×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Does the New Google DNS Perform? (and Why?)

CmdrTaco posted more than 4 years ago | from the all-your-data-are-belong-to-me dept.

Google 275

Tarinth writes "Google just announced its new Google DNS platform. Many have viewed this as a move to increase ad revenue, or maybe capture more data. This article explores those questions, as well as the actual benchmarking results for Google DNS — showing that it is faster than many, but not nearly as fast as many others." We also recently discussed security implications of the Google Public DNS.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

275 comments

Pointless hype (5, Interesting)

suso (153703) | more than 4 years ago | (#30354092)

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people
wouldn't care about DNS normally, but since its Google it must be something to get excited about. I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Re:Pointless hype (5, Insightful)

drinkypoo (153816) | more than 4 years ago | (#30354154)

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

You trust your ISP? I sure don't. Perhaps I am asking for abuse, but I trust Google far more. On the other hand, I trust my hosting provider to provide sufficient DNS; but if I were hosting my application on a cloud somewhere, I'd want some cloud-based DNS; if I were hosting my application with Google, then Google would be the logical host for my name service. I'd probably want to use them as my registrar as well. :p

Google has the best uptime and the most distributed architecture of any single computer system, unless you consider the internet to be a single entity; it has slightly better reach overall.

I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Google is distributed. Is there any reason using one IP is unworkable?

Re:Pointless hype (4, Informative)

omnichad (1198475) | more than 4 years ago | (#30354244)

They have two IP's - 8.8.4.4. So even if one IP fails to route to any anycast destination at all, they still have a backup.

Re:Pointless hype (5, Interesting)

Anonymous Coward | more than 4 years ago | (#30354346)

Fair enough -- you don't trust your ISP.

How does using google's DNS help you? You really think your ISP isn't logging your DNS traffic regardless of if you're using their DNS servers or not? A simple tcpdump udp port 53 on a passive tap is enough for them to collect your DNS traffic no matter what you do unless you use TOR or a vpn.

So, now google *and* your ISP have logs of what you've been looking up. How are you better off?

Oh -- and if you really don't trust your ISP, how are you to be sure that they aren't redirecting your port 53 traffic to their DNS servers *anyway*? Comcast -- I'm looking at you... Why is it that 5% of responses that *should* be an NXDOMAIN from a root server instead are an A record to some site that happens to be running a web server?

Re:Pointless hype (1)

omnichad (1198475) | more than 4 years ago | (#30354376)

Maybe, like me, GP simply doesn't trust their ISP to be reliable.

Re:Pointless hype (5, Informative)

Anonymous Coward | more than 4 years ago | (#30354662)

If your ISP is like mine, they break basic DNS functionality. Instead of a correct could not find error, they serve up a page of badvertising. If you opt out of that, they serve up a page that says that it could not find, not returning the real error. If you have your iPhone connected to your home wifi, and you attempt to use the google app on your phone, it breaks the search results page...

ALL of these annoyances are fixed with gDNS.

Re:Pointless hype (1)

drinkypoo (153816) | more than 4 years ago | (#30354988)

That's the one! I was already using a third-party DNS by their advice, and now I am using Google's. So far, so good.

Re:Pointless hype (1)

MikeURL (890801) | more than 4 years ago | (#30354938)

I guess The Google could make the DNS lookups happen via an encrypted connection. Further, Google could pass off an encrypted handshake to the websites it sends you to. This would probably keep the ISP out of the business of tracking where you are going.

Odds of this happening, zero. I think Google would face a lot of criticism if they made it that easy to dodge ISP tracking of their users.

Re:Pointless hype (1)

Steeltoe (98226) | more than 4 years ago | (#30355022)

Odds of this happening, zero. I think Google would face a lot of criticism if they made it that easy to dodge ISP tracking of their users.

DNS over encrypted channel? Would require some client-side changes on the OS / gateway level.

Google would get praise from me if they did something like that. DNS is far too insecure and open these days. UDP should be used for games, not for something you need to rely on.

Re:Pointless hype (1)

Zerth (26112) | more than 4 years ago | (#30355118)

I ssh tunnel all my traffic to a rented box as it is, so I've got that already.

Now if you only wanted your DNS done, and didn't have a secure relay, then that'd require some changes on Google's end, but isn't anything particularly weird on the client end.

Re:Pointless hype (0)

Anonymous Coward | more than 4 years ago | (#30355160)

all your traffic ... except UDP. Better luck next time, loser.

Re:Pointless hype (1)

David Jao (2759) | more than 4 years ago | (#30355176)

Your examples of DNS hijacking are legitimate but extreme. There is a large middle ground of ISP behavior where using third party DNS is beneficial. In addition, if widespread adoption of Google DNS leads to increasingly extreme DNS hijacking on the part of ISPs, at least we'll have some concrete evidence of ISP misbehavior to cite in net neutrality debates and the like. (ISPs can hijack DNS, but they can't do so in secret.)

Re:Pointless hype (1)

theantipop (803016) | more than 4 years ago | (#30355206)

Is it legal for your ISP to simply dump this information bound for another server into a log and keep it?

