DNS vulnerability. I do hope they're not on here complaining about not being able to get better DNS from google because of our stupid firewalls.

Re:Pointless hype

How do you think they are doing that 'near by'? Here is a hint, thru DNS. Thruout the day if you put in google.com into a dns server you will get different results (load balancing and regional balancing as well). If you put in 8.8.8.8 it will almost always route to the same spot in the internet. That is the way it works... You can make rules to make some addresses act differently but then you need to get some approval from the core routers. If the internet worked the way you describe people wouldnt be putting things like x1.cache.someserver.com, and x2.cache.someserver.com. Or akami wouldnt be doing things where it makes it look like 1 name and thousands of possible servers that could be resolved to that name.

Re:Pointless hype

[nedlohs]

Those numbers are *exactly* the same, so that's completely irrelevant.

Since you don't know they aren't metering there's no gaming and holding the line open for longer than you would otherwise to skew the numbers. So if they lose $100,000 in revenue from not billing calls initiated in that one second, then they must usually make $100,000 of revenue from calls initiated every second. So we still have $100,000 * 31,556,926 seconds.

Re:Pointless hype

[mcrbids]

DNS servers are just DNS servers. There's a pool of them that handle requests to a given server. If google Public DNS is implemented like other Google services, your queries will be handled by whichever google node is nearby, idle, and knows the address you're requesting.

And... how is this different than your "local" DNS server? how do you know that Google's DNS is "nearby, idle, and knows the address"?

This seems robust than the way even the existing root servers are implemented. Google has more sites than almost anyone else non-government (there are a few notable exceptions, but none of them have an architecture like google's) and is continually opening more.

Perchance, because this is pretty much how existing root servers are implemented? There was a slashdork article a while back about the challenges of running a root DNS server. Let me assure you, redundancy is paramount - they've NEVER all been down. Ever.

Again, I defy you to please clarify what you mean by "cloud" computing to be any different than "Internet" computing? Because there is no difference. The Internet IS the cloud. Drawing a distinction between the two is like drawing a distinction between your pants and your britches.

And, once again, DNS is a redundant, multi-point, caching, distributed-architecture protocol, and has been for some 20 years.

Do you not know what this means?

"Cloud based" is a marketing term that describes what hosted application providers have been doing in various forms for some 20 years.

Re:Pointless hype

[megas]

Nowadays should be a lot easier to switch ISP's than to switch away from Google..

Re:Pointless hype

The network's DNS? It looks like you are talking not about your network, perhaps your employer's network, if that is the case you should accept whatever DNS solution they have.

Re:Pointless hype

[shentino]

Mandatory and competently implemented are not mutually inclusive.

Blocked DNS though does pass the threshold of "too much of a PITA to bother with"

Re:Pointless hype

[bsDaemon]

I have the Storm, and I can use the GPS with Google Maps just fine. The GPS chip doesn't work when you're on a phone call, but I think that's a function of hardware rather than Verizon.

Despite this being a thread about me hating on Google at this point, Google Maps on my phone is alright. It's free, and it dosn't advertise at me. It's not as nice as Verizon's product, but it costs $5/mo less for something I really don't use all that regularly.

Re:Pointless hype

[mirix]

Not on all of earth.

1k - thousand
1M - million
1G - milliard
1T - billion


info

Re:Pointless hype

[Macrat]

I won't be switching DNS servers until/unless I notice a problem with my ISP's

I guess your ISP isn't Comcast.

Re:Pointless hype

[cenc]

I live in a country that does not control the ISP for political reasons, but there is only 2-3 major ISP's in the country and they all have DNS problems.

Often their Internet connection is working just fine, but the IT guys running them don't realize that there is a DNS problem (completely down, outdated caches, ignoring ttl, not caching international domains). It is the same as not having Internet for millions of users that don't understand the problem of DNS.

It is so bad that since I quit using the ISP DNS servers, my connection reliability has been around 98% for the last couple of years not counting things like power outages (I have connections from two different ones currently). Prior to changing to my own DNS server, I was getting more around 80-90% reliability, not counting a lot of missed but ultimately resolved lookups.

Moral to the story is good DNS is important.

Re:Pointless hype

I'll bet good money that the google DNS servers are anycast addresses that route to "whatever google datacenter is close to you" and not "the same place in google's network"

Re:Pointless hype

[bendodge]

The Storm is the only BB that can use its GPS chip on Verizon's firmware. RIM hyped the GPS feature and the Storm was mostly marketed to tech-savvy people (as opposed to the "businesslike" Curve), and they screamed loud enough that Verizon finally enabled the chip.

Re:Pointless hype

[mahadiga]

switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

How does Google Public DNS know which data center to send me to?
Google Public DNS uses anycast routing to direct all packets to the closest DNS server. For more information on anycast routing, see the Wikipedia entry.

Re:Pointless hype

I've been to Google and found it down for a few minutes at least twice and there are numerous instances where gmail has been unavailable.

Gmail downtimes, while frequent enough and long enough to be annoying, have been gmail-specific downtimes, not total google failures. Google search downtimes were measured in 2007 by pingdom[1]. I can't find anything more recent, but it doesn't appear anyone thinks it is worse, otherwise they'd certainly write about it. You must do a lot of searches to notice 30-40 minutes of downtime per year.

If Google goes down for a few seconds, you hit refresh and blame your ISP. If, for example, the telephone company's accounting system goes down for a few seconds then they lose hundreds of thousands of dollars.

If your phone service goes down during a call, you hang up and call again. If Google's accounting system that counts all charged ad clicks goes down for a few seconds, they lose thousands of dollars[2,3]. In fact if there's even a delay, adsense publishers will notice[4]. You are comparing apples and oranges in your statement because you mix the user view with the company's global view. In reality the two "utilities" are pretty similar with large downtime cost for billing and in the user behavior for short outages.

Btw, if you know a telephone company that makes $2T/year, please let me know so I can invest in them. AT&T makes "only" $124B, or ~$3900/sec.

