×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Look At the Safety of Google Public DNS

kdawson posted more than 4 years ago | from the random-enough-maybe dept.

Security 213

darthcamaro writes "Yesterday we discussed Google's launch of its new Public DNS service. Now Metasploit founder and CSO at Rapid7, H D Moore, investigates how well-protected Google's service is against the Kaminsky DNS flaw. Moore has put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports. The InternetNews report on Moore's research concludes: 'What Moore's preliminary research clearly demonstrates to me is that Google really does need to live up to its promise here. Unlike a regular ISP, Google will be subject to more scrutiny (and research) than other DNS providers.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

213 comments

yep... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30325036)

it's that time of the day. Google post...go figger...

Kaminsky DNS flaw == HOGWASH (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30325054)

Dan K has been on /., never could cite a single example of an in-the-wild, widespread exploit of the Kaminsky DNS flaw.

Kaminsky Bug == HOGWASH

first lookup (0)

Anonymous Coward | more than 4 years ago | (#30325070)

8.8.8.8 is almost as easy to remember as 4.2.2.2

Re:first lookup (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30326524)

One advantage is that unlike 4.2.2.x, you have explicit permission to use this one.

Beware (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30325080)

BadAnalogyGuy is a scientologist, and convicted sex offender.

Re:Beware (0, Funny)

Anonymous Coward | more than 4 years ago | (#30325120)

I find scientology sexually offensive, you insensitive clod!

And the worst case scenario? (3, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#30325114)

It fails miserably, Google revokes it, and we all go back to loving them.

Everyone loves taking a shot at Google, but when they are providing a new FREE service - I can't see it destroying their public image all that much.

Re:And the worst case scenario? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30325236)

You mean like all the times that Microsoft gets blasted when they are just providing a new FREE service? *ducks*

Re:And the worst case scenario? (1, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#30325322)

What service has Microsoft provided to me that was Free? Besides Bing - which is only "blasted" because people don't like it as much as Google.

Everything else Microsoft has, I've had to pay for, so when it doesn't live up to its claims, I can bitch legit because I wasted my money.

Re:And the worst case scenario? (2, Insightful)

outZider (165286) | more than 4 years ago | (#30325396)

Most of the Live services, especially Hotmail.

Re:And the worst case scenario? (1, Funny)

Anonymous Coward | more than 4 years ago | (#30325454)

I would absolutely call Hotmail a service. If by "service" you mean "method of torture".

Re:And the worst case scenario? (3, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#30325714)

Except that no one I knows blasts Hotmail or Live messenger or those services because they do exactly what they aim to do.

Re:And the worst case scenario? (1)

CannonballHead (842625) | more than 4 years ago | (#30325926)

But you claimed that MS hadn't provided a service that was free, I thought?

What service has Microsoft provided to me that was Free? Besides Bing - which is only "blasted" because people don't like it as much as Google.

Everything else Microsoft has, I've had to pay for, so when it doesn't live up to its claims, I can bitch legit because I wasted my money.

(emphasis mine)

Re:And the worst case scenario? (0, Troll)

Xuranova (160813) | more than 4 years ago | (#30325422)

while not quite a 'service', they provided a free browser and the haters took them to court over it. They provided a media player and they had the EU book thrown at them.

Re:And the worst case scenario? (2, Insightful)

icebraining (1313345) | more than 4 years ago | (#30325482)

Don't be a troll. That was not the problem and you know it.

Re:And the worst case scenario? (0)

General Wesc (59919) | more than 4 years ago | (#30325616)

That as not the problem and you know it.

What does 'that' refer to? No one has suggested a problem for it to not be.

Re:And the worst case scenario? (3, Informative)

kdemetter (965669) | more than 4 years ago | (#30326488)

Well , the being free part i guess.
Which is correct : it's not because it was free that it was a problem , but that it was completely integrated , giving it a near monopoly position in the browser market.

And in the case of IE , it's so much part of the OS , that you don't get it for free, you pay for it in the price ( the developers of IE don't work for free , they are payed with the money Microsoft gets from the sales ).

Re:And the worst case scenario? (1)

Tanktalus (794810) | more than 4 years ago | (#30326634)

A free browser? Cool, so I could download it and, say, run it under wine, completely legitly? No? (If wine won't run it due to lack of support of needed APIs, that'd be different.)

Same goes for the media player. It's free when I can decouple it from the OS it's embedded in, and run it in a compatible environment. Lack of support for other OS APIs, however, does not make it non-free. I'm fine with being able to attempt to run it under wine legally. They don't have to support wine.

