Google has just launched its very own public Domain Name System resolver, with which the company hopes to speed up internet traffic. The search giant claims its DNS is more secure (through protection against cache poisoning attacks) and faster than others.
Post a Comment
Member since:
2006-03-20
Is it me, or is google going to own everything critical to life in future - your connectivity, your access to information, it'll choose what you can and can't see, it'll know you and your thoughts and habits better than you, ... it'll be more powerful than any government.
edit - "google respects privacy and never redircts, blocks" - we've seen this to be false. Google v China?
Edited 2009-12-03 23:03 UTC
Member since:2005-07-17
Member since:2005-07-24
They said they wouldn't do that for the DNS -- it has a completely separate privacy policy, like it said in the article.
And I'll cut Google some slack there. A totalitarian government comes to you and says you can either censor some things or get out. Assuming that you care at all about getting information to the citizens who need it... as a search provider from a less totalitarian country, can you help most by getting out or by staying in the game? And yes. Despite my criticisms of my home country, I do think that we are less totalitarian than China.
Edited 2009-12-04 01:19 UTC
Member since:2005-06-29
Member since:2005-09-13
Member since:2007-03-26
So long as the technology is open (as are a lot of their technologies) then developers can use Googles R&D for their products (so long as said developers don't infringe on Googles license)
Sure, Google might own the code, but unfortunately the big leaps can only be accomplished by corporations with big budgets.
So I'd favour corporation like Google and Sun (RIP) who open their technologies than corporations like Microsoft and Apple who close theirs.
edit - "google respects privacy and never redircts, blocks" - we've seen this to be false. Google v China?
That's a whole other debate.
Google were faced with the choice of being censored or banned entirely. At least this way, they can provide some service even if it's a limited one.
In a free country, Google will still stick to their "freedom" policy (as proven with the Google vs White House case recently regarding photoshopped pictures of the US Presidents wife).
Member since:2006-10-27
What do you suggest? Should a corporation act against governmental law? Consequence? It will be kicked out of the country and justifiably so.
You should respect the laws of the country you're doing your business!
Censorship sucks but constitutionality is more important. In Germany there is also censorship and Germany is a democracy but nobody talks about German or EU censorship because China is the bad red guy?
To the point: Corporations should obey the law of the countries they are doing their business and Google did it. Whether this law is "right" or "false" is a completely other question.
Edited 2009-12-04 13:20 UTC
Member since:2006-03-30
You should respect the laws of the country you're doing your business!
So if South Africa were still under Apartheid, and the government made laws prohibiting websites which were critical of the system and called for reform, you would support Google in its decision to go ahead and delist & block those sites? It is after all, the law, right?
Wait, what? I assume by 'constitutionality', you roughly mean sovereignty, or a government's right to have its own laws. And assuming that, I'll completely disagree! You realize what you're saying? You're saying that a government's rights are somehow MORE important than the people of that country. Nope, sorry, a government is there to serve its people. "The government" as some entity does not have more rights than human beings. At least, it shouldn't.
The censorship in Germany is completely different than the censorship in China. Don't even pretend they're comparable. This isn't about unfounded anti-red anger; I don't care what label you give China's government: call it communist, call it a Democracy for all I care. What matters are the pervasive human rights violations perpetrated against anyone who dissents against a government run by a small, elitist, racist, sexist minority which seeks only its own benefit at the peril of its people and squelches out those who would have it another way.
To the point: Corporations should obey the law of the countries they are doing their business and Google did it. Whether this law is "right" or "false" is a completely other question.
Why do you put right and false in quotes? There is Truth. Not everything is relative. For example, this is True: laws exist for the good of people. They exist so people can live and flourish safely. The second they cease to be for the good of people they cease to be valid laws. To paraphrase what Martin Luther King wrote in an Alabama jail, an unjust law is not a law worth following. Google's decision to go along with the demands of China's government is motivated by profit alone. At very least they should refuse to do business there.
Member since:
2009-05-20
So now they want to own also your DNS traffic?
Scary.
Somehow this doesn't quite reassure me:
Google has obviously recognized the sensitivity of this issue," Weinstein writes, "Their separate privacy policy for the Google Public DNS strikes me as utterly reasonable, particularly given its very rapid (24-48 hours) deletion of what I would consider to be the key privacy-sensitive data.
Edited 2009-12-03 23:17 UTC
Member since:2005-07-24
Not at all. They own your email. Your spreadsheets. Your wordprocessing documents. Your search history. Your browsing history. The successor to the http protocol. And DNS. Your old Usenet posts. And, oh, all the satellite imagery of your work, home, and the the neighborhood where any mistress might live.
That's a long way from owning you. And besides, they're going to make it all faster.
Only after you start using Chomium OS will they own you outright.