[1] http://royal.pingdom.com/2007/09/26/google-availability-differs-greatly-between-countries/
[2] http://finance.yahoo.com/q/is?s=GOOG&annual
[3] $21.7E9/year / (365.24*24*60*60 sec/year) = ~$688/sec; a few seconds could be $2000.
[4] http://www.webmasterworld.com/google_adsense/3929862.htm

Re:Pointless hype

I suggest that Google will eventually redirect NX queries, because it follows their pattern of adding advertising to their previously ad-free products. I submit Google Maps and Google Earth as examples.

I'd take that bet. From this page:

Correct results. Google Public DNS does its best to return the right answer to every query every time, in accordance with the DNS standards. Sometimes, in the case of a query for a mistyped or non-existent domain name, the right answer means no answer, or an error message stating the domain name could not be resolved. Google Public DNS never blocks, filters, or redirects users, unlike some open resolvers and ISPs.

Re:Pointless hype

[drinkypoo]

And... how is this different than your "local" DNS server? how do you know that Google's DNS is "nearby, idle, and knows the address"?

My ISP is incompetent; their DNS server is nearby and probably idle, but often has problems returning addresses. They are now ATT customers, ATT being the only one with fiber in this county. I don't trust ATT, who mangled our connection the first time we switched such that it was obvious they were taking a gigantic shit on net neutrality.

Perchance, because this is pretty much how existing root servers are implemented? There was a slashdork article a while back about the challenges of running a root DNS server. Let me assure you, redundancy is paramount - they've NEVER all been down. Ever.

But if I want to hit the root servers, I need to run my own caching server, and that's just one more thing to maintain. I do have a caching DNS proxy on my firewall, but that required zero setup.

Again, I defy you to please clarify what you mean by "cloud" computing to be any different than "Internet" computing?

Cloud computing refers to running your code on a cluster of machines which if not indistinguishable are at least interchangeable. It's a description for a certain type of dynamic clustering. As more resources are needed, more are used; unused servers can be put into sleep mode and woken back up as needed. If you compare this to a round-robin cluster of DNS servers it's fucking obvious what the difference is between cloud computing and a legacy "cluster" of machines. There are two primary benefits. One, no dedicated servers are required for any given task. Two, the loss of any one server is irrelevant. Three, it does not require hot failover nodes to sit idle. Four, it does not require N*2 nodes for failover, because other failover nodes are already present... and rather than sitting idle, they are performing other tasks. I can come up with more ways to differentiate cloud computing from traditional server models, but this should be more than enough to prove that you are an idiot. You're a reactionary tool who has sand in their vagina about the idea of calling a new type of computing something new. So what if it's a stupid name?

And, once again, DNS is a redundant, multi-point, caching, distributed-architecture protocol, and has been for some 20 years.

And yet, there are still improvements to be made by moving to a cloud model, which is more redundant, more multi-point, and more distributed. Google sites will eventually outnumber root server sites; they're putting up micro data centers around the world. At that point, Google DNS will be more robust for the user than running their own caching DNS proxy.

Re:Pointless hype

[__aaxwdb6741]

Level3 is about 6ms faster on average, for me. (40ms vs 34ms)

Either way it's insanely fast, and I'd never switch away from my own resolver :x

Oh and in case anybody doesn't know yet:
4.2.2.{2..6} are Level3's public DNS servers.

Re:Pointless hype

[__aaxwdb6741]

4.2.2.1 works too!

Re:Pointless hype

[ArAgost]

Are you Italian? if so, it was not a problem of censorship. bwin (and many similar sites) were denied access by ISPs after being instructed by the authorities since those sites were not complying with the italian laws about gambling. Once they complied, access to these sites was promptly re-enabled.

Re:Pointless hype

Sorry, I was responding to the poster who claimed they'd hijack NXDOMAIN and do weird things with ad frames and other things like that - they have said they won't, I'm pretty sure. I don't really care what they do with my anonymous data. Heck, I have google web history turned on, I don't really care if they DO associate the two - I think I'd actually like it in fact, since I use so many different browsers that managing my history is problematic.

Re:Pointless hype

[ckaminski]

Point taken, but read the context - the post I was responding to was definitely using my definition of billion (10^9) in reference to AT&Ts income/revenue.

Re:Pointless hype

[andymadigan]

You should only be preventing your own customers from answering DNS queries (for home routers which act as DNS servers on their WAN port) you shouldn't be preventing them from using 3rd party DNS servers. That doesn't make them safer, most people don't know how to configure DNS, those that do will be aware of the vulnerability (and probably using OpenDNS and similar services which are presumably at least as secure as your service).

Preventing access to 3rd party DNS is just a money grab (since then you can lock people into your advertising-supported DNS).

Re:Pointless hype

[mirix]

I know, I was just being difficult ;-)

Re:Pointless hype

[ckaminski]

Oh.

In that case, carry on!

Re:Pointless hype

[dstrickler]

For Google to have DNS running through them, they have an even broader set of information at their fingertips. With it, they should be able to give you even better search results. The bad news is that to do this, they need to know more about you. Regardless if you feel this is OK or not, the speed and reliability of their DNS servers is paramount. I've been tracking it for a few days, and the live information is available here: http://www.pulsewise.com/blog/?p=70

Re:Pointless hype

Obviously telephone company's accounting system are down most of the year.

Re:Pointless hype

[Rayban]

Just tunnel the traffic over a v... oh.

I use Google DNS and..

quite like it.
It's slightly faster then my ISP's DNS (Virgin Media) but to be honest not a whole lot.
The main reason I started to use Google DNS is that I trust them more with information then I do with Virgin Media (Richard Branson) , it probably won't make a big difference but at least it makes me feel better that I got one up on them.

Re:I use Google DNS and..

[sakdoctor]

For DNS I trust Google > North Korean state owned ISP > Virgin Media

Re:I use Google DNS and..

[LordAndrewSama]

Funny, I'm going to Google because Virgin Media I don't trust.

Re:I use Google DNS and..

I switched to it this weekend for my home stuff... and to be honest I can't see much difference. It's neither faster nor slower, more open or less. If I hadn't seen this article I might actually have forgotten I switched...

Google is average

[jhoegl]

This just in, Google is average at something they did. Google's parents are very upset and will not be posting this on their refrigerator. In other news, detractors of Google throw party.