Re:And the worst case scenario? (0)

Anonymous Coward | more than 4 years ago | (#30325650)

What service has Microsoft provided to me that was Free? Besides Bing - which is only "blasted" because people don't like it as much as Google.

Everything else Microsoft has, I've had to pay for, so when it doesn't live up to its claims, I can bitch legit because I wasted my money.

yeah but it's the bitching of someone dumb enough to pay M$ when better solutions are available (often for free), so it won't carry much weight. well okay, the first time this happens maybe you didn't know. the second time and anytime after, yeah you're being dumb. bitch away!

Re:And the worst case scenario? (2, Insightful)

CannonballHead (842625) | more than 4 years ago | (#30325654)

Everything?

If you're saying that because it runs on Windows (for thick-client apps), you can point the finger at Apple just as much or more, too.

If you're talking about providing software for Windows or online services...

  • Hotmail
  • SkyDrive
  • Live Mesh (pretty cool, actually)
  • Live "Spaces" or whatever they are called
  • Windows Messenger
  • NetMeeting (I think?)
  • Microsoft LiveOffice or whatever it is called... Office Live...
  • Live Photo Gallery
  • MovieMaker
  • Live Writer (actually quite cool/useful)
  • Live Mail (I've heard this is actually a very good client)
  • ...

Some of the above can be seen here [live.com]. There services can be seen here [live.com]. Zune is also free (the software, anyways). Media Player is free, I believe, and actually plays back better than iTunes on Windows, I think.

Nope. Nothing free!

Re:And the worst case scenario? (0)

Anonymous Coward | more than 4 years ago | (#30326430)

pointing to an obscure bunch of useless crap is not "free service".

Re:And the worst case scenario? (0)

Anonymous Coward | more than 4 years ago | (#30326446)

Free, huh? Yeah, right. If a company is giving away a bunch of "free" shit most of which requires the presence of said company's $$$'s worth of proprietary product in order to work, I'd say that's a strange definition of free.

And by strange definition, I mean astroturf-esque fucking wrong. Climb back into your hole, you fucking shill. Nobody here is stupid enough to believe your shit.

Re:And the worst case scenario? (2, Informative)

eleuthero (812560) | more than 4 years ago | (#30326396)

In addition to the Live services listed in other comments, other "Live" services are available: SkyDrive is free, Mesh is free (and works quite well--better than MobileMe and right up there with box.net and with more free space) and then there's office online which will apparently have a free googledoc's-esque system in the future.

Re:And the worst case scenario? (0, Troll)

Captain Splendid (673276) | more than 4 years ago | (#30325442)

You mean like all the times that Microsoft gets blasted when they are just providing a new FREE service that sucks?

Fixed that for you.

Re:And the worst case scenario? (2, Interesting)

CannonballHead (842625) | more than 4 years ago | (#30325696)

Live Mesh, is pretty cool.. Live Writer is actually quite good, IMO, and produces very clean HTML (at least, in my brief tests with it with Wordpress... a custom install, too, with a custom theme and everything; integrated just fine and was a very good WYSIWYG editor). Skydrive - 25gb for free - isn't too shabby, either. I don't like hotmail, but it has sure been around for a while. Bing is actually pretty nice for some things. Microsoft's birds-eye-view is sometimes very useful, and it looks like they are doing a street view now, too.

Re:And the worst case scenario? (0)

Anonymous Coward | more than 4 years ago | (#30326076)

It wouldn't be a Google article without someone going "if this were Microsoft..."

Privacy for what? (2, Interesting)

Dogun (7502) | more than 4 years ago | (#30325178)

My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

I'm not even entirely convinced about the benefit of using google's; your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

Re:Privacy for what? (5, Insightful)

beefnog (718146) | more than 4 years ago | (#30325218)

The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

Re:Privacy for what? (5, Insightful)

LOLLinux (1682094) | more than 4 years ago | (#30325266)

And what strikes me as even more silly is when people use the comeback of "But [insert person, group, company, etc] is (probably) already doing it too!" as if that justifies the actions of someone else.

Re:Privacy for what? (5, Insightful)

beefnog (718146) | more than 4 years ago | (#30325304)

I'm not saying that it justifies it in any way. I'm merely pointing out that scapegoating a company that does genuinely good things while ignoring the company that routinely dicks its customers is odd. Plus, if you had read yesterday's article, you would understand that google is purging IP addresses from the records.