Edited 2009-12-03 23:21 UTC
Member since:2009-05-20
"The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power. What pure power means you will understand presently. We are different from all the oligarchies of the past, in that we know what we are doing. All the others, even those who resembled ourselves, were cowards and hypocrites. The German Nazis and the Russian Communists came very close to us in their methods, but they never had the courage to recognize their own motives. They pretended, perhaps they even believed, that they had seized power unwillingly and for a limited time, and that just round the corner there lay a paradise where human beings would be free and equal. We are not like that. We know that no one ever seizes power with the intention of relinquishing it. Power is not a means; it is an end. One does not establish a dictatorship in order to safeguard a revolution; one makes the revolution in order to establish the dictatorship. The object of persecution is persecution. The object of torture is torture. The object of power is power."
Member since:2006-03-20
Member since:2005-07-06
That's a long way from owning you. And besides, they're going to make it all faster.
Only after you start using Chomium OS will they own you outright.
Heh.
"Leela: Didn't you have ads in the 21st century?
Fry: Well sure, but not in our dreams. Only on TV and radio, and in magazines, and movies, and at ball games... and on buses and milk cartons and t-shirts, and bananas and written on the sky. But not in dreams, no siree."
Member since:2005-07-24
Member since:2009-05-20
No, it is not just you.
I don't know what is the most frightening thing about this all. That one company controls everything for those poor souls that get along with it? Or that the future of the internet looks more and more commercial? Or that the future of the internet looks much like the television, spiced up with advertisements from the Cloud and 1984-style infrastructure for the possible 1984-style controls in the future?
Member since:2007-08-22
Well they're doing it using the standards. So really - anyone could come along and do the same thing. There's no tie-in to Google. You are free to use Google or not to use Google - it's your choice.
As opposed to Microsoft who does with their own pseudo-standards that only work with Microsoft and Microsoft Partner software.
I'd say that's not being evil [EDIT ->] on Google's part.
Edited 2009-12-04 15:43 UTC
Member since:2005-07-06
I'm kind of on the fence about Google. On one hand, they're approaching Microsoft-levels of dominance in several areas - but on the other hand, they do seem to have largely come by it honestly (by putting out stuff that usually works well). And while I don't really like the idea of Google having an undue amount of influence over fundamental Internet technologies, it does appear that they're acting out of "enlightened self-interest."
I'll probably reserve judgment until I see Google do something actively, umabiguously evil - as opposed to actions that are potentially-evil. But I certainly wouldn't E.g. use Google Docs to store any sensitive information, or use GMail-for-domains for company EMail.
Member since:2006-01-06
That's a long way from owning you
It's a slippery slope, and I can't even imagine why I would ever want to use Google's DNS servers. Ever. Certain infrastructure should never be monopolized by a single company -- and, clearly, Google aims to do precisely that.
Edited 2009-12-04 03:45 UTC
Member since:2007-01-17
And, somehow, by offering you the choice to use their DNS resolvers, they're planning monopolize the infrastructure of the Internet? You might want to put the tinfoil hat away and get a little perspective. Verisign's old plan to redirect invalid queries to ad pages does much more harm than a choice of another DNS resolver.
Member since:
2006-06-22
I am getting a ping time of about 180ms to these Google DNS servers from New Zealand. It is probably hitting their US or Japan servers. Would be lower if they had DNS in Australia but doesn't appear to be the case.
Get 10ms to my ISP DNS servers. It is unlikely their lookups would be slower than going across the Pacific ocean to Google.
Member since:2008-08-19
Yeah, it's kind of an odd idea, this one. Their implementation might be good, but an ISP also offers a caching name server, as near to my computer as can possibly be achieved... I don't see how Google can offer any real advantage over that...
Member since:2005-07-14
I don't know how NZ ISPs behave, but the ones most people use in North America are slimy, paint-huffing crack addicts.
AFAIK "all" of the big ISPs in Canada and the US are hijacking failed DNS requests to redirect you to their own services instead of just telling you it's a bad host name.
My ISP (Teksavvy) doesn't, but they're a rather small player compared to Rogers and Bell.
Member since:2006-06-22
Member since:2005-07-06
Rogers Cable certainly does, I haven't seen that from Aliant/Bell yet (just a matter of time, though, since the two appear to be on a relay-race-to-the-bottom). They have some sort of partnership with Yahoo, so failed lookups redirect you to a Rogers-branded Yahoo search page.
For my money, the most annoying thing is that it breaks Firefox's ability to keep invalid URLs out of the auto-complete history. Fortunately, it's fairly simple to "fix" by adding the URL of the search page to your hosts file, pointed at 127.0.0.1 (the old-school ad blocking trick).