My Testing Results

Resolve www.yahoo.com

local.isp 12msec
4.2.2.2 30msec
208.67.222.222 55msec
8.8.8.8 57msec

Re:My Testing Results

[omnichad]

www.yahoo.com is a TERRIBLE test. It's likely to be in your ISP's local cache. On the other hand, 57ms is terrible for Google on the same task.

Re:My Testing Results

[sexconker]

www.yahoo.com is a TERRIBLE test. It's likely to be in your ISP's local cache. On the other hand, 57ms is terrible for Google on the same task.

Ad yahoo.com isn't in Google's cache?

Re:My Testing Results

[omnichad]

It is, and that's what makes it look terrible for Google. But uncached results are an important test, too. Or less-likely to be cached. If Google has near-everything on the Internet cached, and the local ISP doesn't, Google might start winning battles.

Re:My Testing Results

It's also likely to be in Google's cache. However, your location relative to a Google datacenter factors into that time as well. The idea is that through proactive caching of popular domains, the total time for a DNS query against a Google DNS server should be no greater than the latency between your machine and that server. If that latency is greater than what you see between your computer and your ISP's DNS server, using Google won't help your performance. It will however respond as a DNS server should (ie. not send you to some ISP search page).

Your ISP doesn't do proactive caching of domains, so there's a chance that although you are closer to your ISP's server than to Google's, Google might still return faster even with round-trip latency than your ISP if the ISP doesn't have the domain in it's cache and needs to do a recursive lookup for the query. You're banking on the hope that Google's audience is larger than your ISP's and therefore has a wider range of cached domains it's system.

Re:My Testing Results

Fine! Here are results for a record that is probably not cached.

Resolve www.tristandc.com

local.isp 175msec 4 hops
4.2.2.2 30msec 9 hops - Most likely cached.
208.67.222.222 333msec 15 hops
8.8.8.8 283msec 13 hops

As you can see the performance is more significantly impacted by the distance from the requester. Using a modern machine, the DNS traffic would have to be monumental (thousands of requests per second) to tax the machine. By distributing the DNS system into the hierarchical system that it is we distribute the load, shorten the distance and increase reliability/availability. To aggregate DNS traffic on as massive a scale as Google would like would be folly.

It will be interesting to see

[bugs2squash]

if it makes satellite web browsing better. Setting a web proxy is a great way to cut down DNS chatter on a satellite link, perhaps Google have come up with something that is almost as good.

One time comcasts DNS servers were down...

[gblackwo]

Around 5 years ago, the internet was down for comcast subscribers in northern Indiana and a good chunk of the midwest- I figured out it was just their DNS servers that were down and quickly switched over to AT&T's. That evening I saw the fastest internet I've ever seen. It was glorious.

Re:One time comcasts DNS servers were down...

Came here to say that I had the same experience. Switched to Verizon's 4.2.2.1. Comcast has never been faster. Thanks Verizon!

I wish I had FIOS :(

Re:One time comcasts DNS servers were down...

[Monkeedude1212]

Telus (Canadian Telco) DNS Servers go down for about 12 hours every other month or so. It's handy to have this kind of info online. I also have the Shaw (Canadian Cable Company) DNS servers written down, just in case.

Re:One time comcasts DNS servers were down...

[gblackwo]

I use 4.2.2.1 and 4.2.2.2 a lot- it really does make comcast speedy.

Re:One time comcasts DNS servers were down...

[omnichad]

And bittorrent/P2P don't usually use DNS. Draw your own conclusions.

Re:One time comcasts DNS servers were down...

[StayFrosty]

I've got Charter here. I got sick of being redirected to advert...I mean search pages when I typed a malformed url. When I called Charter to complain they denied that there was a problem. They blamed spyware on my (linux) machine. By the time I got to someone who knew what was actually going on they were trying to sell it as a feature. I nearly switched to another ISP on the spot. I started using 4.2.2.1 and 4.2.2.2 then. They always felt a little sluggish to me. I switched to 8.8.8.8 the other day to see if it makes a difference and I have to say it feels faster. I have no benchmarks to back this up but I probably won't switch back.

Re:One time comcasts DNS servers were down...

[bcmm]

Most people won't be able to find .torrent files without DNS.

Re:One time comcasts DNS servers were down...

[omnichad]

But if they already have a large download going, it would continue uninterrupted, and still find new peers.

Re:One time comcasts DNS servers were down...

[chill]

Yes, but just to clarify, your speed-up wasn't because AT&T's faster DNS. It was because all those other Comcast wankers were still offline and calling tech support. For a few glorious moments, the Comcast tubes were unclogged.

Re:One time comcasts DNS servers were down...

[PRMan]

Just switch ONE of your servers to 8.8.8.8. Leave the other alone. Then you have the best of both worlds.

Re:One time comcasts DNS servers were down...

[bcmm]

That is true. But nevertheless, that will be only a fraction of traffic (albeit a significant one), and doesn't take account of the (probable majority of) people who think "my google isn't working" and turn the computer off because, as noted by many others, most of them can not possibly understand that only DNS is down.

Re:One time comcasts DNS servers were down...

[Ephemeriis]

Around 5 years ago, the internet was down for comcast subscribers in northern Indiana and a good chunk of the midwest-

I figured out it was just their DNS servers that were down and quickly switched over to AT&T's. That evening I saw the fastest internet I've ever seen. It was glorious.

That's roughly the same experience I had about a year ago with Charter here.

The Internet went to hell for the better part of a week... Slow, had trouble looking up anything, web pages took forever to load, couldn't send mail. It was awful. I didn't initially think much of it as we routinely have trouble... But then one day it just cut out completely.

I did some basic troubleshooting to make sure it wasn't my own hardware, and found out I could ping pretty much anything by IP address, but Charter's DNS servers just weren't responding.

So I threw in OpenDNS's servers, and everything started working again. Actually, faster than it ever had. I haven't tried my ISP's DNS servers again since then - why switch when OpenDNS works so much better?

Re:One time comcasts DNS servers were down...

