
Introducing Google Public DNS: A new DNS resolver from Google - johns
http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns.html
======
davidu
I'll do a blog post about this later today for those interested in my
perspective on them entering the DNS space.

:-)

Edit: Here it is: <http://blog.opendns.com/2009/12/03/opendns-google-dns/>

~~~
dannyr
From the blog post: "Third, Google claims that this service is better because
it has no ads or redirection. But you have to remember they are also the
largest advertising and redirection company on the Internet. To think that
Google’s DNS service is for the benefit of the Internet would be naive. They
know there is value in controlling more of your Internet experience and I
would expect them to explore that fully. And of course, we always have
protected user privacy and have never sold our DNS data. Here’s a link to our
privacy policy."

davidu,

You have excellent points but you could have made them without bashing your
competitor.

This response makes me think that you are afraid of your competition and using
fear to convince people to use OpenDNS.

~~~
jamesbritt
" ... and using fear to convince people to use OpenDNS."

Is the fear justified? Is it plausible enough that people should take it into
account when picking a DNS service?

Google's self-interest is a legitimate factor to consider.

------
andreyf
This is what a quick comparison looks like from NYC (in ms):

    
    
                        Level 3   Google   OpenDNS
        lifehacker.com  21        22       19 
        facebook.com    20        22       19 
        manu-j.com      21        44       42 
        reddit.com      30        73       20 
        tb4.fr          125       22       157 
        bbc.co.uk       103       22       98
    

The IP's used are 4.2.2.2, 8.8.8.8, and 208.67.222.222, respectively.

Using the script provided here: [http://www.manu-j.com/blog/opendns-
alternative-google-dns-ro...](http://www.manu-j.com/blog/opendns-alternative-
google-dns-rocks/403/)

~~~
Goladus
Doing a single query for each domain isn't entirely fair.

    
    
        $ dig tb4.fr @208.67.222.222 | grep Query
        ;; Query time: 274 msec 
        $ dig tb4.fr @208.67.222.222 | grep Query 
        ;; Query time: 9 msec 
        $ dig tb4.fr @208.67.222.222 | grep Query 
        ;; Query time: 9 msec 
        $ dig tb4.fr @208.67.222.222 | grep Query 
        ;; Query time: 36 msec
    
    

Also, query time only tells you how long the server took to respond, and
doesn't include network latency.

~~~
pmjordan
_Obviously_ subsequent queries are going to be faster - at that point it's
cached. That's the point of aggressive/speculative caching: it's so the
_first_ (and in practice this will be your _only_ ) query is faster. If you
want to accurately average across multiple measurements, you need to space
those measurements hours or days apart.

~~~
Goladus
What you really want to do is log performance under real conditions over an
extended period of time and then evaluate the results.

Given that the differences in query time between various DNS solutions are
significant but minor, you will almost certainly find differences in
performance that you hadn't thought about.

------
bm98
"Google Public DNS telephone support * 877-590-4367 in the U.S. * 770-200-1201
outside the U.S."

 _Telephone_ support from Google? At first I thought this might be some kind
of joke, but I then called and it's just automated help.

~~~
durin42
Makes sense to have telephone support - I mean, if your DNS is hosed, then
web-based support won't do you much good.

~~~
tlrobinson
Make sure to write down the phone number while your DNS is working...

------
swombat
For what it's worth, I've been using Level3's DNS servers for a while now, due
to the fact that they have insanely low latencies:

4.2.2.1... 4.2.2.6 (or thereabouts). Not sure what Google's going to have on
those. Are they gonna be even more super-duper-fast? I mean, if you look at
the line-up of the best DNS servers out there, they're pretty damn fast
already:

[http://www.dslreports.com/forum/r19982548-DNS-Fastest-DNS-
Se...](http://www.dslreports.com/forum/r19982548-DNS-Fastest-DNS-Server)

Also, for what it's worth, I've never quite understood why you'd use OpenDNS
when level3 have open DNS servers that don't redirect you to their own pages
when there's a missing record...

