Google has unveiled Google Public DNS, a free, global Domain Name System (DNS) resolution service giving users an alternative to their current DNS provider.
Domain name systems (DNS) translate website names typed into web browsers into numerical IP addresses that identify website on the internet.
This process is currently handled by ISPs – and not always particularly well as some O2 customers may testify – but Google says its experimental Public DNS is faster and could help significantly improve security.
Changing your DNS
To give Google Public DNS a go, you’ll need to change your network settings so that website requests go to the Google service and not your ISP.
As Google explains, “in most cases, the IP addresses used by your ISP’s domain name servers are automatically set by your ISP via the Dynamic Host Configuration Protocol (DHCP). To use Google Public DNS, you need to explicitly change the DNS settings in your operating system or device to use the Google Public DNS IP addresses.!
Changing these settings isn’t that difficult, but because the procedure varies according to operating system and version, Google have posted up a set of detailed instructions here.
“As people begin to use Google Public DNS, we plan to share what we learn with the broader web community and other DNS providers, to improve the browsing experience for internet users globally,” says Google product manager Prem Ramaswami on the Google blog.
“The goal of Google Public DNS is to benefit users worldwide while also helping the tens of thousands of DNS resolvers improve their services, ultimately making the web faster for everyone.”
OpenDNS have been running an alternative DNS service since 2005, and as you might imagine, company founder David Ulevitch isn’t too chuffed at Google shoving their big fat oar in, and was quick to hint at lurking dodginess:
You have to remember [Google] are the largest advertising and redirection company on the internet,. To think that Google’s DNS service is for the benefit of the internet would be naive. They know there is value in controlling more of your internet experience and I would expect it to explore that fully.
Here’s Google’s introduction to Google Public DNS:
Why Google Public DNS?
As web pages become more complex and include more resources from multiple origin domains, clients need to perform multiple DNS lookups to render a single page. The average Internet user performs hundreds of DNS lookups each day, slowing down his or her browsing experience. As the web continues to grow, greater load is placed on existing DNS infrastructure.
Since Google’s search engine already crawls the web on a daily basis and in the process resolves and caches DNS information, we wanted to leverage our technology to experiment with new ways of addressing some of the existing DNS challenges around performance and security. We are offering the service to the public in the hope of achieving the following aims:
- Provide end users with an alternative to their current DNS service. Google Public DNS takes some new approaches that we believe offer more valid results, increased security, and, in most cases, better performance.
- Help reduce the load on ISPs’ DNS servers. By taking advantage of our global data-center and caching infrastructure, we can directly serve large numbers of user requests without having to query other DNS resolvers.
- Help make the web faster and more secure. We are launching this experimental service to test some new ways to approach DNS-related challenges. We hope to share what we learn with developers of DNS resolvers and the broader web community and get their feedback.
Google Public DNS: what it is and isn’t
Google Public DNS is a recursive DNS resolver, similar to other publicly available services. We think it provides many benefits, including improved security, fast performance, and more valid results. See below for an overview of the technical enhancements we’ve implemented.
Google Public DNS is not, however, any of the following:
- A top-level domain (TLD) name service. Google is not an operator of top-level domain servers (generic or country-code), such as Verisign.
- A DNS hosting or failover service. Google Public DNS is not a third-party DNS application service provider, such as DynDNS, that hosts authoritative records for other domains.
- An authoritative name service. Google Public DNS servers are not authoritative for any domain. Google maintains a set of other nameservers that are authoritative for domains it has registered, hosted at ns[1-4].google.com.
- A malware-blocking service. Google Public DNS does not perform blocking or filtering of any kind.
Overview of benefits and enhancements
Google Public DNS implements a number of security, performance, and compliance improvements. We provide a brief overview of those enhancements below. If you’re a developer or deployer of DNS software, we hope you’ll also read the technical information pages on this site for more information on these features. Ultimately, our hope is to share our insights and inspire the community to adopt some of these features in all DNS resolvers. The changes are grouped into 3 categories:
- Performance. Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. In addition to load-balancing user traffic to ensure shared caching, Google Public DNS implements “smart” caching to increase the speed of responses. Google Public DNS independently resolves domain names and keeps the resolutions in the cache until their time-to-live (TTL) expires, at which point they are automatically refreshed. The cycle of caching and refreshing is performed offline, asynchronously with user requests, so that responses are almost always available directly from cache. For more information, see the page on performance benefits.
- Security. DNS is vulnerable to various kinds of spoofing attacks that can “poison” a nameserver’s cache and route its users to malicious sites. The prevalence of DNS exploits means that providers have to frequently apply server updates and patches. In addition, open DNS resolvers are vulnerable to being used to launch denial-of-service (DoS) attacks on other systems. To defend against such attacks, Google has implemented several recommended solutions to help guarantee the authenticity of the responses it receives from other nameservers, and to ensure our servers are not used for launching DoS attacks. These include adding entropy to requests, rate-limiting client traffic, and more. For more information, see the page on security benefits.
- Correct results. Google Public DNS does its best to return the right answer to every query every time, in accordance with the DNS standards. Sometimes, in the case of a query for a mistyped or non-existent domain name, the right answer means no answer, or an error message stating the domain name could not be resolved. Google Public DNS never blocks, filters, or redirects users, unlike some open resolvers and ISPs.