Re:Privacy for what? (5, Insightful)

MozeeToby (1163751) | more than 4 years ago | (#30325406)

And what strikes me as even more silly is that Google has a privacy policy for the service that says all logs are deleted after 48 hours and aren't linked back to other Google services whereas I have no privacy statement at all about DNS from my ISP (since they slipped it in silently about 4 months ago).

Re:Privacy for what? (1)

TheModelEskimo (968202) | more than 4 years ago | (#30325896)

And yet after all that, people still think that, out of the kindness of their hearts, Google will decree that its first ToS for this service is set in stone, and think that somehow a bad ToS is always better than no policy at all. Get real - a ToS is a very malleable document; ask anyone who owns a credit card. Just give Google some time and you'll wonder why on earth you thought their simplified legalese had no loopholes.

Re:Privacy for what? (1)

Chyeld (713439) | more than 4 years ago | (#30326112)

A 'bad' TOS is far far better than no TOS. At least if you have a bad TOS you know to avoid the service because you know what they say they can or can't do.

No TOS basicly means they could be doing anything they wanted, and you'd never know.

Re:Privacy for what? (1)

noidentity (188756) | more than 4 years ago | (#30326184)

And what strikes me as even more silly is when people use the comeback of "But [insert person, group, company, etc] is (probably) already doing it too!" as if that justifies the actions of someone else.

No, but it does show that singling one out as the only one is not justified, and it highlights the erroneous approach of focusing only on new things, all the while ignoring things that have been around all along, like your ISP being able to datamine everything you do.

Re:Privacy for what? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30325278)

If I hadn't already posted I'd mod that insightful.

Seriously, your ISP's have been following dirty underhanded tactics the moment you signed up, by delaying your installation, lacking in support, not offernig you full speeds, and disconnecting you when you approach your full speed. Now, given that they are in it for the money, and ALL of your traffic is going through them - they have every reason to take your information and sell it. You KNOW they have your information because the police can demand that information from ISP's to crack down on Pedo's and such.

So really - by using a Google's DNS, sure, you might be allowing your information to be accessed by Google more easily. But all in all, who says they weren't simply purchasing that information before? Or rather - Google is the least of your worries when it comes to privacy.

Re:Privacy for what? (1)

Spazztastic (814296) | more than 4 years ago | (#30325280)

The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

We already know they log our search requests. Call me naive, but what are they going to do with our DNS requests? As long as they aren't injecting ads or stealing data, that is...

Re:Privacy for what? (5, Interesting)

DragonWriter (970822) | more than 4 years ago | (#30325290)

The one thing that strikes me as silly about the "what if Google datamines our DNS requests" concern is that those people assume their ISPs aren't already doing so.

The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP.

Re:Privacy for what? (1)

cheros (223479) | more than 4 years ago | (#30325570)

The especially odd part about the complaint is that Google has an upfront, posted policy about what they are doing as far as retaining your DNS requests, which I've never seen from an ISP

Well, fine, but if a burglar puts a notice on his balaclava that he's going to rob my house I still reserve the right to prevent that from happening, polite notice or not.

Re:Privacy for what? (0)

Anonymous Coward | more than 4 years ago | (#30325634)

A better analogy would be a dropbox where you place your keys, with a notice attached. If you put your keys there it will be used in X manner.

Remember that this is a service you can choose to use, not someone knocking at your door saying, "Hi, I'm going to need your keys now".

Re:Privacy for what? (1)

DragonWriter (970822) | more than 4 years ago | (#30326206)

Well, fine, but if a burglar puts a notice on his balaclava that he's going to rob my house I still reserve the right to prevent that from happening, polite notice or not.

That's a fine attitude, I suppose, but not at all relevant, since its not even remotely a good analogy to Google with regard to datamining public DNS records to uncover personal information, since that's not what their notice says they are doing with the data.

Re:Privacy for what? (1)

cheros (223479) | more than 4 years ago | (#30326352)

OK, hit the brakes for a moment. You actually believe what they say without ANY evidence to back it up?

Let me give you a heads up then. Read their privacy policy. So far, so good, no? Now read chapter 1 of their Terms of Service and see how it takes precedence over EVERYTHING else. Still feel comfortable?

I'm astonished at how much leeway Google is given in spying on everyone's life..

Re:Privacy for what? (3, Informative)

Brian Recchia (1131629) | more than 4 years ago | (#30326538)

Now read chapter 1 of their Terms of Service and see how it takes precedence over EVERYTHING else.

Actually, this is quite the opposite.

1.5 If there is any contradiction between what the Additional Terms say and what the Universal Terms say, then the Additional Terms shall take precedence in relation to that Service.

