World Library  
Flag as Inappropriate
Email this Article

Google Public DNS

Article Id: WHEBN0025295524
Reproduction Date:

Title: Google Public DNS  
Author: World Heritage Encyclopedia
Language: English
Subject: Norton ConnectSafe, Name server, Browser security, DNS hijacking, Google services
Collection: Alternative Internet Dns Services, Google Services, Internet Privacy, Internet Properties Established in 2009
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Google Public DNS

Google Public DNS is a Domain Name System (DNS) service offered by Google. It functions as a recursive name server providing domain name resolution for any host on the Internet. The service was announced on 3 December 2009,[1] in an effort described as making the web faster and more secure.[2][3] According to Google, as of 2013, Google Public DNS is the largest public DNS service in the world, handling more than 130 billion requests per day.[4]

Contents

  • Service 1
  • Privacy 2
  • History 3
    • DNSSEC 3.1
    • Censorship in Turkey 3.2
  • See also 4
  • References 5
  • External links 6

Service

Google Public DNS operates recursive name servers for public use at the following IP addresses:[5] 8.8.8.8 and 8.8.4.4 for IPv4 service, as well as 2001:4860:4860::8888 and 2001:4860:4860::8844, for IPv6 access.[6] The addresses are mapped to the nearest operational server by anycast routing.[7]

The service does not use conventional DNS name server, such as BIND, instead relying on a custom-built implementation, with limited IPv6 support, conforming to the DNS standards set forth by the IETF. It fully supports the DNSSEC protocol since 19 March 2013. Previously Google Public DNS accepted and forwarded DNSSEC-formatted messages but did not perform validation.[8][9]

There have been instances of DNS providers practicing DNS hijacking while processing queries, that is, redirecting web browsers to an advertisement site operated by the provider when a nonexistent domain name is entered. This is considered an intentional breaking of the DNS specification.[10] The Google service correctly replies with a non-existent domain (NXDOMAIN) response.[11] The correct implementation of the DNS specification is a reason to justify using the service.[12]

The Google service also addresses DNS security. A common attack vector is to interfere with a DNS service to achieve redirection of web pages from legitimate to malicious servers. Google documents efforts to be resistant to DNS cache poisoning, including “Kaminsky Flaw” attacks as well as denial-of-service attacks.[13]

Google claims various efficiency and speed benefits,[14] such as using anycast routing to send user requests to the closest data center, over-provisioning servers to handle denial-of-service attacks, and load-balancing servers using two cache levels, with a small per-host cache containing the most popular names and another pool of servers partitioned by the name to be looked up. This second level cache reduces the fragmentation and cache miss rate that can result from increasing the number of servers.

Privacy

It is stated that for the purposes of performance and security, only the querying IP address, which is deleted after 24-48 hours, ISP, and location information (kept permanently) are stored on the servers.[15][16][17]

According to Google's privacy policy, "We [Google] may combine personal information from one service with information, including personal information, from other Google services". While there is no mention of the DNS service in the main policy—the privacy page of the DNS service states that information is not "correlated or combined" with "personally identifiable information"—the question remains whether a generic but persistent tracking identity is considered "personally identifiable information".[18]

While the above blanket Google privacy policy applies to all Google owned properties, Google has taken additional steps to clearly define and narrow the scope of its blanket privacy policy in respect to Google Public DNS. Google Public DNS specifically states, "We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services."[19]

History

In December 2009, Google Public DNS was launched with its announcement[20] on the Official Google Blog by product manager Prem Ramaswami, with an additional post on the Google Code blog.[21]

DNSSEC

At the launch of Google Public DNS, it did not directly support DNSSEC. Although RRSIG records of course could be queried, the AD flag (Authenticated Data, meaning the server was able to validate signatures for all of the data) was never set in the launch version. This was upgraded on 28 January 2013, when Google's DNS servers silently started providing DNSSEC validation information,[22] but only if the client explicitly set the DNSSEC OK (DO) flag on its query.[23] This service requiring a client-side flag was replaced on 6 May 2013 with full DNSSEC validation by default, meaning all queries will be validated unless clients explicitly opt out.[24]