[Cal27]

Verizon returns ad-riddled yahoo searches instead of NXDOMAIN:
http://wwwwz.websearch.verizon.net/search?qo=www.dfgdsfasdfasdf.com&rn=KGStLXJazkT6isZ&rg=
And all of the links that are supposed to show you how to opt out (you have to change your DNS servers) have been giving 404 errors for months.
See for yourself, all the links on this page are broken: http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=vzc_help_contentDisplay&case=dns_assist&partner=verizon&product=dsl
Now, I have no problem changing my DNS servers by myself but not informing anybody on how to opt out seems a bit fishy.

My own more detailed analysis

[bramp]

I ran my own set of experiments benchmarking both Google DNS and OpenDNS as well as two UK ISPs. I showed more detailed results, and infer some information about how these systems are run. http://bramp.net/blog/google-dns-benchmarked

Re:My own more detailed analysis

Mmm I wonder how many times have I seen this link on slashdot?

Re:My own more detailed analysis

[bramp]

This is the second time. On the first Google DNS article, and now here. I'm just trying to drive traffic to my blog. Don't worry, this time it seems to have worked so I'll stop my shameless advertising :)

Re:My own more detailed analysis

[complete+loony]

Quick thoughts;
For your second and third tests it might be useful to test the TTL you got back to see if it is about to expire.
I wouldn't expect querying the www name to be much different to the domain itself.
Some of those popular sites might have deliberately low TTL's so they can quickly fail over the site to another IP address if something breaks.

Too lazy to read

What do they use for software... bind? djbdns? Something they wrote themselves in python?

Re:Too lazy to read

[lintux]

Yep, it's home-made ... but why do you think it'd be Python?

Beat a dead horse much /. ?

Oh look. It's THIS thread again.

RCN users!

Use google DNS: a good way to beat RCNs DNS throttling.
I un-crippled my internet access by using it.

Re:RCN users!

[iammani]

What? They throttle DNS requests? I am not sure how effective it will be, since DNS requests are cached and you dont have to ask the DNS server when you revisit the website.

If you see improvement by switching to google DNS servers, it is very likely that RCN has a really slow server (or has an inefficient caching algo) handling DNS request or that the latency to reach RCN DNS servers are higher than google's.

This is incompetence, not malice.

Re:RCN users!

except they don't throttle dns queries

Censorship FAIL

Open DNS servers have been there all along, but they're too obscure for Joe Average. Google is not, and there is embarrassement ahead for several national censorship schemes.

Google one of the slower options for me...

[Scootin159]

Was considering a switch (for our locally cached DNS servers parent servers), but glad I ran a benchmark first:

Cached relative performance:

• Local (backed by ISP)
• ISP (unfiltered results)
• Level 3
• Google

Uncached relative performance:

• Level 3
• ISP
• Local (backed by ISP)
• Google

In all cases, Google's one of our slower options. If anything, it appears I'd be best off using local DNS backed by level 3 for non-cached results.

Most ISP's DNS servers are broken.

[KingSkippus]

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

My ISP's nameservers are broken. Whenever I try to resolve a name that doesn't exist, instead of the DNS server telling me it doesn't exist, it returns the address of one of my ISP's web servers, which presents me with an ad-laden search page for whatever name I typed in. This is clearly not what the DNS spec says it is supposed to do.

While this might not sound like such a big deal, for developers it's a pain in the butt. For one thing, if I want to test to see if, for example, a name I have registered has propagated, I can't just do an nslookup to see if I get a response; I have to actually verify that the address that is returned (since all lookups will resolve to something) is the actual correct address instead of my ISP's web server. Also, on the client side, when my applications communicate via the web, they have to not only verify that an address resolved, but actually verify with the back-end application that it is what it's supposed to be instead of an ISP's search page. Just since I changed my DNS servers last week, I've already saved at least a minute or two I shouldn't have had to spend in the first place.

Plus, even if all of that still doesn't convince you that Google is actually doing something helpful, there's the simple fact that my ISP's servers actually had on average an hour or so down time every couple of months. It wasn't scheduled or anything (that I know of, anyway), I would just all of a sudden not be able to resolve any addresses. If I called technical support, the goobs there would insist on me plugging my computer directly into their modem, and when it still wouldn't work, they'd schedule a time a few days out for a technician to come out to my house. They simply wouldn't acknowledge that the problem was on their end, not mine, and they didn't understand simple concepts like nslookups, tracerts, etc. I'd invariably just give up, tell them not to send anyone, and wait without Internet access for their network people to figure it out after a lot more people called in.

I started using OpenDNS a long time ago because of all of the problems with my ISP's DNS servers, even though they also redirect queries that aren't found to their search page. If I wanted other features OpenDNS offers like parental controls and such, I'd probably stay with them. As it is, though, consider me another happy consumer of another helpful Google service. As the informal tech support guy for most of my family and friends, I'll be switching as many of them over as I can too, so I can avoid just a few more "Hey, I can't get to the Internet" calls.

Re:Most ISP's DNS servers are broken.

[Shawndeisi]

If you're using a *nix box somewhere on your devel network, "dig +trace host.domain.tld" is a beautiful thing as you'll avoid the cache (and therefore any potentially broken caching nameserver behavior) as all the nameservers you hit will be authoritative. You can see if it truly has propagated, which you can't do with a simple nslookup due to negative caching if your first lookup wasn't successful. Right now you could have a negative record cached for the TTL in the SOA and would have to wait until it expires before you see the live record, while it was already live for everyone else. You'll also be able to devel your app faster because you won't hit the caching server until it's live. There may be an equivalent flag on nslookup but I haven't found it after a few minutes of poking around.

Surprising benchmarks

[gmuslera]

Essentially it showed that the ones from verizon (the one that provides him connection) are the fastest ones (not only the fios one, but the 151.202/3 ones too are from verizon), there are a few others faster than Googles (including 4.2.2.*), and then the rest of DNS tested were slower. Much of the speed that matters of a well installed DNS is how "close" is from you (as in i.e. ping time), and your upstream provider have usually the closest one.
Could be a speed improvement in the few, rare times when you ask for something that is not cached already, but in massively used DNSs that is something rare and usually one-time hit. If you have to choose them for something, speed should not be the main factor.