In the document, "Additional Terms" refers to additional ToS documents and Privacy Policy documents, etc., and "Universal Terms" refers to this [google.com]. I think this is pretty much the most straightforward legalese I've ever seen, and it very clearly states that if the privacy policy of their DNS solution says they're not going to keep your data more than 48 hours, they are not going to, regardless of what the Universal Terms document states.

Re:Privacy for what? (3, Interesting)

octaene (171858) | more than 4 years ago | (#30325384)

An excellent point. That's why I think OpenDNS is a better option. They at least appear to give you a choice in the matter. I'm not sure Google's services are equitable. There's a good blog post from the founder of OpenDNS where he critiques Google's service. It's a good read.

http://blog.opendns.com/2009/12/03/opendns-google-dns/ [opendns.com]

Re:Privacy for what? (1, Informative)

Anonymous Coward | more than 4 years ago | (#30325618)

It's not really a good read. It's at best alarmist, and more likely just flamebait.

Re:Privacy for what? (5, Insightful)

shentino (1139071) | more than 4 years ago | (#30325706)

You do realize the inherent conflict of interest in criticism from a competitor right?

Do remember that at least and load up on grains of salt.

Re:Privacy for what? (1)

Kz (4332) | more than 4 years ago | (#30326290)

You do realize the inherent conflict of interest in criticism from a competitor right?

yeah, don't listen to the competitor's arguments! also, don't listen to the defendant attorney in court cases!

c'mon, it's always important to read both sides. if they're the best they could say; but one of them is full of ad hominem's or similar bad arguments, then it's a good sign the the other side has a better point.

Re:Privacy for what? (4, Informative)

markkezner (1209776) | more than 4 years ago | (#30326038)

For me, the dealbreaker with OpenDNS is that, when you type in a non-existant domain, OpenDNS resolves it to an IP that gives you their custom search page. The standards compliant response would be NXDOMAIN, which is what Google (and some others) provide. This alone was enough to make me switch away from OpenDNS.

Re:Privacy for what? (1)

NatasRevol (731260) | more than 4 years ago | (#30326190)

Amen! I use OpenDNS at home & work, but this irritates me non stop when I'm typing too fast and have a typo in a domain name. Don't take 5 seconds to respond with a custom search page. Return a not found immediately.

Re:Privacy for what? (0)

Anonymous Coward | more than 4 years ago | (#30326274)

It is a bit of a pain, but you can disable that in your OpenDNS preferences.

Re:Privacy for what? (3, Informative)

markkezner (1209776) | more than 4 years ago | (#30326570)

That may be true, but their preferences only work if OpenDNS can tell which networks are yours. They detect this [opendns.com] when you use your browser to log into the control panel, or if you install client-side software (OpenDNS Updater, which is Win\Mac only). You could do it with DynDNS [opendns.com] too, but not everyone uses that.

Anyway I'd rather not go through all that effort, and would prefer the NXDOMAIN behavior to be the default for anonymous requests.

Re:Privacy for what? (2, Informative)

natehoy (1608657) | more than 4 years ago | (#30326040)

I think his article was well-thought-out and well articulated, but I have a few problems with it.

First, he does address Google's claim that Google does not redirect to ad-laden placeholders then cleverly redirects the argument to one of privacy. If OpenDNS is directing me to an ad-laden site if I mistype a URL or enter an invalid one, then I have a bunch of ad servers who now have my IP address and probably know what site I meant to go to. This may be better than giving all of my DNS lookups to a company, but at least with Google I'm giving them all to one company that I know and can decide if I want to trust. With OpenDNS, if I typo a URL, my error is, in effect, being sold to an unknown third party. I think it's somewhat disingenuous to tout privacy then use redirect pages to send users to third-party advertisers who may or may not respect the OpenDNS privacy policy. At least Google is subjecting my DNS lookups, both good and bad, to a consistent privacy policy.

He does, however, make an excellent point about their Dashboard service and the level of control you as an OpenDNS customer have over your experience. Of course, in return for that you do have to sign up for an account to use it, and you get usage logs associated with your account and email address. Their privacy policy on such information appears excellent, but Google promises to anonymize the data as well, so that boils down to a matter of who you trust more. Personally, I'd be inclined to trust both, so it really boils down to what features are most important to you - proper domain handling, or detailed controls over everything BUT proper domain handling?

Re:Privacy for what? (1)

noidentity (188756) | more than 4 years ago | (#30326268)

That blog posting reads like PR. It's so clearly not objective. The biggest reason I switched to Google's DNS is that it doesn't do any damn redirection. I hate that OpenDNS search page that comes up. I don't see any way to configure OpenDNS without having to sign up or something annoying. Google's doesn't require any signup; just 8.8.8.8 and 8.8.4.4 and go.