Re:Pointless hype (1)

webmastir (1383817) | more than 4 years ago | (#30354528)

Level3's still is much better, IMO

Re:Pointless hype (2, Informative)

omnichad (1198475) | more than 4 years ago | (#30354704)

I agree, but I switched anyway, just because Level3's aren't explicitly public. They plan to start locking down their DNS. I'd rather set it and forget it now. I can live with 20ms extra delay. It's still faster than my ISP.

Re:Pointless hype (5, Funny)

sexconker (1179573) | more than 4 years ago | (#30354544)

Google has the best uptime and the most distributed architecture of any single computer system, unless you consider the internet to be a single entity; it has slightly better reach overall.

No it fucking doesn't you fucking moron.

Oh this is slashdot. I meant "Citation needed.".

Re:Pointless hype (0)

Anonymous Coward | more than 4 years ago | (#30354742)

His citation is Google. You can google Google and find out if what he's saying is true.
You haven't even offered the name of a counter-example, so I will call your counter-example "Nothing".

Even assuming your citeless "no it isn't!" is true, all we learn from it is that Nothing is more distributed than Google.

Re:Pointless hype (1)

TheRaven64 (641858) | more than 4 years ago | (#30354936)

I've been to Google and found it down for a few minutes at least twice and there are numerous instances where gmail has been unavailable. Most financial systems would suffer insane losses if they had the kind of downtime that Google users won't even notice. If Google goes down for a few seconds, you hit refresh and blame your ISP. If, for example, the telephone company's accounting system goes down for a few seconds then they lose hundreds of thousands of dollars.

Re:Pointless hype (4, Funny)

nacturation (646836) | more than 4 years ago | (#30355084)

If, for example, the telephone company's accounting system goes down for a few seconds then they lose hundreds of thousands of dollars.

There are 31,556,926 seconds in a year. At a hundred thousand dollars a second, your telephone company makes $3,155,692,600,000 a year from time-metered services?

Re:Pointless hype (0, Redundant)

LWATCDR (28044) | more than 4 years ago | (#30354980)

Why do you trust your ISP less than Google?

A better question would be why is Google offering this service? What does it have to gain by doing it.
Most users will never switch to Google's DNS they get their DNS through DHCP and never worry about it.
My guess is that Google is hoping that ISPs and big companies will start to use Google's DNS. Hey why bother maintaining a DNS if you don't have too.
You are still left with what does Google gain.
Well without going into the land of evil I can think of a few things.
1. Data. Google can see just how many hits each site really gets for the entire Internet. This should give Google some great metrics.
2. Good will with the ISPs. With the stupid "Google is getting a free ride crap" this is a way that Google can "give" back to the ISPs.
3 Well if Google is running the DNS it is a little harder for the DNS to used to block Google sites.

Under the evil list the mind goes nuts with privacy abuses and redirects but I will let others go there.

Re:Pointless hype (4, Interesting)

mcrbids (148650) | more than 4 years ago | (#30355162)

On the other hand, I trust my hosting provider to provide sufficient DNS; but if I were hosting my application on a cloud somewhere, I'd want some cloud-based DNS;

Could you give me an example of an "Internet-based DNS" that isn't also "cloud-based"? The definition of "in the cloud" IS "on the Internet". Your arbitrary distinction simply makes no sense at all. You are asking for DNS with a "distributed architecture" but DNS itself IS a distributed architecture!

I hate to sound trollish, but your over-eager Google fanboyism betrays your underlying non-comprehension of the issues involved! DNS is a distributed architecture, and all that's necessary for you to provide extremely high availability is to provide two (or more) DNS servers at different locations. This eliminates the "single point of failure" and with each location providing better than 99.95% uptime, the odds of both going down at the same moment is measured in hundreds of years. When you consider DNS caching, due to its distributed architecture, (there's that word again) if your hosted DNS were actually completely down for an hour or so, that few of your customers would even notice, that makes the problem even that much more tractable.

PS: "Cloud-based" IS "Internet-based". Please don't treat "the cloud" as if it were different. "The cloud" only has relevance in sales meetings - it's otherwise just Internet-based computing! See what Larry Ellison has to say about this! [cnet.com]

Re:Pointless hype (5, Insightful)

jhoegl (638955) | more than 4 years ago | (#30354170)

I got money on the fact that this DNS server will be a part of their Android and Chrome OS services. You know, a default setting.

Re:Pointless hype (1)

Idiomatick (976696) | more than 4 years ago | (#30354356)

That is actually an interesting point. Before I didn't think the DNS could be used for evil based on the idea that only informed nerds would ever use it. But, if it were used in android/chrome it COULD be used for evil more easily. Doesn't really make Google guilty just because something could be misused but still, something to watch for.

Also, parent topic is not offtopic.

Re:Pointless hype (1)

thisnamestoolong (1584383) | more than 4 years ago | (#30354184)

I don't trust my ISP -- I use them because I have no other option where I live.

Re:Pointless hype (0, Flamebait)

suso (153703) | more than 4 years ago | (#30354574)

And in general people have less options because they settle for crap instead complaining, organizing boycotts on monopolies or taking their money someplace else. I am sorry that you have no other choice for good internet access, that sucks.

Re:Pointless hype (4, Interesting)

Krneki (1192201) | more than 4 years ago | (#30354202)

I use OpenDNS because in my country they dared to censor the Internet twice using DNS.
Once it was for bwin.com and another time it was a leaked political document (both for 1 week). No, I don't bet, but I do not tolerate this political bulling.