~~~
lanstein
I believe those are Verizon DNS servers, actually.

~~~
yangyang

      ~% whois 4.2.2.1
    
      OrgName:    Level 3 Communications, Inc.
      OrgID:      LVLT
      Address:    1025 Eldorado Blvd.
      City:       Broomfield
      StateProv:  CO
      PostalCode: 80021
      Country:    US
      
      NetRange:   4.0.0.0 - 4.255.255.255
      CIDR:       4.0.0.0/8
      NetName:    LVLT-ORG-4-8
      NetHandle:  NET-4-0-0-0-1
      Parent:
      NetType:    Direct Allocation
      NameServer: NS1.LEVEL3.NET
      NameServer: NS2.LEVEL3.NET
      Comment:
      RegDate:    1992-12-01
      Updated:    2009-06-19

~~~
lanstein
Huh, I thought those were originally GTE's, and that they eventually became
Verizon's with all the mergers and name changes. I stand corrected.

~~~
brandon
No, you're spot on.

    
    
      2.2.2.4.in-addr.arpa domain name pointer vnsc-bak.sys.gtei.net.
    

Even though the IP space hasn't been SWIP'd to GTE/Verizon, the server(s)
behind that IP are evidently theirs.

------
drtse4
Another source of interesting data about internet usage for google. You can
find their privacy policy here: <http://code.google.com/speed/public-
dns/privacy.html>

Quote from "What we log": "In the permanent logs, we don't keep personally
identifiable information or IP information. We do keep some location
information (at the city/metro level) so that we can conduct debugging,
analyze abuse phenomena and improve the Google Public DNS prefetching feature.
We don't correlate or combine your information from these logs with any other
log data that Google might have about your use of other services, such as data
from Web Search and data from advertising on the Google content network. After
keeping this data for two weeks, we randomly sample a small subset for
permanent storage."

Even if without any reference to the user that actually visited those sites,
mantaining information about the "cluster" of urls visited during a browsing
session could form a useful source of data not only to optimize ads and
searches, the most obvious use could be build something like a recommendation
engine (something that some kind of internet users could like, but i admit
that something like this could be useless from the google point of view).

------
gregparadee
The information they gather from this could be the best thing ever for Google.
They are now literally going to see how people go from site to site to site
and direct ads and content to them based on that. Good move buisness wise
Google.

~~~
jeff18
Comments like this are pretty common for every new product Google releases,
but the fact remains that Google doesn't actually do this.

<http://code.google.com/speed/public-dns/privacy.html>

In other words, your comment is anti-Google FUD.

~~~
drtse4
From your link : "we randomly sample a small subset for permanent storage."
Even if anonymous that data is really valuable as it allows to identify
traffic patterns. I don't see anything "evil" in collecting anonymized data.

------
prakash
Something to remember be it Google Public DNS or things like Open DNS: Most
CDN's use DNS to map you to one of their servers.

E.g.: Assuming your physical location is in Asia/Europe, and let's say you use
Open DNS, IP anycast will map you to their London DNS servers ( _Last I
checked that's the only location outside of N. America OPEN DNS has servers_
). Let's say the website you visit is delivered by a CDN, this CDN's servers
in London will deliver content to you even though there might be CDN servers
in your ISP.

~~~
mrkurt
That's assuming DNS based geolocation, though. Some CDNs (including Cachefly,
who we use) are anycast driven, so it doesn't matter where your DNS servers
are located.

~~~
prakash
I know, which is why I said _Most CDN's_.

~~~
mrkurt
That's not what your post said when I responded. :)

~~~
prakash
It did. Original post had _Most CDN's_.

~~~
mrkurt
Wow, maybe I just read it wrong. I didn't see anything about DNS in my
original reading.

------
txxxxd
Quick setup: the DNS servers are 8.8.8.8 and 8.8.4.4

~~~
jbeda
8 is a lucky number. 7.7.7.7 is owned by the US DoD. I love the idea of vanity
IP addresses.