Re:Surprising benchmarks

[Tarinth]

I think the key takeaway from the benchmarks is that your mileage can vary. For many people, the Google DNS may be considerably faster. For others, you might have an ISP with very good infrastructure (like FIOS).

Re:Surprising benchmarks

[gmuslera]

The point is that "very good infrastructure" is not a factor. A simple caching DNS on any of the sides of your internet connection is faster than getting to Google servers, and in the normal use will be faster almost all the time. If that DNS is used by enough people hitting a domain not in the cache should not be very common.

Re:Surprising benchmarks

[drinkypoo]

If that DNS is used by enough people hitting a domain not in the cache should not be very common.

I think the idea is that google already scans many of the most popular sites frequently, and as such already has a lot of addresses cached. And uh, I don't know about you, but I think the likelihood of a lot of people using google's DNS is very high. In any case, who doesn't have a caching DNS server in their AP any more?

Comment removed

[account_deleted]

Comment removed based on user account deletion

No thanks.

[jim_v2000]

I'll stick with my ISP's DNS. One thing I've noticed about using third party DNS services like OpenDNS is that location aware sites that serve up content from different servers depending where you are (like YouTube) don't work well.

Re:No thanks.

[bheer]

One thing I've noticed about using third party DNS services like OpenDNS is that location aware sites that serve up content from different servers depending where you are (like YouTube) don't work well.

OpenDNS is distributed too; for many users they're in the same geographic vicinity, so this really should not happen. Further, most servers that serve up geotargeted content (like Youtube) use geo-ip mapping to target their response to the client IP, not the server IP that was hit.

Do you have any specific examples of geotargeting gone wrong because of OpenDNS use? If you could list them here, I'm sure folk from the sites in question (or OpenDNS itself) would love to investigate the problem.

Re:No thanks.

[lintux]

Akamai probably has *many* more CDN nodes in the world than the number of gDNS and OpenDNS datacenters together, so just being distributed is not enough.

Re:No thanks.

[jim_v2000]

It was similar to this issue, but that was back in March and maybe they've fixed it by now. But really, the benefit over my ISP's DNS really isn't worth the hassle.

Re:Google IS NOT

It can be two things.

Multiple, parallel, DNS server settings?

[NevarMore]

I suspect this has been asked before. Is there some way to set up multiple DNS servers and simply query them in parallel?

That way whichever one is fastest gets me the address sooner. It is a little bit rude, but since it would seem that most DNS providers have the opportunity to be shady and feed landing pages or collect usage data, they'd be just as happy to have me make a request and discard the answer.

Re:Multiple, parallel, DNS server settings?

[gzipped_tar]

Use dnsmasq on your localhost.

From man page:

--all-servers
By default, when dnsmasq has more than one upstream server
available, it will send queries to just one server. Setting this
flag forces dnsmasq to send all queries to all available
servers. The reply from the server which answers first will be
returned to the original requestor.

I'm starting to wear tin foil hats

[GodfatherofSoul]

This is my completely unfounded conspiracy theory, but I'm starting to see Google as a pretty clever rouse to capture user data, perhaps for our government? They provide great services, but they've got their hooks well sunk into much of our digital lives.

Re:I'm starting to wear tin foil hats

[Gothmolly]

All you have to do is not use them. Since your ISP is tracking all this stuff anyway, don't worry about it.

Re:I'm starting to wear tin foil hats

[PastaLover]

Google is a public company, not the CIA, which means it's a lot more leaky. They also have a privacy policy that specifically says they won't track the DNS requests (actually something like delete records after several days, if I remember correctly). So it would be a huge risk for them to track it anyway (legal and PR ramifications) and a ton of people would have to know about it and keep it secret anyway (the conspiracy theory litmus test).

Tinfoil hats indeed. (is that one word or two?)

Re:I'm starting to wear tin foil hats

[gujo-odori]

I think you're attributing far too much competence to the government. Not that they don't want to do that sort of thing, of course.

Re:I'm starting to wear tin foil hats

[GodfatherofSoul]

Um, AT&T was a public company too.

Re:I'm starting to wear tin foil hats

[GodfatherofSoul]

I actually have stopped using Google Desktop.

Re:I'm starting to wear tin foil hats

[cdrguru]

Huge risk? Where do you get that? A company has a policy or terms of service that says they assure everyone that they are not doing X, they will never do X and so on and so forth.

What happens when they decide to change their policy? Or, simply (gasp!) violate their policy? Is there any sort of enforcement of published company policies? Nope. Maybe a small loss of some sort of credibility. Maybe. So I don't see any legal ramifications at all.

PR ramifications? Well, maybe. If the major media decided to run with a story there might be some fallout. But far more likely is one stockholder attending the annual meeting gets up and yells about it - and is immediately ejected from the room.

In other words, nothing, nothing at all.

Re:I'm starting to wear tin foil hats

[PastaLover]

That's a good point. Of course I could take the easy way out and say they were found out, so my point stands, but that's a bit too easy. In truth, it is simply improbable that this data will be misused, and that if it were we would not know within a reasonable timespan (so not 50 years into the future). It's even more improbable that Google would risk tarnishing their own image for data they could simply gather anyway, had they put in a different TOS. They do this for gmail and it's still a popular service, so why not do it for their DNS service?

Re:I'm starting to wear tin foil hats

[PastaLover]

What happens when they decide to change their policy? Or, simply (gasp!) violate their policy? Is there any sort of enforcement of published company policies? Nope. Maybe a small loss of some sort of credibility. Maybe. So I don't see any legal ramifications at all.

This might differ by venue, but consumer protection laws around here would definitely apply.

PR ramifications? Well, maybe. If the major media decided to run with a story there might be some fallout. But far more likely is one stockholder attending the annual meeting gets up and yells about it - and is immediately ejected from the room.

Yeah slashdot wouldn't be all over it, I'm sure.

Aww comeon! I can't believe everyone missed this!

[Naatach]

Well I, for one, welcome our new "Do No Evil" DNS overlords...
In Soviet Russia, Google DNS names YOU!
I wonder if they redirect misspelled entries here
In Korea, only old people use their ISP's DNS.
itsatrap!

switched 2 days ago...