Google DNS could be useful if they don't implement any censorship, considering how much hate P2P sites gets from corporations we will see if they manage to stay neutral.

Re:Pointless hype (4, Insightful)

suso (153703) | more than 4 years ago | (#30354254)

Then you are a fool. This is exactly what I mean by trusting your ISP. I sympathize with you and your situation (and I understand that it happens), but all your country has to do is implement some system that will change the UDP packets coming from Google DNS to change the answers, thus accomplishing the same censorship. The more people who use Google DNS, the more likely a country or ISP is to do this.

Re:Pointless hype (1)

Idiomatick (976696) | more than 4 years ago | (#30354382)

The goal is to stay a step ahead of government. It might take them 5~10years to figure that one out.

Re:Pointless hype (0)

Captain Splendid (673276) | more than 4 years ago | (#30354426)

Then you are a fool.

He's a fool because he's stuck between a rock and a hard place? Have a little sympathy. Not even every Slashdotter can (or wants to) set up their own DNS server, so services like Google or OpenDNS are a boon when your ISP censors or even just plain sucks (like mine).

Re:Pointless hype (1, Informative)

suso (153703) | more than 4 years ago | (#30354500)

I did say I sympathize with him. My wife is from Uzbekistan and I have some friends from other countries and who visit other countries, I know its hard. I'm not calling him specifically a fool, but I'm using strong wording because I'm hoping that people will read my warning so that they will understand that Google DNS is not a solution for security and privacy.

Re:Pointless hype (2, Insightful)

sexconker (1179573) | more than 4 years ago | (#30354582)

He's a fool because, faced with internet censorship in his country, he decides OpenDNS will protect him.

Re:Pointless hype (2, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#30354540)

Do you realise how difficult that would be? Color me stupid, but how many countries have a single ISP with that kind of control over what goes in and out of the country?

I honestly don't think most countries could pull it off. Look at China - they DO have 100% governmental control over their ISPs and they can't manage it, the have to threaten companies like Google to make this stuff happen.

And do you realise the hardware it would take to start sniffing the packets of the largest search provider in the world? Furthermore, Google has server farms in every country in the world - no doubt when they implimented DNS they put replication points at each of these sites, or at the very least manually routed them through.

And even if they did none of that, unless you have the wherewithall to kick Google out of the country (which would make your actions very public), Google is not the company with whome to fuck over something as trivial as DNS, particularly when they can count on the public crying foul when it goes public. "We tried to block your access to information, but Google stopped us." doesn't really go over to well in a free society.

Re:Pointless hype (1)

suso (153703) | more than 4 years ago | (#30354964)

I'm sorry but your comment is not insightful, its ignorant of reality. There are many countries that control the ISPs in their country. Not every place is a democracy. And not all democracies are as free as things are here. Internet access is slower in many other countries and people there probably wouldn't notice if their access was a bit slower because of some kind of DNS filter.

Remember, there are over 200 countries and not all of them have as fast of access as the handful that do.

Re:Pointless hype (2, Informative)

TheRaven64 (641858) | more than 4 years ago | (#30354970)

Spoofing DNS is trivial. It's connectionless, and you don't even need to block the reply, you just need to respond faster than the other party and the client will, in most cases, ignore the second reply. Any last-mile provider can do it with very little infrastructure investment (it's a trivial routing rule to redirect any UDP packets on the DNS ports to a government server, it doesn't need deep packet inspection). If a government asks them to then it's much cheaper to comply than to fight it.

Re:Pointless hype (1)

dacullen (1666965) | more than 4 years ago | (#30354652)

OTOH Google has demonstrated a willingness to filter/block content for some countries. If its in their commercial interest would they blackhole sonme sights?

Re:Pointless hype (4, Interesting)

Akido37 (1473009) | more than 4 years ago | (#30354248)

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

Personally, I'm sick of DNS lookups resulting in a page of ads.

Re:Pointless hype (2, Insightful)

bsDaemon (87307) | more than 4 years ago | (#30354446)

and one of the world's largest advertising companies, masquerading as a technology company (though only as a vehicle for their advertising) isn't EVER going to start throwing up link farms or ads in response to NX queries? You, sir, have more faith than the pope.

Re:Pointless hype (1, Insightful)

Anonymous Coward | more than 4 years ago | (#30354536)

They aren't now. Their policy says they won't, but that can change. My current ISP does, and OpenDNS (at least by default) also does weird things with nxdomain. IF Google ever messes this up, I'll switch away from them, just like I'm switching away from the people who CURRENTLY mess it up. There's no contract being signed here saying I'll take whatever Google gives me 1, 2, 10 years from now. This is LESS lockin than essentially ANY other service they provide, and for most of those they have their DLF anyway.

So yes. I trust Google enough to switch to them, and if they abuse that trust, I'll switch away and join the group of people who hurl insults at them. They haven't done anything yet to make me think they will in the future.

Re:Pointless hype (2, Insightful)

Bigjeff5 (1143585) | more than 4 years ago | (#30354846)

one of the world's largest advertising companies, masquerading as a technology company

You realize that one does not exclude the other, right? In fact, they build on each other. The reason Google is such a successful advertising company is BECAUSE it is such a great technology company. Furthermore, as the advertising aspect of their company brings in money, they can funnel that back into the technology they make, which can then increase their advertising revenues.

