Slashdot Mirror
Google Proposes DNS Extension
ElusiveJoe writes "Google, along with a group of DNS and content providers, hopes to alter the DNS protocol. Currently, a DNS request can be sent to a recursive DNS server, which would send out requests to other DNS servers from its own IP address, thus acting somewhat similar to a proxy server. The proposed modification would allow authoritative nameservers to expose your IP address (instead of an address of your ISP's DNS server, for example) in order to 'load balance traffic and send users to a nearby server.' Or it would allow any interested party to look at your DNS requests. Or it would send a user from Iran or Libya to a 'domain name doesn't exist' server."
Yeah right.
Whacome? Goodgle, Whacome?
Google just can't seem to go Big Brother soon enough.
but the consequences could be..
This is horrible. This is so GOOG can monitor ALL of your web activity, all the time.
If you ever use Google, or see adwords anywhere, they already have your ip--all 4 octets.
With this DNS extension, they can see what sites buckets of people are visiting when they're NOT on google sites or where goog ads are being served. It's not resolved down to the user, but it's bucketed, and over time, they can guess what's happening.
This proposal is absolutely about google getting more data about your internet habits, and more data about the market spaces they don't (yet) control.
If you read the entire post by google, you'll notice they are suggesting only the first 3 octects of the IP address are transmitted. Now while this could theoretically be used to censor regions of users, it could not be used to expose you (since it isn't the complete IP address)
The proposal says they would only use the first three octets. And users could just use a different DNS server if they had a restrictive servers that blacklisted Iran or whatever.
"The right to do something does not mean doing it is right." William Safire
The summary isn't even close to correct. What the hell is going on with Slashdot these days?
Absolute power corrupts absolutly. There comes a point when attempting to control everything about the Internet is evil by default. Google is approaching critical mass.
After RTFM, I think it is a good idea. And sharing the first 3 octets of your IP shouldn't hurt your privacy, actually
What a load of crap. There is no way to exploit that. If a someone wants to block certain IP ranges, it is much more efficient to do so at the HTTP (or whatever the protocol in use is) level, rather than in DNS.
Even if this gets introduced, every DNS server will continue supporting the old (without 'IP forwarding') way of doing things, so it's easy enough to pick a DNS server which doesn't forward your IP. Everything will work just as it does now (you won't have the potential speed advantage you might get with the new system though).
Whoever wrote TFS doesn't know the first thing about how networks work. Looking at what just happened in China, do you think that Google of all companies really wants to endanger your privacy?
The reason why Google offers public DNS servers and why they came up with this is because they want to make the internet faster for everyone. And they're doing it in an open, backwards-compatible way.
This is a good idea and should be implemented.
This is extraordinarily important for efficient operation of the internet. If people want to block you, they can, DNS or no DNS. However, for global load balancing, this is vital. You want to connect to a server near you, not near your DNS server.
This will not stop the proper function of proxies.
Internet already work withouth the need to propagate this information. Following the OS concept of "Less power", the less information about you that is propagated, the less problems.
"By returning different addresses to requests coming from different places, DNS can be used to load balance traffic and send users to a nearby server. For example, if you look up www.google.com from a computer in New York, it may resolve to an IP address pointing to a server in New York City. If you look up www.google.com from the Netherlands, the result could be an IP address pointing to a server in the Netherlands. Sending you to a nearby server improves speed, latency, and network utilization."
It seems this balancing is already possible withouth the need to propagate that data. I choose here safety/privacy, over a potential speed gain. Also the risk is for everyone, but the gain is just for a few ones (the people that has lots of servers and need a balancing solution)... hence, is unfair. My view of this.
-Woof woof woof!
You can also send any user to a "this page has been hacked by XXXX's cyber army" server, thus making psyops and propaganda easier.
It seems IPv6 will be in use soon; so why tinker with DNS requests on IPv4 ?
Also, does anybody know how GEO locating an IP will be done on IPv6 (at least down to country level) ?
this is what anycast routing was invented for. the root servers use it, why not secondaries?
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
There are already many uses where the IP address of the resolver is used to determine service, basically every CDN etc uses this technique.
This extension is needed if you want OpenDNS and the like to Not Suck when fetching Akamai sourced content, youtube videos, etc.