...and am very happy with it. i surf a lot from the console and really am sick of getting redirected to opendns' website instead of a standard compliant answer...it seems to be a little bit faster than opendns, but i'm really too lazy to measure it. i cache with pdnsd localy since three years, because really every isp i had sucked at dns (5 hours dns downtime a month is 5 hours too much for me!). however, the arguments regarding privacy are just masturbation - you know you're security wanker without a web of trust and there's no trust in unencrypted udp connections and you don't own google's (or anybody else's) log server, do you? :-)

For me, OpenDNS is faster

[abhikhurana]

For me, like the tester, OpenDNS (17-18ms) performed better than Google (25ms). My ISP (O2 in UK - 22ms) was somewhere in between OpenDNS and Google.

For those who want to test it themselves, you can do so quite easily under linux. The Command to use is dig
e.g.

dig @server slashdot.org

Do it a few time to see how fast your DNS server actually is.

Sell Your Soul for Free Services

[queenb**ch]

A couple of years ago I wrote a blog entry entitled "Google - The New Mark of the Beast" and was fluffled off as an alarmist. Now the truth about Google is slowly seeping out. For those of you who don't do data mining, you just don't realize how sophisticated its become. Google doesn't do anything unless it gets them another stream of data on their user base.

Gmail - your email - subject -content - to and from
Google Chat - content and other people
Google Latitude - your physical location and cell #
Google Voice - your phone number (which can be trivially tied to real identity including your address) as well as the content from your phone calls and messages
Google Docs - Your documents, power points, and spreadsheets
Google Chrome & Toolbar - Your browsing History
Google Search - if you're logged in this gets stored if not, it can still be tied back to you via IP address

With Google DNS, they can see what you're requesting even if you're not one of their users and they can start to build a profile on you even if you haven't signed up.

Re:Sell Your Soul for Free Services

http://code.google.com/speed/public-dns/privacy.html might interest you. Seems okay to me.

Re:Sell Your Soul for Free Services

[jo42]

You forgot Google Checkout - your credit card numbers and online purchasing history.

Re:Sell Your Soul for Free Services

You're still an alarmist. A company knowing all these things just isn't an issue to 99(.9999)% of people. Firstly, most people have enough sense to realise they're not the centre of a paranoid conspiracy, and the benefits of all those service far outweighs any potential disadvantages. Secondly, a lot of people actually enjoy the convenience that tracking offers (targeted advertisements, remember-me forms, tailored search, etc). Thirdly, all these services are opt-in, so if people didn't like it they wouldn't opt-in (and most people are either well aware of google's busines model of [services data -> advertising], and those that aren't clearly don't care about their data enough to educate themselves). Until you offer substantial evidence that Joe Q Public is more inconvenienced than benefited by Google (remember: I said Joe Q Public, not some corner case*) then me and Joe Q will continue to use Google's services.

* Keep in mind that even in cases of "this could happen to you", most people accept the risk if the gain is substantial - if this wasn't the way, then no-one would drive, and no-one would drink.

Re:Sell Your Soul for Free Services

[drinkypoo]

The government already knows as much of this stuff as they want to, and I'm not afraid of Google, but I do fear "my" government. That's why you've been "fluffled" (pillowfight?) as an alarmist. You are one. Cellphone companies serve millions of cellphone position requests (probably to automated tools, and I don't mean cops) so the government can already be assumed to know where I am, if they care. It has been publicly stated that ECHELON reads the To, From, and Subject of all email, and then does analysis of the body of any interesting email, so my email is already being read by the federal government and searched for keywords even. And I'm pretty sure they already have my phone number; Tracphone "failed" to process a one year card (on purpose, is my bet - if you have money, they want to be able to market to you) so my identity is tied to my cellular phone.

With Google DNS, they can see what you're requesting even if you're not one of their users and they can start to build a profile on you even if you haven't signed up.

Yes, and with packet inspection, my ISP can see what I'm requesting even if I don't use their DNS. And so can my ISP, which is ATT, which was the first ISP busted for placing audio and data taps for the US gov't. So in other words, unless I actually fear google more than my government (hahAYHahaHAHAHAHAHAHAH) then I really have nothing to fear by using Google DNS.

Flakey DNS recursors

If your ISP is running a flakey DNS server, use your own.

It took me 5 minutes to get the dns recursor that comes with powerdns to work with my windows system at work.

download "powerDNS for windows" http://www.powerdns.com/en/downloads.aspx

turn off "powerDNS" in services
edit recursor.conf in powerdns home directory (looks like the default is c:\program files\powerdns)
change recursor port to 53 (default is 5300)

turn on "powerDNS recursor" service

edit your IP configuration to use localhost for DNS.

Now, you're doing DNS all by yourself. All there rest of the DNS servers on the planet can fail as long as a root server and the server of the service you're attempting to find work, you'll be good to go.

Oh -- and if you're at some place with split-horizon DNS, you'll now not see any of the internal services...

Re:Flakey DNS recursors

[ckaminski]

Where's the -1 Astroturfing mod? :-)

Re:Flakey DNS recursors

People could be justified in complaining "but I don't want to run my own recursor." or "only people who live in their mother's basement run their own recursors!"

It's not really true -- powerdns is open source / GPLed software. There is an unsupported but seemingly functional windows version that allows anyone to do their own DNS.

So -- if you don't trust your ISP's DNS servers to be reliable, do it yourself. It's not hard.

It's got a couple added advantages, too. No cache poisoning attacks are possible and localhost is really fast (once you've got something in your cache).

What's not to like?

Re:UDP block

[miknix]

Too bad that I can't use the Google DNS service on places that I would definitively use it. Those places are coffe's free WiFi hotspots, store free hotspots etc.. Usually, on those places the domain resolving is very slow (either done by their crappy router or forwarded to their crappy ISP). The problem is that most of them block all outgoing UDP traffic which invalidates the use of non-local DNS servers.