Google makes the best internet search product on the planet. Period. Nobody, even a software giant like Microsoft or an search giant like Yahoo can even touch them. They accomplished this feat when they were still operating out of their BASEMENT!! To say they are not a technology company is to be a blind fool. Do you even remember what the internet was like before Google? I do, it sucked. I used use a service called Search Hound, which would search about 40 different search engines for your search query - this was essential because you could never find anything without hitting up 2, 3, even 5 or 6 search engines just to get what you were looking for. What did Google do? They invented a better search algorithm and page ranking system, and instead of selling top search slots (like every other search engine before it), the sold unobtrusive add space around real, legitimate search results. A thousand times better, and free to the user to boot.

Fast forward to today, and what is google doing? They are developing new technologies and giving them away for free so they can gain more mind-share for the sole purpose of making sure people use their search engine. This increases their value to advertisers, and Google makes more money. Seriously, Android? Chrome? Chrome is frickin awesome, as soon as I tried it I ditched FF for good, and I'm seriously looking into getting an Android phone. Why are there so many phones running on Android already? Because Google gives it away. You can go download it right now if you want to. And, because it's Google and they are one of the top technology companies in the world, it also happens to be as good or better than any phone/small device OS out there.

Since Google's business model is to give customers exactly what they want for free in order to draw more customers for advertisers, and because most people I know HATE getting a dumbass search page instead of just saying the link is not found, no I don't expect Google will ever start throwing up link farms or ads in response to NX queries.

How stupid do you think Google is to break the trust that has made them BILLIONS over a few extra searches? They have shown themselves to be much, much smarter than that, and I trust them far more than I trust my own ISP, since my ISP already inserts a dumbass search in place of the "page not found".

Google did put such a thing in Chrome, but it simply says the page was not found and auto-fills a search box for you. It can also be turned off. I don't find it usefull, but I dont' find it intrusive either, unlike my ISP's auto-search. Google knows what their users want, and they know that their customers are the Advertisers, not the searchers - their goal is to lure as many searchers as possible to their advertisers. The best way to do that, as Google has shown time and time again, is to give your users something they will like and use, and generally find to be far and away the best version of whatever it may be on the market, and to give it away for free.

Re:Pointless hype (1)

VGPowerlord (621254) | more than 4 years ago | (#30355188)

I hate to say it, but this is an inverse ad hominem [wikipedia.org].

I suggest that Google will eventually redirect NX queries, because it follows their pattern of adding advertising to their previously ad-free products. I submit Google Maps and Google Earth as examples.

Re:Pointless hype (1)

bsDaemon (87307) | more than 4 years ago | (#30355202)

Maybe I should turn in my geek card, but I'm just not really interested in most of the new stuff coming out of Google. I'm happy with my Blackberry on Verizon (they don't really lock down the BB devices, so I don't need Google Voice, or Android). I run my own mail servers, so I don't need to use Google Mail anymore.

I've taken a poke at Chrome, but I really wasn't that impressed with it. I don't have any interest at all in ChromeOS, either.

Most of my criticisms against Google could be levied at any other "cloud" type service provider, and that is lack of any real control. But the fact that it is obvious Google indexes your emails and then inserts targeted ads based on the context of personal communications is just disturbing to me.

Re:Pointless hype (1)

sydneyfong (410107) | more than 4 years ago | (#30355052)

If they started doing that, what's to stop you from changing your DNS provider to whatever you were using before?

What if slashdot becomes goatse? OMG block it quick!

Re:Pointless hype (1)

nacturation (646836) | more than 4 years ago | (#30355138)

I thought the GP was referring to whois lookups returning a page of ads. A DNS lookup doesn't return a page of ads, it returns an IP address.

Re:Pointless hype (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30354320)

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

If the option were to trust my ISP or to go without Internet, I suppose I would have to "Trust" my ISP.

If the option were to Trust Google or Trust my ISP, I'd probably "Trust" Google.

Aside from the one time I saw a Google car doing streetview - Google has stayed out of my physical realm. And they can harness all the data they want from me, I don't really care. My ISP on the other hand, knows my home address with postal code, and continuously mails me information on how much of my money I owe them each month.

I would much rather trust someone who has no interest in me than trust someone who has interest in me only for their own profit.

Re:Pointless hype (3, Insightful)

camcorder (759720) | more than 4 years ago | (#30354584)

You don't need to trust your ISP, they are legally binded to protect your privacy on most of the countries. Since you have a contract that means that's a card in your hand which you can use in case of violation. However with Google, you have nothing. All the contracts you have with google is the legal aggreements to use their services in return of losing your privacy at all.

To summarize, your option to trust google is just useless since it doesn't matter if you trust them or not.

Re:Pointless hype (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30355078)

It's also illegal to commit murder, sell sex slaves, and to pillage and rape and all that jazz. That doesn't mean it doesn't happen.

Being Legally binded to something means nothing if there is no one there to Enforce it, and even if there IS someone assigned to enforce it, I have no guarantee that they will do their job, or do it properly, or won't be corrupted by those in power.