Re:Privacy for what? (4, Insightful)

sonnejw0 (1114901) | more than 4 years ago | (#30325412)

Except that Google has a lot of other information on us already, too. Cross-referencing data sets provides true statistical power. Our ISPs do not have the same information that we voluntarily give Google. There's regulation against our ISPs stealing the information that gets passed through them. There's no stopping voluntarily giving Google control of our email, calendar, health records, DNS requests, marketing information, voicemail transcripts, blog articles ...

Re:Privacy for what? (2, Interesting)

icebraining (1313345) | more than 4 years ago | (#30325554)

When you use GoogleDNS, you're providing the request to both of them, as your ISP can see your DNS requests anyway.

Re:Privacy for what? (2, Insightful)

shentino (1139071) | more than 4 years ago | (#30325686)

First off, ANY DNS server will be getting your IP address. After all, that's how the hell it knows where to send the fracking reply.

Secondly, logging of IPs is a basic step in holding your clients accountable to make sure you aren't being abused. If some fucktard uses a hole to hack into your system, having a log of where he came from will help nail him.

Google doesn't really have a choice but to have your data. We should judge them based on what they DO with that data.

Re:Privacy for what? (1)

iris-n (1276146) | more than 4 years ago | (#30325694)

At least my ISP is a relatively small company who is not affiliated with Google.

Google already has my email, my searches, (some of) my IMs, my social network, my maps. There's Google Docs, too, which I don't use.

I don't need them to have my DNS records as well. If they have that too, the question becomes which information about me they don't have. And that is fucking scary.

Re:Privacy for what? (0)

Anonymous Coward | more than 4 years ago | (#30326238)

You're not that important. No ones gives a shit about some ip address in a database somewhere.

Re:Privacy for what? (5, Informative)

maxume (22995) | more than 4 years ago | (#30325282)

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Re:Privacy for what? (0)

Anonymous Coward | more than 4 years ago | (#30325400)

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Why duplicate what the NSA is already doing at all of the large ISP hubs?

Re:Privacy for what? (0, Troll)

Colonel Korn (1258968) | more than 4 years ago | (#30325666)

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Why believe Google?

Re:Privacy for what? (3, Informative)

maxume (22995) | more than 4 years ago | (#30325700)

Ya know, if I had an answer to that, I might have phrased my statement a little differently.

I guess the best answer at this point is simply to point out that they haven't done a great deal to suggest that you shouldn't believe them, and on some level, they are regulated by a reasonable government (depending quite a lot on how one chooses to define reasonable).

Re:Privacy for what? (1)

mounthood (993037) | more than 4 years ago | (#30326210)

Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Google also has a Privacy Policy [google.com], but the thing is, it was "Last modified: March 11, 2009" and "Please note that this Privacy Policy may change from time to time."

The lack of trust that so many people are venting isn't from thin air. The US government is spying on it's own citizens (and everyone else.) Sprint is working hard setting up websites to let local law enforcement to monitor citizens. Also, there are no standards for data privacy, and companies change their own policy whenever they want and change it to whatever they want.

Re:Privacy for what? (1)

maxume (22995) | more than 4 years ago | (#30326344)

Well, my above statement doesn't actually express an opinion regarding Google. That said, if you are going to criticize them for changing the privacy policy, it is worth criticizing the changes. Here are the substantial additions (also, the only substantial change made):

Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce's Safe Harbor Program.

How poisonous. Given the litigation climate in the U.S., I don't think it is reasonable to expect a company to have a fixed privacy policy. Also, note that "substantial" above refers to my opinion (but it isn't real hard to investigate the changes).

Re:Privacy for what? (1)

mounthood (993037) | more than 4 years ago | (#30326656)

Thank you for contributing information on topic, but the defense of Google is wrong. The criticism is not of a narrow technicality, or the particular change to the privacy policy. As others pointed out, Google included privacy statements about DNS when no other ISP or service does this. Why did they feel the need? You can't address this by trying to state simple facts (although appreciated) or citing particular issues. The fear and frustration is broad and stems from many sources in addition to Google, as I tried to point out above.

Re:Privacy for what? (1)

gad_zuki! (70830) | more than 4 years ago | (#30326400)

>Their public statements say that they are not linking the requests to other Google services, and that they are discarding ip addresses within a day or two.

Right and when google started their business they didnt have a tracking cookie that expires in 2038. Things change. The DNS data has value and once google's shareholders realize this they will begin to mine it. Heck, if they dont then the executives can be sued for not running the business properly.