And its not like the owner of the DNS authority won't find out who you are anyway, after all, you then CONTACT THEM DIRECTLY WITH YOUR IP ADDRESS!!
Test your net with Netalyzr
There are several products currently on the market that allow you to perform geographic load distribution via DNS. These products look at your LDNS server's address and either attempt to triangulate using a reverse DNS lookup to the LDNS server, calculating number of hops and/or round-trip times to that LDNS from each of your sites, or they use static IP range tables broken down by region. The assumption is that a client in somewhat close proximity to their LDNS server.
/24 subnet (or any varying mask bitlength), you'll still end up with clients clobbering each other with these geographic load distribution products unless you set the TTL to 1 second. That work around has the nasty side effect of increasing your DNS load by an exponential factor, which isn't good either.
The problem with these methods is that some very large ISPs may use only a couple of LDNS servers for an entire continent. In the case of third party DNS services, it grows to being a couple of LDNS servers for the entire planet. So there is no geographic unity between client and LDNS server.
This proposal helps a bit, but unless it includes a method where a LDNS server can be told that a DNS query's response is only good for that client's
I can't se how this does give any more information to Google or other users.
Example: If i do a lookup on www.slashdot.org then this query should newer hit any dns server controlled by Google.
The only way a query would end up on a google controlled dns server, would be if the domain i looked up were owned by google, and in that case I don't care, because then I am about to visit the site anyway which mean they will have my entire ip.
Just what is google's problem lately?
"Do no evil, just do the good ones in the ass."
They just don't mention the 2nd part because they assUme everyone knows it by now. How's your ass, need some lube?
look, you can already use whatever DNS server you want. if you're worried about your traffic being analyzed by someone else's DNS, just use your own (or a privacy-respecting) DNS elsewhere.
DNS is just the obvious way to ensure that clients use the best path to content.
...don't fix it.
It is pitch black. You are likely to be eaten by a grue.
With this DNS extension, they can see what sites buckets of people are visiting when they're NOT on google sites or where goog ads are being served.
Umm, how is that, exactly? Assume this gets adopted - Google's DNS servers aren't authoritative for anyone other than Google - so they won't see your DNS requests... and even if they were, they'd only see traffic for the sites that Google DNS is authoritative for.
Consider the fact that Google runs a caching DNS already, they don't need this - they'll already have the data for everyone using their resolver service, which would be much more data than this would get them.
In short, I think your tinfoil hat is a little tight. This sounds to me like Google's DNS service has turned out to be using more of their bandwidth than they anticipated, and they're looking to reduce it.
I like it. I don't know what the aggregate increase in efficiency across the net would be, but I'm betting if Google is suggesting it, it could be significant. While there are some potential abuses, they're really no different than what can already be done at the router/server level currently.
The use of the word 'marginal' needs to be disambiguated too. It means 'not of central importance.'
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
You must be new here.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The reason the internet is so successful is that it has a core that doesn't try to think too much. Get packet, forward packet, etc..
If load balancing is a concern, the client node should determine where the best place to get content from is at, NOT some hack which makes DNS less reliable, and noisier.
Use digital fountains and give out multiple sources to get streams from, and let the end user's computer figure it out. They are the ones in the best place to determine which is a more reliable stream of packets, not some aggregated delayed measure post facto.
I don't like this idea. Round robin should be good enough.
While this don't identify you for a lot of reasons, there are some good points of using this. Hitting local caches/distribution network nodes/etc will make internet actually faster (a good percent of total bandwidth comes from places where this applies, and going to somewhat local resources unclogs international links). At least where i live where around 200 ms is the avg ping time with the rest of the world, but 30 or lower to local ones, accessing most of static resources local should make a difference.
And probably more important, dont forbids you to keep your privacy, old nameservers, or if you want, your own authoritative nameserver,will not send that information and you could use them
" Or it would send a user from Iran or Libya to a 'domain name doesn't exist' server."
Why limited to these countries? How about Australia? Remember, this is a country that blocked Wikileaks thru its state sanctioned banlist. Politicians there are on board.
Even Linden Labs(makers of Second Life) have set up servers there(only 2-3 countries to have their servers outside the US). Critics theorize this is little to with technical distributed computing reasons but to be in readiness to self censor their content as LL seems to have had the opinion from Ozzie officials that Second Life in its current form would be "offensive". IE: against the law...like Child Porn etc.