My Privacy is essentially limited to what I put on the internet - if I never put my SSN, Credit card info, or DOB on the internet, I am not in risk of that information being used to personally Identify me, or to be used without my permission. Heck, if I never put my real name I'm pretty much Scott Free.

But guess what - my ISP already has my name, my address, my phone number, and it's all tied into a number that THEY gave me. I'm instantly searchable in their database. They've probably tied an IP to the Mac address on the gateway they sent me. Everything I use through my ISP can be instantly traced back to ME.

Now, knowing that my ISP is legally obligated to protect my information, but will essentially have MORE information, or knowing that Google has NO obligation to protect my information, but will be limitted to what I give them - which do you think I'll choose?

Re:Pointless hype (1)

omnichad (1198475) | more than 4 years ago | (#30354354)

Nobody's shutting down the root servers. Google still queries them and domain nameservers. This replaces your ISP's DNS. And no, I don't trust them either.

Re:Pointless hype (1)

QuantumRiff (120817) | more than 4 years ago | (#30354398)

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

I trust my ISP very much. However, I don't trust all the local Coffee shops, small businesses, hotels, airpots, etc to be secure, and not route me through proxies and man in the middle attacks.

This is a great thing for the mobile traveler.

Re:Pointless hype (2, Insightful)

TheLink (130905) | more than 4 years ago | (#30354550)

> and not route me through proxies and man in the middle attacks.

How would using Google's DNS help?

If your problem is man in the middle attacks, you'd have to use a VPN to a trusted network before you can trust DNS and other insecure protocols.

See also:

http://code.google.com/speed/public-dns/faq.html#dnssec [google.com]

Does Google Public DNS support the DNSSEC protocol?
At this time, Google Public DNS does not validate DNSSEC responses. We will continue to work on improving Google Public DNS.

Re:Pointless hype (2, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#30355008)

The problem is not that you have to trust Google or trust the connection provider, it's that you have to trust the connection provider or trust Google and the connection provider. If you connect from a hotspot then anyone on the local network segment can pretty trivially spoof DNS responses unless you are using DNSSEC, and if you (and the infrastructure) are using DNSSEC then the ISP can't tamper with the responses anyway so you don't need to trust them.

Re:Pointless hype (1)

riegel (980896) | more than 4 years ago | (#30354468)

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists.

Your confused, Slashdot is News for Nerds, not for the other 95%.

Re:Pointless hype (0)

suso (153703) | more than 4 years ago | (#30354708)

Over the past week I've seen people who probably don't even know what DNS is an acronym for talk about it on blogs, twitter, and other less techie places and a few have even mentioned it to me in conversations. This is what googlehype does.

Re:Pointless hype (1)

ls -la (937805) | more than 4 years ago | (#30354502)

I won't be switching DNS servers until/unless I notice a problem with my ISP's, but if I do need to switch, or even just test my internet configuration, I'll probably use Google's servers because they have addresses I can memorize: 8.8.8.8 and 8.8.4.4.

Re:Pointless hype (1)

natehoy (1608657) | more than 4 years ago | (#30354698)

There's also 4.2.2.2, 4.2.2.3, and 4.2.2.4, all owned by Level3 Communications.

You can't get much more authoritative than that, though they aren't the fastest DNS servers by far.

Re:Pointless hype (0)

Anonymous Coward | more than 4 years ago | (#30354774)

I doubt really that any significant number of people will switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost.

I bet that chrome will start using it (or maybe they will give users a checkbox during the install). maybe google will start packaging a dns cache server for windows clients to use locally?

That its distributed.

That's not a primary goal of dns.

I'd like to bet that the performance will get better, as they tweak their initial release. Until then, I'm leaving them as my 3rd dns option. Behind level3 (4.2.2.2 - 4.2.2.4) and internet2.

Most ISP's DNS servers are broken. (5, Insightful)

KingSkippus (799657) | more than 4 years ago | (#30354802)

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

My ISP's nameservers are broken. Whenever I try to resolve a name that doesn't exist, instead of the DNS server telling me it doesn't exist, it returns the address of one of my ISP's web servers, which presents me with an ad-laden search page for whatever name I typed in. This is clearly not what the DNS spec says it is supposed to do.

While this might not sound like such a big deal, for developers it's a pain in the butt. For one thing, if I want to test to see if, for example, a name I have registered has propagated, I can't just do an nslookup to see if I get a response; I have to actually verify that the address that is returned (since all lookups will resolve to something) is the actual correct address instead of my ISP's web server. Also, on the client side, when my applications communicate via the web, they have to not only verify that an address resolved, but actually verify with the back-end application that it is what it's supposed to be instead of an ISP's search page. Just since I changed my DNS servers last week, I've already saved at least a minute or two I shouldn't have had to spend in the first place.

Plus, even if all of that still doesn't convince you that Google is actually doing something helpful, there's the simple fact that my ISP's servers actually had on average an hour or so down time every couple of months. It wasn't scheduled or anything (that I know of, anyway), I would just all of a sudden not be able to resolve any addresses. If I called technical support, the goobs there would insist on me plugging my computer directly into their modem, and when it still wouldn't work, they'd schedule a time a few days out for a technician to come out to my house. They simply wouldn't acknowledge that the problem was on their end, not mine, and they didn't understand simple concepts like nslookups, tracerts, etc. I'd invariably just give up, tell them not to send anyone, and wait without Internet access for their network people to figure it out after a lot more people called in.