~~~
electromagnetic
It's kind of disappointing Google didn't get 1.3.3.7 though.

~~~
Xichekolas
Sadly the 1 block is unallocated, so they would have to make a special request
to the IANA to get that address.

Then again, they are Google, so who knows what they could get if they asked...

I'm also curious who Halliburton merged with in order to get the entire 34
block. Surely they weren't around at the time those were handed out so
foolishly.

------
boundlessdreamz
I tested this and it is consistently offering better results than OpenDNS and
4.2.2.2. The results are here [http://www.manu-j.com/blog/opendns-alternative-
google-dns-ro...](http://www.manu-j.com/blog/opendns-alternative-google-dns-
rocks/403/)

The results posted are from India

How are the results from inside US ?

~~~
davidu
Where are you located?

------
thetrumanshow
If they can blacklist websites from their search engine, they can blacklist
them from their DNS entries too. Doesn't this raise some concerns?

~~~
dschobel
from the post:

 _Google Public DNS complies with the DNS standards and gives the user the
exact response his or her computer expects without performing any blocking,
filtering, or redirection that may hamper a user's browsing experience._

~~~
lisper
And, best of all, there's no spammy default site for unresolved names!

~~~
amix
I would see it as a feature - most of the time Google's (spell|domain)
correcting is very useful if I have miswritten something.

------
glisk
Using this DNS service will degrade your performance to almost any non-Google
rich media content, pure and simple.

If you use Google's DNS service, because Google has your client IP, _they_ can
serve your content the fastest from the closest POP, however by using this DNS
service you are actually _creating_ an issue called "resolver proximity" for
every CDN on the planet. This will be especially evident to those of you not
in North America who unwittingly point to these servers.

In most global markets your best strategy is to use your local DNS resolver so
the people who deliver everything from Netflix, iTunes, Hulu, ustream, (etc,
etc, etc) understand that you're not in San Jose or Northern Virginia but
really in Tokyo or Malaysia. If your ISP uses a DNS server that's "far" away
from you (in terms of network latency) you should complain loudly.

------
antirez
8.8.8.8 and 8.8.4.4?

Even solely for the fact they are so easy to remember I bet this are going to
be the most used DNS resolvers in the world in a few months.

~~~
petercooper
_I bet this are going to be the most used DNS resolvers in the world in a few
months._

I doubt it. I suspect a good 90% (or even more) of regular users just use the
DNS servers provided to them by their ISPs when their connections come up.

~~~
gloob
I would be astounded if 10% of users had ever heard of DNS, much less knew
what it was and how to change which one they were using.

------
youngian
It's funny, I was thinking just yesterday about how much Comcast's new Domain
Helper "service" makes me want to strangle them
([http://blog.comcast.com/2009/08/domain-helper-national-
rollo...](http://blog.comcast.com/2009/08/domain-helper-national-rollout-
begins.html)).

------
jsz0
Does anyone know who provides the bulk of the ads on these re-direct/ad DNS
servers that ISPs are using these days? My guess is it's probably not Google
or why would they offer an alternative? It sounds like a very clever way to
attack their online advertising competition to me. Obviously they'd get into
some hot water by trying to compete directly with their own advertising based
DNS. Instead they attack the entire market of re-direct/ad DNS by offering a
clean alternative that happens to hurt their competition. Very clever. It
wouldn't surprise me to see some of the Google software (Toolbar, Chrome,
Notifier) offer an option to use Google DNS in the future. For the end user
it's a good thing -- for Google's competition it's pretty terrible.

~~~
cdibona
Actually, a fair amount of this kind of advertising is Google. Also Yahoo, MS
and any number of other providers.

Sure doesn't make DNS hijacking right, though.

<i>Disclaimer: Work for Google.</i>

------
chanux
A DNS I can actually remember.

A Quick comparison with OpenDNS (shameless plug)
<http://chanux.tumblr.com/post/267873772/googledns-vs-opendns>

------
ypavan
Dangerous Signs? From their FAQ:

>> Is Google Public DNS based on open source software, such as BIND?