Google needs the tools to "keep sweet" with local authorities. These DNS changes would help them avoid being like Linden Labs situation.
In post Patriot Act America, the library books scan you.
If you don't trust the website then why are you trying to connect to it?
Free ringtones.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
This is crap. You don't need user's IP address for load balancing. The only motives behind this are propaganda and psyops. For instance, this move will allow US to block traffic to certain sites from certain countries and then claim that access failures are due to censorship imposed by that country's government.
The largest prime factor of my UID is 263267.
The way things currently work, really makes sense for most people. Your ISP is a single hop away and you want the authorities to talk to it (not you) so that it can cache the result. And it's ok to have that extra traffic between the recursive resolver and you, because it's not a long ride.
But what Google is asking for also makes sense -- if you're using a far-away recursive resolver.
And the very premise of that is stupid. Why the fuck would anyone want to use Google for DNS, instead of something closer (e.g. either their ISP or even a box on their very own LAN)?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Or it would send a user from Iran or Libya to a 'domain name doesn't exist' server.
And who would be the victims? The same people whom Google is claiming to be fighting for.
The largest prime factor of my UID is 263267.
No, it narrows you down to somewhere within 252ish public IP addresses (even considering IPv6, which contains a standard rest-of-the-address to "encapsulate" IPv4). Very few people (I'll even go so far as to say "the majority of users") on broadband services across most of the world truly appear to the outside world as an actual unique IP address, which is to say you and the guy at the desk/apartment/house/whatever next to you has a discrete and separate network address from you. Your connection is generally going to be NAT translated in some form or another from a private-network-space IP address to a public address. You will appear, to the world, to be generally the same "computer" as several users around you in the network.
This space for rent. Call 1-800-STEAK4U
So even if your resolver DNS already has the answer cached, it's supposed to transmit the request again so the authoritative server can see the requesting client's IP network, and possibly return a different answer. Is it supposed to cache that, or not? Is a resolver supposed to use this extension for all queries, or only load-balanced ones? The draft includes no mechanism for specifying whether a particular query should or should not use the extension. I assume then that a resolver patched with this extension would use it for all queries, which would completly negate the benefits of caching.
So Google thinks obsoleting the DNS cache will help speed up web browsing? Really?
Edith Keeler Must Die
This all sounds totally crazy if you're Paul Vixie and have written a little article titled What DNS Is Not which specifically mentions that it shouldn't be used for this.
How quickly we forget.
I want my Cowboyneal
I was under the impression my ISP was giving me a public IP Address - and thats what I was paying for. I am of course behind my own NAT Table on my Personal Router.
What's with the irrational Google hating?
/.has turned into April 1st. I never know which stories are terrifically blown out of proportion, terribly written, or just straight up lies (ie this article). Maybe we should actually read TFA before ranting about it? Or putting it on the front page... :( CmdrTaco....
Can we at least find legitimate reasons to get upset?
I feel like every day on
As others have said, the proposed change is not even to add your entire IP, just the bit that gives your general area. And they have your IP as soon as you use TCP anyway. Welcome to Internet.
This will completely destroy IP rotation aka load balancing. I hope they aren't allowed to do it.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
And I see this as one. It does possess the potential and near certainty of improving the results of CDN targeting for users who use non-local DNS servers for resolution. Many of these third party non local DNS providers are thriving because so many 'service providers' are so utterly inept at delivering the net keystone component, DNS resolution. I don't now, and have not for many years rely on provider DNS servers for exactly this reason. This will help the third party DNS providers enable CDNs to do a better job. It will allow a better hit rate for sites that try to geotarget (we do). It has some very interesting potential side effects in the war on spam, botnets, hijacked IP blocks, etc which I won't get into or forget. Does it reduce fundamental anonymity somewhere? Maybe, but really I think that impact is lost if you actually make the connection to the A record you are given, I mean really, if your DNS request was tagged from 172.16.254.0/24, and then you connect to my server from 172.16.254.5, ah where is the foul? (RFC 1918 example IP addresses used to protect the innocent IP addresses). It does mean that I can tell you 'piss off mate' at the DNS level rather that doing it at the network service level which has some potential usefulness/humor value/abuseability but really only if you actually use a DNS server that has the extensions. Could some genius ISP think, "oh, we will railroad you into using this" ? Perhaps, but that will only captivate those who choose to be captivated, PAT, vpns, tunneling, anybody who wants to will drill a walk right through sized hole in that in short order. So, at the end of the day, personally, while I am a bit miffed about some of Google's other recent activity (the broken on off switch on the toolbar tracking and other BigBroMo activity comes to mind) I think this does have some strong technical merits and it's ability to be used in an evil manner is very limited in my opinion.