For whats its worth , its not faster at my end

[snokeloke]

but never tought about it dns performance before and it showed one thing tough and that is that my local crappy router sucks . for windows users , try this one http://www.grc.com/dns/benchmark.htm The googgle dns servers performs "ok" , but for me atleast i noticed noticable difference by using my isp dns servers directly.( not by just looking what this prog gave me , but cache lookups is faster on my ISP than on my local router( yah i know my router sucks ) ) ( oh btw , you cant use ping latency to determine if a dns is faster or not )

Dumb

[Vamman]

Google still can't get the POP3 protocol to work correctly in Gmail and here they are playing with bind. You know Microsoft must giggle when they hear Google setup their own DNS servers for the public. Give me a break Google hype machine. I feel like going and looking for another search engine.

Re:Dumb

It's not 1995 any more. Google have way more important things to worry about than getting POP3 working. Switch to IMAP and stop whining.

One IP can be distributed.

It's called Anycast and it is used to route your packet addressed to 8.8.8.8 (e.g.) to the topologically closest of many hosts claiming that IP on the internet. I assume, but don't know, that Google has a network widespread enough with diverse enough interconnects to the internet that there's plenty of redundancy and resiliency there. I assume likewise for OpenDNS; they can't be serving those billions of requests per day from an old BSD box under the desk, like I did for my employer back in the early days.

Win win situation

[horza]

Google offering free DNS makes sense for everybody:
a) it is a low cost / low bandwidth service Google can integrate into its infrastructure for negligible cost, and the public get free reliable DNS
b) ISPs are 'stealing' search traffic by hijacking millions of misspelled domains, Google can try and eliminate this fraud which will more than cover the costs of (a)
c) why do people need to invent a (c)?

At the end of the day, Google's money-spinner is ads on search results. The free DNS is a move to protect this. As people write above, a bonus side-effect is that makes life easier for developers of sites and browsers when ISPs don't corrupt the RFCs.

Phillip.

Re:Win win situation

D) what if Google just starts serving up their own ads on misspelled domains after they get everybody psyched up and on it?

Re:Win win situation

[BikeHelmet]

They wouldn't do that.

Google has repeatedly demonstrated that they value their reputation more than short term revenue.

Google DNA?!

[macraig]

Coming as this did hot on the heels of an article about a new RNA discovery, when I first read the title I thought it was about Google inventing a new type of DNA. Now that would be newsworthy!

Great for international users

[acid06]

For international users (I'm from Brazil), the new Google DNS is awesome. There are no such services around here and we usually need to rely on our ISPs DNS servers, which can't be trusted to be updated and with security holes fixed.

I used OpenDNS, but the response times were around 140ms, which is noticeably slower than my own ISPs DNS servers.

Now it seems Google has local DNS servers in Brazil, so I get 20-30ms response times which is much better. Actually, it's better than a lot of you are getting from Google's DNS servers, which makes me think Google has room for improvement in the US.

Re:Great for international users

[cenc]

I am in Chile and getting around 180ms, which is still likely faster than the local ISP's with all the errors. Either way it does not hold a candle to my local router cache running Dnsmasq on tomato firm ware, so I really don't care about 180ms lag time. As long as when my router request a connection, I get a no b.s. response from whatever DNS server every time.

Re:Great for international users

[acid06]

Well, I guess it's not available in all countries yet. But I'm still glad they remembered there are other countries besides the US, even if they still didn't manage to get a local server everywhere.

Re:UDP block - use pdnsd with tcp_only

[yukam]

Did not found way to force system resolver to use tcp-only, but something like this should work:
aptitide install pdnsd
=== cut /etc/pdnsd.conf ===
global {
query_method = tcp_only;
}
server {
ip = 8.8.8.8, 8.8.4.4;
label = "google";
}
=== cut /etc/resolv.conf ===
nameserver 127.0.0.1
That's slower than udp, but better than nothing (and pdnsd cache will compensate slowdown from tcp usage).

Actually both good/bad for security and anonimity

[zhilla2]

Anything can be used for good and evil. Not to sound like a Google fanboy, but by setting default primary/secondary DNS to a hardened, cache poison (and other stuff) secured and properly maintained DNS service, their ChromeOS / Android / people-who-trust-them customers could be better off than relying on some unsecured local ISP DNS.
If I was paranoid (or had a reason), I would trust Google more than my ISP - my ISP's DNS belongs to my ISP. Which is subject to my country's law. Google is not, and getting any info from them is at least bit harder than asking local company - who also does not have a clear policy on logging and sharing my data.
And yes, in my case also its fast but not as local ISP DNS, but no big trade off since I use BIND to cache anyway. So primary and secondary are my ISP's, and tertiary and quadriary Google's.
What I learned from all this is that second(ary) DNS IP your ISP gives you is sometimes bit (lot?) faster, and better used as Primary DNS under Windows.

Google: turning shit into gold

[cycoj]

It's funny how a lot of people are falling all over themselves because google introduces something new. Now they've introduced a new DNS service and say it's to make the internet experience faster. Turns out in benchmarks they are slower than peoples ISP DNS servers (not really surprising), but also significantly slower than services like OpenDNS, which does the same thing. So why are people switching to google??? It's not better than existing services, there's serious privacy and security concerns (it's a lot easier to force one company to change their DNS records than forcing thousands of companies in lots of different countries to change their records), but still everybody is suddenly declaring "I'm switching to googleDNS". The scary thing is the people are not the typical fanboys, but usually sceptical geeks. Somehow though as soon as google does something it switches the scepticism off in a geek brain.

Re:Google: turning shit into gold

[Arimus]

No it doesn't... least not to all of us...

I'll stick with my current grouping of my local dns cache, my isp and opendns.

Though the 8.8.8.8 address will be handy if I need a dns somewhere and I don't know the 'correct' one to pick for a given location - least it will let me get online to find the correct info I need ;)

Re:UDP block - use pdnsd with tcp_only

[miknix]

Good catch, I thought DNS only used TCP for zone transfers and similar.

TCP DNS query with dig:
dig +tcp @8.8.8.8 www.slashdot.org

Linux /etc/resolv.conf seems not to be able to do DNS queries over TCP. However, *BSD can:

http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&sektion=5

=== cut /etc/resolv.conf ===
nameserver 8.8.8.8
options tcp

Still, most of free WiFi hotspots block every f**king port except 80 and 443. I didn't check but if Google is answering DNS queries on 80 and 443 then it is a good thing :)

What about using your own?