Member since:
2009-12-03
Member since:2005-07-24
Member since:2005-07-22
Member since:2005-07-24
H.G.? I thought he wrote "Princess of Mars". Orson Welles did "The War of the Worlds" on radio, and that thing about "Rosebud" on the silver screen. George Orwell wrote the book about about Microsoft, Google, and Carnivore. And that other one about the pigs.
Edited 2009-12-04 02:39 UTC
Member since:2005-07-22
Member since:2005-09-13
Member since:
2005-11-15
Member since:
2005-09-27
Member since:2005-11-15
Member since:2005-09-27
Member since:2007-04-25
Being "visible" on the Internet is often a side effect of having contributed to our common culture - by leading a charity campaign, publishing and presenting technical papers, or creating new media such as books, audio, video, or software. While I suppose you could use a fake name for your contributions, is that really better than using your "real" name?
Guess I'm more puzzled by your view that on-line anonymity is a valuable goal. *shrugs*
Edited 2009-12-04 12:35 UTC
Member since:2005-09-27
Member since:
2007-03-30
Member since:
2009-04-08
Member since:
2005-07-14
Member since:2005-07-24
Member since:2005-09-13
Member since:
2005-07-06
Member since:2007-11-06
I don't think so, at least not from London (Virgin):
ping 208.67.222.222 (opendns)
rtt min/avg/max/mdev = 15.446/15.996/16.719/0.543 ms
ping 8.8.8.8 (google)
rtt min/avg/max/mdev = 22.754/24.848/31.586/3.396 ms
ping 4.2.2.3 (level3)
rtt min/avg/max/mdev = 16.166/16.956/17.564/0.594 ms
Sure, not really a benchmark, but better than nothing.
So for me, opendns and level3's "open" dns are better.
But the absolute best:
rtt min/avg/max/mdev = 0.044/0.044/0.045/0.005 ms
You guessed, 127.0.0.1 :-)
Member since:2006-02-09
Member since:2006-09-10
Ping isn't really a good way to test a DNS server's response time. However my tests pretty much bear out what yours implied:
slight@flight@12:34:02:~$ dig yahoo.com@8.8.8.8
; <<>> DiG 9.6.1-P1 <<>> yahoo.com@8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;yahoo.com\@8.8.8.8. IN A
;; AUTHORITY SECTION:
. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009120400 1800 900 604800 86400
;; Query time: 200 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 4 12:34:16 2009
;; MSG SIZE rcvd: 110
slight@flight@12:34:16:~$ dig yahoo.com@4.2.2.2
; <<>> DiG 9.6.1-P1 <<>> yahoo.com@4.2.2.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58477
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;yahoo.com\@4.2.2.2. IN A
;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009120400 1800 900 604800 86400
;; Query time: 128 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 4 12:34:29 2009
;; MSG SIZE rcvd: 110
slight@flight@12:34:29:~$ dig yahoo.com@127.0.0.1
; <<>> DiG 9.6.1-P1 <<>> yahoo.com@127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12802
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;yahoo.com\@127.0.0.1. IN A
;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009120400 1800 900 604800 86400
;; Query time: 60 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 4 12:34:40 2009
;; MSG SIZE rcvd: 112
Member since:2005-08-18
It's by google. Come on, that alone should make you wet your pants in excitement.
Also, it has no blocking feature so obviously it's really good for companies where..uhmm...you want to...ehh...control access...never mind.
It's by Google!
Member since:2007-12-04
Member since:
2006-03-27
Member since:2005-07-24
Member since:2005-08-18
Member since:2006-09-10
Member since:2005-08-18
Member since:
2006-01-23
If I were truly paranoid, I'd think that Google's best advertisers would control my browsing experience with this and I'd be directed to a page where I had to buy something before I could continue.
However, I think everyone outside Google is a bit spooked by their all-encompassing range of products to let them go too far. In a battle with the Chinese government, they always seem to cooperate, which seems odd.
Most of the U.S.A. could probably benefit from their DNS, regardless of where it takes them. In my experience the DNS always seems to be a weak link. If you don't mind being watched even more, this could be positive.
Member since:
2008-05-26
I can't understand why the appearance of a Google DNS is suddenly the second coming of Stalin.
It's a DNS. Not a proxy. Google can't track your internet activities with a DNS. Theoretically they could know what unique websites you go to, but they already get a lot of this information from their ads, and they get more information from their search engine.
If you're paranoid, then don't use the Google DNS. By default, all internet connections will use their ISPs DNS anyway which makes Google's DNS very much an opt-in proposition.
Now everybody, let's stop being so silly.
Member since:2008-07-15
Well, which specific web sites you visit could be valuable info to Google. Still, apart from getting additional advertisement data (damn you and your ads, Google!) I can't see what advantage there would be to this. Unless your ISP's DNS is so horribly slow, it will always be faster to use that over Google's.