Sounds like a terrible idea to me.
If a caching DNS server that serves multiple users in multiple countries, then suddenly, it's not caching anymore.
If there are multiple possible IP addresses that I can be directed to, why not just send all of them to me, and let me (my DNS server) decide which one is best?
What if have more than one IP? Which one should I use?
How often is it, really, that the route to the DNS server isn't the best route anyway? I.e. is the tiny benefit of a slightly better route for a handful of people really worth making a change to something as basic as the DNS protocol?
I'd rather see a way to redirect the connection - cut out the DNS middleman.
The company I work for has a Class A IP network and is not based on the US.
I'm physically located in Atlanta, but all of the existing geolocation services which I am aware of that use my exposed IP address seem to want to place me in the center of Europe somewhere.
Will this be smart enough to do better?
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
How about no?
Z E R O benefit to this bullshit.
We've been running into this wall for a while, and let me tell you, the workaround is the most disgusting mess imaginable. Trying to manage views/geolocation when everything is hidden behind a caching server is horrible. There is no car analogy.
Sure, this might give google more information about you, but frankly, they already have it if you're querying their servers (directly). Where this benefits them, and other content players, is when they aren't the default DNS server. This allows them to know that you're coming from say, your city, as opposed to the city where your ISPs DNS server is. I would imagine for huge ISPs in the states, their DNS infrastructure is probably, at best, regionalized (east, central, west?). This would allow google/ms/anyone to get a much better idea as to where you are actually coming from, to provide you with much better content. As well, it makes managing DNS much easier.
Two thumbs up for this.
Next up - a DNS management protocol (http://tools.ietf.org/html/draft-ietf-dnsop-name-server-management-reqs-03)...
We emerge from our mother's womb an unformatted diskette; our culture formats us. - Douglas Coupland
The very first sentence of TA "...a group of DNS and content providers, including Neustar/UltraDNS and Google are publishing a proposal..." It's a way for providers of content and providers of DNS service to collude.
My next sig will be ready soon, but subscribers can beat the rush
If you can learn how to use "tor", "stunnel", or "socks", you can simply appear to be coming from a different IP. This really doesn't seem to be a big deal. It doesn't sound much different from the root server anycast system currently in place that allows an IPv4 root server query to be routed to the actual root server closest the IP of the requesting server. The change I see is that instead of managing the server's IP (which often can identify the ISP of the requestor anyway) this identifies the class C subnet of the requesting client. (Get the grease off yer tinfoil hats on, Slashdotters!)
1. Load-balancing doesn't belong in the DNS spec, and neither does location awareness. If you want to handle me differently based on my location, do it after I've found you. Tacking this onto DNS risks unexpected consequences beyond the political.
2. From the article:
"providing enough information to the authoritative nameserver to determine your network location, without affecting your privacy."
Um, maybe I consider my location private. Would you mind asking me if I do first, ok? Thanks. And I do, so don't add this to DNS.
And if this isn't reason enough, refer to problem #1 above.
I get it. An idea to let DNS help you do something UNRELATED to DNS. Don't
Where oh where is John Postel when you need him? May his spirit move us away from this...
deleting the extra space after periods so i can stay relevant, yeah.
To: DNSEXT (DNS Extension Working Group, Internet Engineering Task Force)
From: Paul Vixie
Date: Thu, 28 Jan 2010
"I don't think that's a general enough solution to be worth standardizing.
please investigate the larger context of client identity, beyond the needs
of CDN's."
I also agree with his later statement in the same thread:
"it may be too dangerous in any form but that's a separate issue."
-- Terry
Googles answer to the China problem?
The proposal says they would only use the first three octets. And users could just use a different DNS server if they had a restrictive servers that blacklisted Iran or whatever.