Re:Privacy for what? (1, Flamebait)

HangingChad (677530) | more than 4 years ago | (#30325688)

your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

I set it up on my laptop and I can't see any difference between that and my desktop in terms of speed. I'm going to leave it on my laptop which connects through different hotspots with different DNS providers.

Google can have my DNS records while I'm on the road. I think it's a great service and the kind of really neat thing that's pretty rare in corporate culture these days. We should be giving them props even if you choose not to use it. But around here no good deed goes unpunished.

Re:Privacy for what? (1)

Lord Ender (156273) | more than 4 years ago | (#30325872)

If you read about this at all, you would know that Google does use the records to generate stats (as in: people who visit slashdot.org have a 2% chance of visiting thinkgeek.com). Google claims they do not keep DNS records in a manner which can identify individuals.

That said, the big telcos can snoop your DNS queries and DO turn that info over to government agencies. If your ISP or your government want to know who Dogun of Slashdot is IRL, they need only observe that the same IP which posts as you here also logs in as Thomas Q Payne at Chase bank.

Re:Privacy for what? (1)

gandhi_2 (1108023) | more than 4 years ago | (#30325952)

You are really that worries about privacy?

Every time you google, you need to be logged out of all google services: includes blogger, blogspot, picassaweb, youtube, and all the others like analytics, adsense, gmail....

Clear all your cookies.

Then reboot your home cable/dsl modem or whatever to get a new IP.

Then go ahead and do you searches.

Clear all your cookies.

Then reboot you home cable/dsl modem or whatever to get a new IP.

Then it's safe to log back in to google services.

That should cover you for all googlespying that involves google analytics and tieing your search queries to you.

Oh, what's that? You aren't THAT worried?

Re:Privacy for what? (1)

Ephemeriis (315124) | more than 4 years ago | (#30325992)

your local DNS server hierarchy is going to be far more responsive, even if it does have a higher miss rate.

I switched to OpenDNS a while back because we were having so many problems with our local ISP's DNS.

The issue, at the time, was straight-up DNS failures. I don't know if they were making changes or if someone tripped over a power cord... But we weren't able to resolve anything - even though I could ping by IP address. So I plugged in the OpenDNS servers and everything started working again.

Since that time I've done some un-scientific testing and found that OpenDNS's servers are consistently faster than my local ISP's. It'll take several moments to even look up a name with my local IPS's DNS. OpenDNS can find the server almost instantly.

Then there's the fun stuff with ISPs playing with your NXDOMAIN results... There was a lot of talk for a while about redirecting folks to search pages to generate advertising. OpenDNS does this by default, but it is very easy to opt-out. And it is done on their end of things, so I don't have to remember to set a cookie or anything like that. You just tell them no NXDOMAIN weirdness from my address, and it is done.

So... I could easily see switching to Google's DNS if you've got slow servers at your local ISP, or if your ISP is redirecting your NXDOMAIN results.

My real concern with Google DNS is privacy. Your DNS records are extremely valuable to google, so I sincerely doubt google is not going to record them.

I'm not sure I really care...

I mean, There's probably some kind of record or cache being generated even without Google's DNS being involved. I know we do some logging at pretty much every business we support, and our own internal network is doing some monitoring as well. I just kind of assume that various ISPs along the way are doing similar things.

Further, pretty much every website you visit is going to log you and drop a cookie on your machine.

I mean, I'm sure Google will try to use this information to improve their advertising revenues... They'd be silly not to... But I'm just having a hard time getting worried about it.

I don't really get it. (2, Insightful)

Corporate Troll (537873) | more than 4 years ago | (#30325274)

Yes, it might be useful for people whose ISP DNS server is slow. That didn't happen to me since my dialup days. Besides, now I simply run my own caching DNS server. It's not hard to set up at all.

Re:I don't really get it. (2, Interesting)

ShadowRangerRIT (1301549) | more than 4 years ago | (#30325488)

Why waste the power? A personal use DNS server is a waste; if your ISPs DNS is slow there are always alternatives (I used Verizon's DNS for years when living in an area where Comcast DNS performance was slow). I know DIY is fun, has geek cread and all that, but your local machine will cache frequently accessed sites anyway, and the benefit gained on uncached sites will be seen so infrequently that you're not benefiting.

Re:I don't really get it. (1)

ftobin (48814) | more than 4 years ago | (#30325662)

...your local machine will cache frequently accessed sites anyway...