I started using OpenDNS a long time ago because of all of the problems with my ISP's DNS servers, even though they also redirect queries that aren't found to their search page. If I wanted other features OpenDNS offers like parental controls and such, I'd probably stay with them. As it is, though, consider me another happy consumer of another helpful Google service. As the informal tech support guy for most of my family and friends, I'll be switching as many of them over as I can too, so I can avoid just a few more "Hey, I can't get to the Internet" calls.

Re:Pointless hype (1)

ProfanityHead (198878) | more than 4 years ago | (#30354858)

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people
wouldn't care about DNS normally, but since its Google it must be something to get excited about. I doubt really that any significant number of people will
switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

No, I can't trust my ISP's DNS servers and I know this from experience. Unfortunately, in my area, there are no alternatives.

Now what?

Re:Pointless hype (1)

David Jao (2759) | more than 4 years ago | (#30355012)

Its funny how the Google hype is driving so much talk about something like DNS, a service which probably 95% of non-tech people don't know exists. Most people wouldn't care about DNS normally, but since its Google it must be something to get excited about.

I'm not normally a fan of Google, but if they spark some sort of increased public awareness on the issue of DNS, that can only be a good thing. DNS receives far too little public attention relative to its importance.

I doubt really that any significant number of people will switch to using 8.8.8.8, but I worry that if they do, one of the the original goals for DNS will be lost. That its distributed.

DNS stopped being distributed when people started abusing domain name registration. The resulting collapse of DNS into, effectively, a single level hierarchy meant that the original design goals (including the goal of distributed lookups) were already unachievable long ago. This is not really Google's fault.

IP anycast to Google's DNS servers is not any worse than the situation that exists today with respect to our reliance on the root name servers.

Just ask yourself one question, if you don't trust your internet provider enough to do DNS correctly, should you trust them at all?

This is a good question, for which there are two legitimate responses. One is that, in practice, it is often impossible to change ISPs (there may be only one broadband provider in an area). In such cases, using a third party DNS, especially one that defaults to accurate responses (unlike OpenDNS), is often the least bad option out of all the (worse) alternatives. The second point is that there are cryptographic protocols like ssh and SSL which guarantee (or, in the case of SSL, are supposed to guarantee) session integrity, regardless of ISP interference. So, for most important tasks, you don't need a high level of trust in your ISP. For DNS, however, there is no cryptographic protocol to guarantee integrity (DNSSEC doesn't count). It is thus perfectly logical to trust an ISP for ssh/SSL but not for DNS.

Real geeks won't bother with third party DNS; they'll just set up their own recursive nameserver. But for less technically savvy internet users, Google DNS does fulfill a need that was being left unserved. The old Level3 servers at 4.2.2.* fill this role as well, but they were never (to my knowledge) advertised for public use.

Re:Pointless hype (5, Informative)

mzs (595629) | more than 4 years ago | (#30355020)

Google is using anycast for their DNS servers. There are not just two machines at 8.8.8.8 and 8.8.4.4 as the sole DNS servers. You get a relatively close-by server. This is a tried and true technique for DNS. In fact there is a technical feature about the google approach that is neat. It is likely that google is using many of the same servers it is for search for the DNS servers as well. They are running the caching DNS at each facility, such that if one server at the facility gets a record, then any other DNS server at that facility uses that response. That is one cool way to limit the delays for someone else making a DNS request. I've not seen that mentioned much before, and that is neat. I wish slashdot comments about stories that are trying to be technical would have technical comments on them near the beginning, instead of rehashing of all this privacy stuff, for a third or fourth story.

Another approach that was mentioned a lot before is that after the DNS server provides a response, the server checks to see if time is running-out regarding the TTL. If it is and has not expired yet, it asks again and pretends that the TTL counter has begun again. This again is trying to limit a DNS delay for some poor schmuck.

Another technical detail I have not seen mentioned much is that google DNS servers are returning largely authoritive answers only, often in cases where other DNS servers do not. For example, look-up a private IPv4 such as 192.168.1.1 with google's servers and some others. Others typically return non-authoritive responses, say to RFC1918.private.net. There is a lot of subtly misconfigured software-out there, hopefully this will bring it to the fore front about dealing with non-authoritive answers more carefully.

As to regarding the performance of google DNS, from a few locations for me, seems very fast. Is faster (much) than AT&T, bit slower than comcast, bit slower than work, comparison with OpenDNS is in the noise. What is more important is that they treat all records correctly, so for example kx509 _kca._udp.REALM style SRV records are handled unlike the DNS servers from some ISPs which seem to think that DNS is only for A records.

Another interesting feature is that google DNS is playing tricks with case in DNS queries and replies as yet another stop-gap-measure against DNS cache poisoning attacks. That's clever, I believe it was proposed before, but bind folks presented some issues and left it at that.

I use Google DNS and.. (1)

Anonymous Coward | more than 4 years ago | (#30354156)

quite like it.
It's slightly faster then my ISP's DNS (Virgin Media) but to be honest not a whole lot.
The main reason I started to use Google DNS is that I trust them more with information then I do with Virgin Media (Richard Branson) , it probably won't make a big difference but at least it makes me feel better that I got one up on them.