Or as someone upstream, I could redirect all the requests in a 252 machine block to force them through a transparent proxy server so that I can monitor them. It sure makes it easier on my monitoring servers to not have to monitor everything, and on my network infrastructure, if I can monitor things with a high locality, instead of doubling or tripling my traffic to proxy things non-locally.
This seems to be Googles answer to the China problem; by making it an infrastructure issue rather than a source-filtering issue, they get to be the "do no evil" people once again, offloading the nefarious actions onto the Chinese government, so that they can have a "clean conscience", without losing access to the Chinese market.
-- Terry
Seen in the article:
I have no problem with the first 24 bits if it's IPv6.
So all this can be seen as a new way to "organise the Internet information" according to them.
In other word inviding again your privacy silently.
If this was to be implemented, one could associate the IP sub network with a web site names without any need to use a search engine. Great for profiling. If performance was the issue, a better set of regional DNS caches would be more relevant here.
I cannot help but suspect some hidden motives here.
Now while this could theoretically be used to censor regions of users, it could not be used to expose you (since it isn't the complete IP address)
Sure it could expose me. I have my own Class-Cs - two of 'em. When I'm on one the first three octets point straight to me.
When I'm running from my DSL I have an eight-IP address block (broadcast / broken-broadcast / modem / five-usable) so first three octets point to a group of 32 of which I'm one. For DSL users with one-usable it points to a group of 64 users of which they're one. For unfettered PPP (such as dialup), where the IP addresses can be arbitrary, it's still one-in-256.
Sorry, guys. One-in-64 (or even one-in-256) is too close to home for me.
Doubly so because, once it's down to one-in-256, some governments will be willing to bust up to 255 innocents to get one guy they REALLY don't like. I don't like the idea, when I'm on the road, of being one of the innocent up-to-255 when some terrorist, spy, or whatever uses a dialup and we "win the lottery" and end up with the same first-three-octets.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Since all Swedish internet traffic that crosses our borders is nowadays monitored by FRA (roughly NSA to you Americans), this could give companies an option to route traffic from Sweden directly to Swedish servers, without needing a redirect from the foreign servers. Of course, FRA could still see the request from the local DNS to the authorative DNS, but assuming this traffic is encrypted, it would make the FRA law look increasingly stupid and ineffective.
If sketchy porn sites can figure out within 50 miles where I am based off my ip I bet google and akamai can do it to figure it out too.
Shouldn't be this be left to your ISP?
Your ISP should provide you the resolver that results in the most efficient results for your connection. Your ISP can make these division much better than CDN's ever can because you ISP knows exactly which pipe goes where with what capacity.
My neighbor and me my be very near to each other but if we're on the border of some local loop divide we could be on totally different pipes of the same ISP, entering the net in different places. This is something my ISP knows and a CDN can only guess.
I'm pretty sure it's because they don't like censoring. They are publicly willing to sacrifice millions of dollars in revenue for an ideal. Yet, all you knuckle heads seem to be bickering about how evil Google is? Yikes. They've done nothing but push the internet forward at a pace much more rapid than anyone else.
DO NOT FIX!
WWVD?
http://en.wikipedia.org/wiki/Paul_Vixie
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
They are doing this on purpose: They hope that every ISP will upgrade
their resolvers to support this feature (and basically turn them from caching
to relays).
They started to try to kill caching servers a long time ago by using very
aggressive TTL values (and the ISP on the other side set rules on their
resolvers to ignore TTL reasonable_value)
Than, which content providers have the global infrastructure to
bring authoritative servers close to the eyeballs everywhere? Google and maybe
Akamai.
> Will this be smart enough to do better?
No. Present geolocators look at your IP and conclude that you are in Europe. This will look at the first three octets of your IP and conclude the same thing.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The argument against this proposal appeared in Paul Vixie's "What DNS Is Not" published in ACM Queue. See
http://queue.acm.org/detail.cfm?id=1647302
The section heading "Stupid DNS tricks" sums up the article.
Paul is the long-time maintainer of BIND, the most popular DNS server.
All this I-D does is provide authoritative nameservers with more precise information about the user than just the IP address of their recursive resolver.
What an authoritative nameserver decides to do with the information has nothing to do with it, and I'm pretty sure Google and Akamai are smart enough to deal with the /8 of your employer.