You need to be more clear about how this caching might actually take place; there is no magical program that would do this...except for a DNS server. On Linux you could be talking about nscd, but this doesn't necessarily abide by the DNS caching protocol correctly.

Re:I don't really get it. (1)

Alrescha (50745) | more than 4 years ago | (#30325736)

"You need to be more clear about how this caching might actually take place; there is no magical program that would do this...except for a DNS server."

In Windows, I believe it's called the DNS Client service, on OS X it's called lookupd.

A.

Re:I don't really get it. (1)

Corporate Troll (537873) | more than 4 years ago | (#30325966)

Because I have a server anyway and the little load a DNS server adds won't cost much more energy. (Just use something like a Soekris as a server for crying out loud)

(Offtopic: it's "Geek Cred".)

Re:I don't really get it. (1)

gad_zuki! (70830) | more than 4 years ago | (#30326470)

>Why waste the power? A personal use DNS server is a waste;

Who is proposing a physical box? Just run bind as a service. How much cpu power is that thing using? Honestly? Pennies a month to run the service?

Windows users can use the bind win32 port or Treewalk.

Re:I don't really get it. (2, Insightful)

Jellybob (597204) | more than 4 years ago | (#30325870)

This also helps in situations where your ISP is highjacking responses stating that a domain doesn't exist, and rerouting them to a search engine.

It's all very well having that happen for HTTP requests, but it can cause havoc with things like e-mail.

Re:I don't really get it. (2, Interesting)

causality (777677) | more than 4 years ago | (#30326022)

Yes, it might be useful for people whose ISP DNS server is slow. That didn't happen to me since my dialup days. Besides, now I simply run my own caching DNS server. It's not hard to set up at all.

I wonder about this myself. Google is a marketing company so you would generally expect them to always appeal to the widest audience possible. As valuable as DNS service is, it's also not something that average users care about or think about. Most users who are dissatisfied with their DNS performance would say "the Internet is slow today" and not "I am experiencing unusually high latency from my ISP's DNS server". This is just a guess but they seem to be targeting two broad categories of user:

  • Users who are specifically dissatisfied with their current DNS performance. These are users who are knowledgable enough to understand what DNS is and that they can change servers, yet are unable to or reluctant to run their own caching nameserver.
  • Users who currently use OpenDNS, or who use an ISP DNS server that also breaks NXDOMAIN behavior in order to serve advertisements. Google also wants to serve advertisements, of course, but they do it without breaking the DNS protocol. For these users, switching to Google's server would be a way to protest these practices by voting with their feet.

Personally, I just run my own caching nameserver.

Re:I don't really get it. (1)

martinmarv (920771) | more than 4 years ago | (#30326426)

My ISP (o2 broadband in the UK) has a particularly bad set of DNS servers that regularly seem to error. Somehow, resetting the router helps, but I think that's because it just gets forwarded to a different pair of o2's DNS servers.

As a result of this, I've switched to OpenDNS, which hasn't errored at all, so far (about 6 months). However, I'm probably going to try Google's offering because I'd prefer to get a NULL response than a search page if I hit an unresolvable URI.

Yeah, sure, give them even more information (4, Insightful)

cheros (223479) | more than 4 years ago | (#30325438)

I find it amazing that nobody seems to notice that adding an ECHELON [wikipedia.org] and a DCS1000 [wikipedia.org] feed to Google is making it like the NSA, but where people actually VOLUNTEER data. In addition, it's Terms of Service [google.com] give it more legal freedom to use and abuse your information and intellectual property than even the US border control can with accessing laptops of people entering the country.

It appears 8+ years of indoctrination is paying off big time - nobody appears to remember that privacy is a basic right [un.org]. All it takes is some BS about "not being evil" for people to miss the shocking depth to which they can access all your personal data. Even the stuff they don't hold themselves will come up through the search engine. By matching up DNS records they will be able to add your entire Internet activity to your identity.

That's going to be fun when you catch some sort of virus downloading porn - and the next time you apply for a job..

Re:Yeah, sure, give them even more information (1)

maxume (22995) | more than 4 years ago | (#30325638)

I might find it financially unfortunate to be denied a job for something I did on my personal time, but I would feel a little bit better about it knowing that I wasn't working for a bunch of fuck-nobs.

Re:Yeah, sure, give them even more information (-1, Flamebait)

kenboldt (1071456) | more than 4 years ago | (#30325912)

Oh no! Google might find out that I check hockey scores online, and I posted a picture of myself on Facebook. EEP! Seriously, if you have nothing to hide, then there isn't an issue. If you don't get a job because in your personal time you wanted to look at some boobies, then perhaps you don't want that job anyway, because your boss would be an asshole.