Since June 2014, Google Public DNS automatically detects nameservers that support edns-client-subnet (ECS) options as defined in the IETF draft (by probing nameservers at a low rate with ECS queries and caching the ECS capability), and will send queries with ECS options to such nameservers automatically.[25]

Censorship in Turkey

In March 2014, use of Google Public DNS was blocked in Turkey after it was used by users to circumvent the blocking of Twitter, which took effect on 20 March 2014 under court order. The block was the result of earlier remarks by Prime Minister Tayyip Erdogan who vowed to "wipe out Twitter" following damaging allegations of corruption in his inner circle. The method became popular after it was determined that a simple domain name block was used to enforce the ban, which would easily be bypassed by using an alternate DNS system. Activists distributed information on how to use the service, and spray-painted the IP addresses used by the service as graffiti on buildings. Following the discovery of this method, the block was changed to directly block Twitter's IP address, and Google Public DNS was blocked entirely.[26][27][28][29]

See also

References

  1. ^ Geez, Google Wants to Take Over DNS, Too Wired, 3 December 2009
  2. ^ Introducing Google Public DNS, Official Google Blog
  3. ^ Pondering Google's Move Into the D.N.S. Business New York Times, 4 December 2009
  4. ^ Gu, Yunhong. "Google Public DNS Now Supports DNSSEC Validation". Google Online Security Blog. Retrieved 20 March 2013. 
  5. ^ Google DNS Speed
  6. ^ Mario Bonilla   View profile    More options (2011-06-09). "Announcement on public-dns-announce". Groups.google.com. Retrieved 2012-10-10. 
  7. ^ Google DNS FAQ Countries
  8. ^ "Frequently Asked Questions". Retrieved 4 December 2009. 
  9. ^ Google Online Security Blog: Google Public DNS Now Supports DNSSEC Validation
  10. ^ "Public DNS Server with no hijacking!". Retrieved 22 Jun 2012. 
  11. ^ What Is NXDOMAIN? Email PDF Print Mar/13/12 (2012-03-13). "What Is Nxdomain?". Dnsknowledge.com. Retrieved 2013-05-24. 
  12. ^ "Google Launches Public DNS". Retrieved 22 June 2012. 
  13. ^ "Google Public DNS Security Threats and Mitigations". Retrieved 22 June 2012. 
  14. ^ "Google Public DNS Performance Benefits". Retrieved 22 June 2012. 
  15. ^ "Public DNS Privacy FAQ". Code.google.com. 2012-10-05. Retrieved 2012-10-10. 
  16. ^ "Google Privacy Policy". Google.com. 2012-07-27. Retrieved 2012-10-10. 
  17. ^ "Google Public DNS and your privacy". PC World. 4 December 2009. 
  18. ^ "Google Privacy Policy". Google.com. 2014-03-31. Retrieved 2014-7-1. 
  19. ^ "Your Privacy". developers.google.com. Google. Retrieved 11 August 2014. 
  20. ^ Introducing Google Public DNS Official Google Blog, 3 December 2009
  21. ^ "Introducing Google Public DNS". Google Code Blog. 3 December 2009. 
  22. ^ "Google's Public DNS does DNSSEC validation". nanog mailing list archives. 29 January 2013. 
  23. ^ Huston, Geoff (17 July 2013). "DNS, DNSSEC and Google's Public DNS Service". CircleID. 
  24. ^ "Google Public DNS Now Supports DNSSEC Validation". Google Code Blog. 1 June 2013. 
  25. ^ Public-DNS-announce mailing list: Google Public DNS now auto-detects nameservers that support edns-client-subnet
  26. ^ "Turkish citizens use Google to fight Twitter ban". The Verge. Retrieved 24 March 2014. 
  27. ^ "Twitter website 'blocked' in Turkey", BBC News, 20 March 2014. Retrieved 23 March 2014.
  28. ^ "'We'll eradicate Twitter': Turkey blocks Twitter access", PCWorld, 21 March 2014. Retrieved 22 March 2014
  29. ^ "Turkey becomes first country ever to ban Google DNS". Today's Zaman. Retrieved 24 March 2014. 

External links

  • Official website
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.