It's easy for you to check. If "ping www.google.com" gives you a RTT of >100ms, they're apparently dumb (or your nameserver is also too far away from you, maybe..). If the RTT is something sane (say, <30ms?) they figured out the /8 doesn't live all in one place.
Proper CDNs don't just guess where you are from WHOIS information.
How did this get modded to a +5? Probably by Google employees, no doubt.
"do you think that Google of all companies really wants to endanger your privacy?"
Google's entire business model is about endangering your privacy as much as possible, and selling it as much as possible. And that's why they've been so hot to trot about hacking DNS for their own benefit.
Yes, your local resolver knows your IP address. Yes, the final site knows your IP address, and yes the authoritative DNS server is probably associated with the site which will know your IP address.
However, unless DNS has drastically changed, it's not a two hop journey. Your local DNS server doesn't go straight to the authoritative server for a domain to get the ip address of the site(at least it's not supposed to). As I remember it, if you get a cache miss, the request goes to the root DNS server for that TLD, which then passes it down the chain until each segment of the dns name has been resolved. It doesn't go straight from your dns server to www.slashdot.com it goes through the root server for .com first.
That would mean that under this change the folks running the Christmas Island TLD would be able to tell within a reasonable distance exactly where the people looking at goatse live whereas before they'd only know what dns resolver they were using.
That may or may not be a big deal, but it is a concern, and could potentially allow blacklisting at a level we haven't seen before. China could block people from the west from using google.cn regardless of which dns resolver they use and with no concern for what google themselves might think. It's actually much more interesting to block people who know what the uncensored content looks like from seeing the censored version than you might think.
Google: Hey I decided to create a DNS service, ditch your ISPs DNS and use mine.
Me: Why?
Google: Cause then we can find out exactly what you are browsing for and when. We can even correlate your DNS behaviour with our search results. This way we can even take an educated guess at what other search engines are doing.
Me: Sweet, but by pointing at the Google DNS, won't I break stuff like location awareness.
Google: Yep, thats why we want to change the way DNS works.
Me: So now every DNS client needs to be changed so that Google can get better search results, That doesnt sound evil at all!
Google: Exactly
Google: Next we will get DNS servers to forward their logs to www.google.com/dnsanalytics
Me: Why?
Google: Just in case users dont use the Google DNS, then we can still get all the data that we need, the DNS owners will give it to us.
Me: Sweet, finally I will get some targeted ads.
262 comments
msgs modded at 5 = 11: 10 are blatantly pro-Google, the other one = 5 Funny
The moderation system is geing vandalized by Google fan boys.
What's in a sig?
doesn't impress the babes anymore
now you have to own your own Class-C before a woman even gives you a second glance
and even then, they'll still flock to those assholes strutting around with those Class-Bs
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"1. You do a DNS lookup. Your DNS server has your full IP address." - by natehoy (1608657) on Thursday January 28, @04:08PM (#30941196)
That entire scenario gets stalled if you use a custom HOSTS file with hardcoded IP address to hostname/domainname equations in it set there since the hosts file is typically the first thing your bsd based IP stack goes looking to when attempting to resolve these addresses to an IP.
E.G.:
216.34.181.48 www.slashdot.org
Avoids having to perform that lookup to a DNS server for this website's IP address period.
To make certain this occurs first, in Windows at least, you check this area:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider]
"LocalPriority"=dword:00000006
"HostsPriority"=dword:00000005
"DnsPriority"=dword:00000007
"NetbtPriority"=dword:00000008
(LOWER NUMBERS HERE = GREATER PRIORITY and as you can see? I assign my HOSTS file the greatest priority)
And you make sure the HOSTS file you use is not redirected, here in this registry entry (which does allow you to move it if you wish even):
In regedit.exe's right-hand-side pane, follow this path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& in the left-hand-side pane of regedit.exe, you change the DataBasePath path value there to the disk & folder you wish to place your HOSTS file in.
Pretty simple. NO anonymous proxies, or TOR, or whatever else required.
So why, on planet Earth, do I need some "performance improvements" from google? Maybe because they aren't happy with how "popular" the http://code.google.com/speed/public-dns is?
When you use Google's public DNS, it means you will be able to connect to local CDNs (e.g. Akamai) as they will be able to tell where you are.
Oh and I'm sure the Goog wants to do some sort of evil advertising stuff, which is fine by me as they already pwn me.