Re:I use Google DNS and.. (0)

Anonymous Coward | more than 4 years ago | (#30355026)

I switched to it this weekend for my home stuff... and to be honest I can't see much difference. It's neither faster nor slower, more open or less. If I hadn't seen this article I might actually have forgotten I switched...

Google is average (5, Funny)

jhoegl (638955) | more than 4 years ago | (#30354160)

This just in, Google is average at something they did. Google's parents are very upset and will not be posting this on their refrigerator. In other news, detractors of Google throw party.

Google IS NOT (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30354204)

a search company. They are an ADVERTISING agency.

Yours In Yasnogorsk,
K. Trout

Re:Google IS NOT (0)

Anonymous Coward | more than 4 years ago | (#30355150)

It can be two things.

My Testing Results (3, Informative)

Anonymous Coward | more than 4 years ago | (#30354238)

Resolve www.yahoo.com

local.isp 12msec
4.2.2.2 30msec
208.67.222.222 55msec
8.8.8.8 57msec

Re:My Testing Results (1)

omnichad (1198475) | more than 4 years ago | (#30354428)

www.yahoo.com is a TERRIBLE test. It's likely to be in your ISP's local cache. On the other hand, 57ms is terrible for Google on the same task.

Re:My Testing Results (1)

sexconker (1179573) | more than 4 years ago | (#30354626)

www.yahoo.com is a TERRIBLE test. It's likely to be in your ISP's local cache. On the other hand, 57ms is terrible for Google on the same task.

Ad yahoo.com isn't in Google's cache?

Re:My Testing Results (1)

omnichad (1198475) | more than 4 years ago | (#30354686)

It is, and that's what makes it look terrible for Google. But uncached results are an important test, too. Or less-likely to be cached. If Google has near-everything on the Internet cached, and the local ISP doesn't, Google might start winning battles.

Re:My Testing Results (1, Informative)

Anonymous Coward | more than 4 years ago | (#30354772)

It's also likely to be in Google's cache. However, your location relative to a Google datacenter factors into that time as well. The idea is that through proactive caching of popular domains, the total time for a DNS query against a Google DNS server should be no greater than the latency between your machine and that server. If that latency is greater than what you see between your computer and your ISP's DNS server, using Google won't help your performance. It will however respond as a DNS server should (ie. not send you to some ISP search page).

Your ISP doesn't do proactive caching of domains, so there's a chance that although you are closer to your ISP's server than to Google's, Google might still return faster even with round-trip latency than your ISP if the ISP doesn't have the domain in it's cache and needs to do a recursive lookup for the query. You're banking on the hope that Google's audience is larger than your ISP's and therefore has a wider range of cached domains it's system.

It will be interesting to see (1)

bugs2squash (1132591) | more than 4 years ago | (#30354278)

if it makes satellite web browsing better. Setting a web proxy is a great way to cut down DNS chatter on a satellite link, perhaps Google have come up with something that is almost as good.

One time comcasts DNS servers were down... (1)

gblackwo (1087063) | more than 4 years ago | (#30354288)

Around 5 years ago, the internet was down for comcast subscribers in northern Indiana and a good chunk of the midwest- I figured out it was just their DNS servers that were down and quickly switched over to AT&T's. That evening I saw the fastest internet I've ever seen. It was glorious.

Re:One time comcasts DNS servers were down... (0)

Anonymous Coward | more than 4 years ago | (#30354386)

Came here to say that I had the same experience. Switched to Verizon's 4.2.2.1. Comcast has never been faster. Thanks Verizon!

I wish I had FIOS :(

Re:One time comcasts DNS servers were down... (1)

gblackwo (1087063) | more than 4 years ago | (#30354408)

I use 4.2.2.1 and 4.2.2.2 a lot- it really does make comcast speedy.

Re:One time comcasts DNS servers were down... (1)

StayFrosty (1521445) | more than 4 years ago | (#30354546)

I've got Charter here. I got sick of being redirected to advert...I mean search pages when I typed a malformed url. When I called Charter to complain they denied that there was a problem. They blamed spyware on my (linux) machine. By the time I got to someone who knew what was actually going on they were trying to sell it as a feature. I nearly switched to another ISP on the spot. I started using 4.2.2.1 and 4.2.2.2 then. They always felt a little sluggish to me. I switched to 8.8.8.8 the other day to see if it makes a difference and I have to say it feels faster. I have no benchmarks to back this up but I probably won't switch back.

Re:One time comcasts DNS servers were down... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30354402)

Telus (Canadian Telco) DNS Servers go down for about 12 hours every other month or so. It's handy to have this kind of info online. I also have the Shaw (Canadian Cable Company) DNS servers written down, just in case.

Re:One time comcasts DNS servers were down... (1)

omnichad (1198475) | more than 4 years ago | (#30354452)

And bittorrent/P2P don't usually use DNS. Draw your own conclusions.

Re:One time comcasts DNS servers were down... (1)

bcmm (768152) | more than 4 years ago | (#30354718)

Most people won't be able to find .torrent files without DNS.

Re:One time comcasts DNS servers were down... (1)

omnichad (1198475) | more than 4 years ago | (#30354838)

But if they already have a large download going, it would continue uninterrupted, and still find new peers.