I don't know how difficult is to setup on Windows world, but on Linux/Unix world is fairly simple (In Ubuntu, 1 apt-get and modify your dns server to localhost).
You will not benefit from the cache of others, but the hit ratio appart of the big ones must be very low anyway. Better roll your own cache with your own browsing habits.
What's the problem with that?

Re:What about using your own?

The power of the public apparently. Many people using the same cache make it nice & warm, similar to HTTP caches. See http://labs.watchmouse.com/2009/12/public-dns-servers-performance-worth-the-trouble/ for figures on both.

The system provides value to us

[dilvish_the_damned]

in the form of easy to remember IP addresses.
Additionally its a DNS service.

The Reason Google is doing This.

I just want to point out the obvious reason google is doing this and hoping you will switch DNS to them.
Facts:
1. Some ISP's return advertisments when you enter a domain that does not exists.
2. Google makes money from online advertising.
3. There is a specific number of dollars advertisers are willing to budget each year.

Given the above, it seems clear that google is attempting to remove the advertising dollars spent on domain-misses. By doing so, there is more money spent on other channels of online advertising. Google will likely pick up the majority of that money since they offer one of the best suites for online advertising.

The ability for a user to get more accurate DNS results... is the cookie that google is holding out in order to get you to switch.

Also note: about once per year my ISP goes down due to DNS not working. I can get to internet sites via their IP number, but name resolution does not work. The next time this occurs, I will be switching to 8.8.8.8 until my local ISP gets their DNS fixed. I may or may not switch back after that.

Good luck google ;-)

Congratulations..

[cheros]

I think you have more or less formulated the ONLY viable argument for Google DNS: as a hardened service for their OWN software.

I won't use it because I don't want to provide more data to Google (ditto for not using Chrome, FF works better for me), but I'm not dissing the service itself - it depends on your tolerance for risk, and of your need for a DNS. I'd use OpenDNS in that case.

Re:Congratulations..

[zhilla2]

No. A hardened service for their own software, AND anybody who has a much worse service (significant part of the world). I am in Europe outside EU, and I frankly do not trust my ISP more than Google. I use my ISP's DNS because I don't care, and is slightly faster.

Faster than many..

[tirnacopu]

..but not faster than the DNS service I run on my computer. It is trivial to install, provides a very simple service, and is as flexible as I might want it to be. A personal note on networking in general: whoever steps into the Internets and does not run a resolver that allows recursive queries should be banned.

Well, now that you mention it...

> your telephone company makes $3,155,692,600,000 a year from time-metered services?

I don't know about them actually getting it, but for some reason, I have no trouble imagining them billing that much...

A lack of F/OSS in a most important place

[Khopesh]

Dear Google - If you want to speed up the web as you so claim, and you're genuine in your interest, why is this not Free Software? Why are Google Wave and Google Android (both easily more profitable if closed up!) open platforms, but not this one (NOT profitable regardless of closed/open nature)? There is *NO* way you can compete with the last-mile (ISP) caching servers with respect to latency, so the only advantage comes from your minor optimization tweaks.

If you share these tweaks with the world, we can (a) see your transparency and your genuine interest in speeding up the net without so obviously gaining more data and --more importantly-- (b) the lower-latency last-mile providers such as ISPs, datacenters, and IT departments can actually deploy your superior technology in places where it matters.

In fact, the only place I can see using open DNS servers with benefit are when there are other freedom-related issues (censorship in specific), which of course lends itself to needing more transparency anyway!

... Unless of course you're human

[jonaskoelker]

Not being able to translate a site's domain name to its IP address has nothing to do with not being able to access the site.

Yes it does.

Very few---counting cards---people can---counting cards---remember the IP addresses of all the---counting cards---sites they want to---counting cards---visit.

Even though there are ways around it, it does work against many people.

Re:... Unless of course you're human

[nvivo]

Also, most host providers use the host header to provide access to many the website using a single IP. Unless you access the site by the DNS name or use some programming library to send the packets with the correct header to the host, you cannot access them using the IP address.

Re:... Unless of course you're human

[johny42]

Just put the correct IP address in (C:/windows/system32)/etc/hosts, that should do the trick.

Of course I don't expect that most people know this, but I was just surprised they went into such great lengths to block any outbound DNS requests and completely ignored the fact that anyone who has enough clue to know how to change their DNS servers probably knows they can bypass DNS if they wanted.

tracert

[mahadiga]

I picked DNS after performing this test

$tracert 8.8.8.8
$tracert 8.8.4.4
$tracert 4.2.2.4
$tracert 208.67.222.222

Finnish Google DNS Benchmark results

[Ux64]

Nothing new? Why this post is here? http://x7.fi/2009/12/04/google-public-dns-benchmarking/ Check it out.

A tradeoff, but worthwhile for me

[Whuffo]

Do I want Google pawing through my DNS lookups to build a better profile of me? No, but I'd rather have that than Charter forcing a page of advertising instead of a NXDOMAIN response. They say you can opt out, but all that does is cause their system to send you a fake IE error page instead of a page of advertising. I switched to Google's DNS a couple of days ago and it's fast and reliable. All in all, it's a good solution.

Too much information if you ask me!!!

[karlssberg]

They appear to be harvesting ever more information about us. Where do we draw the line??... "Google CCTV Home Security", "Google Banking Services", "Google Medical Records". But perhaps they don't need to go this far so long as we all adopt their new Chrome OS!!!

DNS Benchmark

[Futurepower(R)]

You can run DNS Benchmark to check the speed DNS servers.

World-wide DNS performance

Interesting! We also ran an experiment, but from 42 locations instead, using the WatchMouse network. In our synthetic score OpenDNS also comes out best:

http://labs.watchmouse.com/2009/12/public-dns-servers-performance-worth-the-trouble/

The problem we see is that Google is pretty fast, but they also seem to lose quite some packets in the process, causing retries etc...

Average world-wide performance

Google's public DNS service is fast, but also exhibits the most time-outs when measuring performance from 42 locations world-wide. When taking these time-outs into account, OpenDNS may well be the best option for your location in terms of total DNS waiting time. Check it out here: http://labs.watchmouse.com/2009/12/public-dns-servers-performance-worth-the-trouble/.