>> No. Google Public DNS is Google's own implementation of the DNS standards

------
tlrobinson
This looks to be a pretty neat DNS benchmarking tool:
<http://code.google.com/p/namebench/>

I think I'm behind a restricted proxy or something (on some hotel WiFi),
because it's not really working for me, but I'd be interested to hear others'
results.

Compare to Level3's 4.2.2.2-3 and OpenDNS's 208.67.222.222 and 208.67.220.220
(they really need a more memorable IP). Any other good ones?

~~~
tlrobinson
My results run from a SliceHost slice:
<https://gist.github.com/00a8976d0b76e796996a>

    
    
        Mean response (in milliseconds):
        --------------------------------
         SBC/AT&T Global- ########### 45.11
         OpenDNS-2        ############# 56.75
         OpenDNS          ################ 66.40
         8.8.4.4          ################# 70.29
         4.2.2.3          ###################### 96.20
         UltraDNS-2       ######################## 104.35
         UltraDNS         ######################## 104.68
         Level 3-2        ######################### 106.95
         SYS-67.207.128.5 ########################### 114.93
         SYS-67.207.128.4 ###################################################### 231.97

------
acg
Some comments get clouded in politics and suspicion. If this move has a
commercial reason then perhaps it's easily explained as to compete with
OpenDNS.

Complaining that a search engine collects information seems crazy: surely that
is a sign of a good company. The important thing is choice/competition. Google
is a good competitor, whether you like them or not.

------
est
Previously:

<http://code.google.com/p/google-dnswall/>

------
thaumaturgy
Distributed internet services is generally considered to be better than
centralized ones. Google's entry into this, along with its other services, is
beginning to give me pause.

I'm glad they've worked on this, but I think I'll stick with DNS as it was
intended to be.

~~~
pyre
The problem is that local ISPs (or national/regional like Comcast) are
poisoning the well by resolving non-existent DNS entries to their own
advertisement-laden web servers in an attempt to increase their bottom line.
At least open DNS servers exist like Level3 (4.2.2.[1-4]) or now Google
(8.8.8.8,8.8.4.4)... (and to a lesser extent OpenDNS, which is 'open' but
tries to pull some of the same advertisement stuff).

In general, the distributed aspect of DNS was to reduce latency and network
traffic. While this might not keep network traffic within your ISP's internal
network, it can severely reduce latency even if you're on a large ISP like
Comcast/Qwest/TimeWarner. My only guess as to _why_ this appears to be true,
is that most ISPs don't really give a crap about their DNS servers just so
long as it's still running and hasn't imploded.

~~~
thaumaturgy
You're right on all points. However, given Google's entry into this now, what
motivation does any ISP have left for running its own DNS servers?

~~~
pyre
Keeping traffic on it's own network vs having all DNS queries making a round-
trip between their network and Google's DNS (ala Level3)?

It's not like ISPs have ever needed an excuse to try and 'cut costs' by
skimping on services. The difference is a greater majority of their customers
use DNS than USENET.

~~~
thaumaturgy
DNS doesn't occupy a lot of bandwidth. DNS servers on the other hand can be
irksome to deal with if you don't have to.

Small ISPs are merely resellers; if their DSL customers f'rinstance use
Google's DNS servers instead of the ISPs, the ISP actually has _less_ network
traffic coming into their racks. Plus, they no longer have to admin a DNS
server.

For larger ISPs, it may still be less trouble to just let their customers use
Google's DNS instead.

~~~
pyre
Point taken.

------
psranga
Good move. I've been using 4.2.2.2 and 4.2.2.1 for a while now since I found
out a few years ago that cable/DSL provider's DNS servers are flaky. It's
amazing how often I go to somebody's house or cafe and find DNS to be the weak
link.

------
dlsspy

        dhcp-107:~ 66% host -t ptr 8.8.8.8.in-addr.arpa
        8.8.8.8.in-addr.arpa domain name pointer any-in-0808.1e100.net.
        dhcp-107:~ 67% host -t ptr 4.4.8.8.in-addr.arpa
        Host 4.4.8.8.in-addr.arpa not found: 3(NXDOMAIN)

------
known
They're _not_ listed in <http://www.dnsserverlist.org/indexbeta.php?oby=Q_RTT>

------
JulianMorrison
It's pretty obvious what Google gets out of this: they get your browsing
history. My guess if that they'll uprate search results if lots of people
visit them.