It almost seems like Google wants to have one of every internet-related service just for the sake of having it, whether it's actually useful or not.
Member since:
2006-01-25
A lot of the posts about how this can't be faster than their local ISP's DNS server simply don't seem to understand how DNS works...
First off, comparing ping times to the DNS server itself is meaningless - you are just measuring the 1st hop. The point of Google's implementation is that (for a majority of popular sites) there is _never_ any additional hops. Your local ISP's server may _frequently_ have the answer to a query cached, but it is guarenteed to expire every so often (the authoritive server's TTL), so it will at least occasionally have to perform a recursive query. I used to be the admin of a small ISP. You would be quite surprised how unique traffic patterns are - the vast majority of what was in our caches was there because of a single customer. If they didn't show up for work the next day, the entry would likely expire... Sure it is a shared cache, but that doesn't mean a whole lot when everyone is going to different sites.
A recursive query hits the root servers to get the authoritative server for the domain. Then it has to query that server. This may go through multiple cycles to get an answer, although it is usually only 2 round trips. The point is that THAT traffic is on the backside of the DNS server (it has nothing to do with your locality to _your_ DNS resolver).
So, would you rather have that backside traffic being transferred over you local ISP's rinky-dink connection to the internet, or Google's? I don't have any special knowledge of this, but I would be quite surprised if Google's DNS servers had to send packets very far to get to the root servers...
Anyway, the usefulness of this, imo, depends alot on the resources of your ISP... The fewer customers sharing your ISP's DNS server the less useful it's cache is going to be. Orthogonally, the more customers your ISP has the more burden their server is under, which depending on their hardware and network resources may prove to be a bottleneck.
Regardless, I'm not saying Google's servers will always be better, but they certainly _can_ be better under the right conditions.
To me, the ideal scenario for all of you hardcore geeks out there is to run your own caching DNS server on your machine, and have it use Google's server as a forwarder. That would let you maintain your cache locally to speed up cached responses, but non-cached queries would be handled by Google's servers, which _may_ perform better than your ISP's server (and would almost certainly perform better than doing your own recursive queries). You would have to measure and see, but measuring this way would be meaningful as opposed to measuring simple ping times...
Member since:
2006-04-05
Member since:
2005-07-06
I for one welcome our new google overlords.
While google may be a little evil, changes like this still feel like that small triumph of technology over "Business objectives". I have a hick ISP with an over the air connection and my DNS lookup time is terrible.
I've switched my router to default to google and secondary to the local ISP.
Now, if google would only assign me a nice, unique serial code I could feel complete.. 
Morglum
Member since:
2005-11-11
Member since:
2005-07-06
I've been using and recommending OpenDNS for awhile, and the performance of OpenDNS + my Untangle server is much better than my old Netgear plus ISP provided DNS. And I have the added protection of both OpenDNS and the Untangle box filtering crap, and I control the filtering.
Member since:
2005-07-12
... and ignoring the "they're going to see what domain names I'm looking up" tinfoil hat nonsense, this is going to be a godsend for people who's ISP's are inept at responding to DNS requests (Time Warner Cable that I'm on for example) or for people with servers who's hosting provider provides slow/buggy/painful reverse lookups - making things like user tracking/banning on forums painful. (much less hostname lookups)
I'm wondering though on the 'faster' part if that's going to be placebo effect more than fact. While I'm certain their monster server farms are more likely to respond to a request quickly since they can leverage more database processing power than your average ISP puts in place for the job - is that difference going to make up for what should be longer ping time and more hops to get their than your own ISP...
Well, hang on, let's test that... by pinging google DNS
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=38ms TTL=244
Reply from 8.8.8.8: bytes=32 time=27ms TTL=244
Reply from 8.8.8.8: bytes=32 time=24ms TTL=244
Reply from 8.8.8.8: bytes=32 time=24ms TTL=244
Wow, that's pretty damned fast... Let's see what my time-warner DNS returns for ping time here in New England:
Pinging 209.18.47.61 with 32 bytes of data:
Reply from 209.18.47.61: bytes=32 time=33ms TTL=115
Reply from 209.18.47.61: bytes=32 time=30ms TTL=115
Reply from 209.18.47.61: bytes=32 time=30ms TTL=115
Reply from 209.18.47.61: bytes=32 time=27ms TTL=115
Hmm, that's impressive then, for me at least google pings about the same as my ISP's DNS server... Which means if google's DNS lookups run faster than my ISP's...
SHWEET.
Oh noes, the evil corporations are giving us a free service with improved security... Those of you kvetching about it, do us a favor and go back to figuring out who shot JFK and talking about how listening to a crunchy groove is going to show those evil Eichmann's.
Edited 2009-12-05 18:23 UTC