Re:Yeah, sure, give them even more information (1)

cheros (223479) | more than 4 years ago | (#30326410)

"if you have nothing to hide, then there isn't an issue"

Oh dear, so you post your salary and full bank statements on Facebook, leave the curtains open at night and never close the bathroom door to take a leak..

Universal declaration of human rights, article 12. Read it.

Re:Yeah, sure, give them even more information (1)

Gothmolly (148874) | more than 4 years ago | (#30326162)

The difference is that Google is offering value for your data. If you find the data more valuable than their service, don't use them.

Re:Yeah, sure, give them even more information (1)

cheros (223479) | more than 4 years ago | (#30326586)

That's exactly my point - I *know* the value of my data because it's my job, and you won't catch me using Google for anything more than searching (usually via Scroogle).

That was indeed the whole argument behind my remark: look, more data you hand off - which implies I won't. I resolve in a country where data protection is very strong, so anyone wanting to use those records will still have to follow proper process. I am perfectly OK with someone having access to that data for defendable, legal reasons.

I'm absolutely NOT OK with someone doing this at will and on a whim, such as is happening in the UK right now, and I will thus certainly not put any data in the public domain where it can even be used without any legal control (and no, I don't believe what they say, your average con man will also not tell you he's about to rob you blind - I believe things that can be proven and are transparent).

The UK has sleepwalked into edge-to-edge CCTV coverage because it didn't recognise the rights encroachment, and I see pretty much the same with Google, unchallenged. All you need is ECHELON and CARNIVORE (sorry, DCS1000) feeds added and you have another NSA - but this time with data voluntarily submitted..

Am I paranoid? Probably. Better safe than sorry - you cannot erase data on the Net..

Re:Yeah, sure, give them even more information (1)

Chyeld (713439) | more than 4 years ago | (#30326292)

Sometimes freedom isn't about saying no, but about the fact that you can. I can't say no to the border patrol, I can to Google.

More relevant, I have knowledge of the border patrol misusing their power and little evidence that they've actually helped me in any concrete manner. The revese holds for Google.

Uncaged (1)

chicago_scott (458445) | more than 4 years ago | (#30325636)

Ahhh... freedom. Finally I can view YouTube from work. That's Google! ...until the network admins block these DNS servers...

Freedom for a day is better than no freedom at all!

Re:Uncaged (1)

timestride (1660061) | more than 4 years ago | (#30325890)

Your network admins fail if they think controlling internet access through DNS entries alone will keep you caged.

Google DNS Benchmarks (2, Interesting)

bramp (830799) | more than 4 years ago | (#30325708)

I ran some tests against Google DNS and some other DNS providers to measure if Google DNS was actually faster than say OpenDNS, or my local ISP. The results showed OpenDNS completely outperformed Google, but Google did do better than two local ISPs. Read my blog entry about this [bramp.net].

*looks both ways* (1)

el_tedward (1612093) | more than 4 years ago | (#30325958)

More likely that the FBI is knocking on google's door. It's their job to look into what goes on inside America, and the NSA already got their hands slapped.. so they probably passed on most of the snooping to other agencies.

Limited privacy problem for cached routers (3, Insightful)

cenc (1310167) | more than 4 years ago | (#30326056)

So I am giving Google DNS a try on my networks.

I do not see the privacy issues, as they are very limited if you are using a cache on your router with Google as the DNS server. Google gets to see one lookup, and then my home router (with dnsmaque) serves any repeat visits for me or the other computers on my network. For the majority of the sites I visit on a regular basis, my router provides the DNS.

I would suspect that a majority of people using home routers have some sort of cache now in the firmware that does similar work, in their OS, or their browser. It is not like Google is able to see me hit their DNS (although I am sure that is true for some users), every time I want to visit a site again. It is of little value, other than in the most general sense of determining what sites are popular.

Ordo ab Chaos (0)

Anonymous Coward | more than 4 years ago | (#30326288)

Wonderful!

Everyone will have a web presence (if not already) (2, Interesting)

strangeattraction (1058568) | more than 4 years ago | (#30326608)

Think about it. Eventually each of us will have our own DNS entry to identify our individual web presence. The things we make available to do business, social networking etc will be identified through DNS. Why wouldn't Google want to be in on this? Just because there is a profit motive doesn't necessarily mean it is nefarious. This will allow them to add value at a fundamental level. I can see a day when Facebook is irrelevant and people create there own ad-hoc social networks through their own web-presence.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...