Re:One time comcasts DNS servers were down... (1)

chill (34294) | more than 4 years ago | (#30355072)

Yes, but just to clarify, your speed-up wasn't because AT&T's faster DNS. It was because all those other Comcast wankers were still offline and calling tech support. For a few glorious moments, the Comcast tubes were unclogged.

My own more detailed analysis (5, Informative)

bramp (830799) | more than 4 years ago | (#30354324)

I ran my own set of experiments benchmarking both Google DNS and OpenDNS as well as two UK ISPs. I showed more detailed results, and infer some information about how these systems are run. http://bramp.net/blog/google-dns-benchmarked [bramp.net]

Re:My own more detailed analysis (0)

Anonymous Coward | more than 4 years ago | (#30354448)

Mmm I wonder how many times have I seen this link on slashdot?

Too lazy to read (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30354436)

What do they use for software... bind? djbdns? Something they wrote themselves in python?

Beat a dead horse much /. ? (0)

Anonymous Coward | more than 4 years ago | (#30354498)

Oh look. It's THIS thread again.

RCN users! (0)

Anonymous Coward | more than 4 years ago | (#30354504)

Use google DNS: a good way to beat RCNs DNS throttling.
I un-crippled my internet access by using it.

Re:RCN users! (1)

iammani (1392285) | more than 4 years ago | (#30354904)

What? They throttle DNS requests? I am not sure how effective it will be, since DNS requests are cached and you dont have to ask the DNS server when you revisit the website.

If you see improvement by switching to google DNS servers, it is very likely that RCN has a really slow server (or has an inefficient caching algo) handling DNS request or that the latency to reach RCN DNS servers are higher than google's.

This is incompetence, not malice.

Censorship FAIL (0)

Anonymous Coward | more than 4 years ago | (#30354622)

Open DNS servers have been there all along, but they're too obscure for Joe Average. Google is not, and there is embarrassement ahead for several [censorshipschemes.http] national [wikipedia.org] censorship [saferinternet.org] schemes [wikipedia.org].

Google one of the slower options for me... (1)

Scootin159 (557129) | more than 4 years ago | (#30354738)

Was considering a switch (for our locally cached DNS servers parent servers), but glad I ran a benchmark first:

Cached relative performance:

  • Local (backed by ISP)
  • ISP (unfiltered results)
  • Level 3
  • Google

Uncached relative performance:

  • Level 3
  • ISP
  • Local (backed by ISP)
  • Google

In all cases, Google's one of our slower options. If anything, it appears I'd be best off using local DNS backed by level 3 for non-cached results.

Surprising benchmarks (1)

gmuslera (3436) | more than 4 years ago | (#30354830)

Essentially it showed that the ones from verizon (the one that provides him connection) are the fastest ones (not only the fios one, but the 151.202/3 ones too are from verizon), there are a few others faster than Googles (including 4.2.2.*), and then the rest of DNS tested were slower. Much of the speed that matters of a well installed DNS is how "close" is from you (as in i.e. ping time), and your upstream provider have usually the closest one.
Could be a speed improvement in the few, rare times when you ask for something that is not cached already, but in massively used DNSs that is something rare and usually one-time hit. If you have to choose them for something, speed should not be the main factor.

Re:Surprising benchmarks (1)

Tarinth (1038652) | more than 4 years ago | (#30354902)

I think the key takeaway from the benchmarks is that your mileage can vary. For many people, the Google DNS may be considerably faster. For others, you might have an ISP with very good infrastructure (like FIOS).

Re:Surprising benchmarks (1)

gmuslera (3436) | more than 4 years ago | (#30355164)

The point is that "very good infrastructure" is not a factor. A simple caching DNS on any of the sides of your internet connection is faster than getting to Google servers, and in the normal use will be faster almost all the time. If that DNS is used by enough people hitting a domain not in the cache should not be very common.

No thanks. (1)

jim_v2000 (818799) | more than 4 years ago | (#30354946)

I'll stick with my ISP's DNS. One thing I've noticed about using third party DNS services like OpenDNS is that location aware sites that serve up content from different servers depending where you are (like YouTube) don't work well.

Re:No thanks. (1)

bheer (633842) | more than 4 years ago | (#30355174)

One thing I've noticed about using third party DNS services like OpenDNS is that location aware sites that serve up content from different servers depending where you are (like YouTube) don't work well.

OpenDNS is distributed too; for many users they're in the same geographic vicinity, so this really should not happen. Further, most servers that serve up geotargeted content (like Youtube) use geo-ip mapping to target their response to the client IP, not the server IP that was hit.

Do you have any specific examples of geotargeting gone wrong because of OpenDNS use? If you could list them here, I'm sure folk from the sites in question (or OpenDNS itself) would love to investigate the problem.

Multiple, parallel, DNS server settings? (2, Interesting)

NevarMore (248971) | more than 4 years ago | (#30355178)

I suspect this has been asked before. Is there some way to set up multiple DNS servers and simply query them in parallel?

That way whichever one is fastest gets me the address sooner. It is a little bit rude, but since it would seem that most DNS providers have the opportunity to be shady and feed landing pages or collect usage data, they'd be just as happy to have me make a request and discard the answer.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...