------
peterwwillis
All I wanna know is: Can I tunnel IP traffic through it?
<http://thomer.com/howtos/nstx.html>

------
andreyf
From a quick test (from NYC), and it seems not at all faster than OpenDNS.
Still, a whole lot faster than my ISP's default DNS servers.

~~~
htsh
in NJ, the ping is higher on google's servers than it is for OpenDNS (about
20ms vs 13ms) for me.

~~~
dschobel
More interesting than ping is the resolution speed. Try something like dig to
get a better measure of real performance:

<http://www.madboa.com/geek/dig/>

------
defdac
This comment will only be funny for Swedes that knows who Ulla-Bella is, and
what number he/she always dials...

------
known
<http://twitter.com/googlepublicdns>

------
tybris
No way, I like my DNS resolvers to be a little stupid. They know way too much
about me.

------
pchristensen
two reactions:

Wow!

Nervous :(

------
srik
wonder how much a vanity ip like that would cost

------
brianobush
my opinion on why they are doing this.... to track where you are going. and
make sure that site is indexed.

------
drp
This was inevitable, and will give OpenDNS some major competition. Google
could make tons of money from ads and sponsored results on error pages.

~~~
jbeda
Actually the whole point of this is to _not_ redirect error pages. If you read
the blog post, you'll see that they address this (and privacy concerns). DNS
redirection is pretty evil and I'm proud of Google for working against it.

(Disclaimer - I'm a Google employee, I didn't work on this and my opinions are
my own.)

~~~
drp
Is displaying a "that domain doesn't exist" page considered redirection?
Otherwise what would you see in your browser?

I wouldn't say OpenDNS is evil. Offering an ad-supported free service is how
many things are allowed to continue existing.

~~~
IgorPartola
Your browser has a built in page for "domain does not exist". Google cannot
place ads on it. On the other hand if you set up OpenDNS and then go to
"doesnotexit123411452345.com", it will likely redirect you to something like
"ads.opendns.com/?search=doesnotexist", which breaks DNS, life and the
Universe. OpenDNS provides an option to turn off this type of redirection, but
if you have a residential connection with a dynamic IP, all of a sudden that
setting might just disappear.

Avoid OpenDNS and IPS's that do this.

~~~
thaumaturgy
One of my corporate clients had their ISP move to OpenDNS for DNS services. It
caused an endless stream of headaches for me as all of the various scientists
employed there started complaining about the OpenDNS result pages (which also
broke some other user habits they had -- they were used to being able to type
"wikipedia" into Firefox's address bar and be redirected directly to
wikipedia, for example).

I couldn't get the ISP to budge and the client didn't want to change ISPs, so
I ended up setting everybody up on some public SBC DNS servers I know about.

With all respect due to davidu, this "functionality" in OpenDNS has caused me
to feel a raging hatred for it every time its name is mentioned.

------
datums
So how does google benefit from me sending them my dns requests . . . , They
can serve me "domain not found pages" w/ads (works for OpenDNS), unless I'm a
server. If enough people/servers use it they can control how traffic is sent
to specific domains (this would be evil). I don't necessary think my request
will be a lot faster adding ms, per extra hop. What I don't like about ISPs is
there disregard for TTLs. They set their own TTLs so they don't have to make a
new request. With a large distributed cache it could mean less hops, I'd love
to see a diagram of their dns infrastructure. I've used 4.2.2.1 - 4.2.2.4
(level3) in the past.

~~~
datums
So I thought about a bit. Google is not interested in redirection $$. They
want to own the experience. As far as collecting your browsing behavior, they
probably can easily do that with the toolbar. There operating systems can
benefit from having geoDNS ip responses. Anyone know if this was a project
worked on using the 20% do what you like google perk?

If google decided to do something evil. ISP can easily redirect port 53
udp/tcp traffic to their own servers.

