

David Ulevitch: Some thoughts on Google DNS - drallison
http://blog.opendns.com/2009/12/03/opendns-google-dns/

======
tptacek
_Third, Google claims that this service is better because it has no ads or
redirection. But you have to remember they are also the largest advertising
and redirection company on the Internet. To think that Google’s DNS service is
for the benefit of the Internet would be naive._

In other words: Google's DNS service has no ads or redirections. Ours does.
But that doesn't make our service worse, because Google is an ad company.

~~~
davidu
They just do it at a different layer. They do it in the toolbar or chrome.
It's no different, plus users can turn it off if they want with us. It's all
in users hands.

~~~
jeff18
"It's no different"

Actually, it is. Google's DNS has no ads. Yours, by default, does.

Also, FYI, Chrome and the Google toolbar have no ads. It sounds like you have
your head in the sand, or are deliberately spreading FUD. I hope it's the
former.

~~~
Retric
It just occurred to me that by using DNS without any filters Google is going
to take people to domain squatters when someone mistypes a domain name. To get
around this users are going to continue to type the domain (or company name)
into Google and click on the first link and some of them will click on the
_advertising_ link. An "improved" form of DNS _is_ a direct threat to Google's
profit.

~~~
tptacek
That "improved" form of DNS breaks the DNS. Read what the IAB wrote about it.
Think about what it does to things like email. It's just a bad, bad idea.

~~~
Retric
DNS like IPv4 is just a protocol. Creating a new protocol that returns the
same IP address as DNS along with a safety score and text description, and a
list of alternative domain names with their IP's and safety scores is not a
crime against humanity. And hacking the existing DNS protocol to do much the
same thing can also be a reasonable thing to do.

~~~
tptacek
You understand that NXDOMAIN redirectors are getting copies of cookies, right?

    
    
       wwwwwwwwwwwwwww.bankofamerica.com has address 208.69.36.132
       wwwwwwwwwwwwwww.matasano.com has address 208.69.36.132

~~~
pyre
I think that you mean _access to_ cookies. I doubt that Comcast is stealing
your Bank of America cookies, but it's troubling that they have access to
them. [Not necessarily _my_ cookies, as I'm not on Comcast, and I don't use
ISP-provided DNS anyways]

~~~
tptacek
That's OpenDNS, not Comcast.

~~~
pyre
IIRC, Comcast was getting into this too. I'm referring to the specific
practice of NXDOMAIN redirecting. Not just OpenDNS's practices.

[http://www.semicomplete.com/blog/geekery/comcast-dns-
hijack-...](http://www.semicomplete.com/blog/geekery/comcast-dns-hijack-
breaks-things.html)

------
sanj
* To think that Google’s DNS service is for the benefit of the Internet would be naive. *

Google believe that making the internet better benefits them. They largely
don't feel they need to monetize every niche there.

------
agnokapathetic
_To think that Google’s DNS service is for the benefit of the Internet would
be naive._

I'm not so sure, it is starting to seem like Google has worked out essentially
that Revenue = User-Time on Internet. The Chrome project is one example, a
better faster internet is in Google's best interest.

~~~
roc
And, like many of their other projects, they seem to be content to throw their
hat in the ring just to keep everyone else honest.

Broken DNS is a threat. But they don't need to answer all DNS requests to
protect against it. They just need a non-broken service as a credible threat
to keep the other providers from sliding in that direction.

------
mtarnovan
Lots of FUD, not so much useful stuff.

~~~
Sidnicious
Agreed. Responding to competition by trying to scare your users away from the
competitor isn't healthy.

~~~
Confusion
It's a tactic politicians have successfully used for ages. If it works, you
can't blame a company for doing it. They're not in it for the ethics, but for
the money.

------
dfranke
I don't want "Dashboard controls to manage your experience the way you want
for you, your family or your organization". I just want a DNS server that
obeys the goddamn protocol.

~~~
Steve0
That's your choice of course. If you work in a small school it's easy to block
unsuitable sites this way.Another alternative would be the level 3 dns
servers, easy to remember, pretty fast and no alteration of records.

------
phsr
David's 5th point is the most important, at least in my opinion. By Google
running DNS, they can potentially collect your complete browsing behavior
(since you'll go through their server all the time, not only when you search
with them).

~~~
robotron
<http://code.google.com/speed/public-dns/privacy.html>

~~~
tptacek
Compare to: <http://www.opendns.com/privacy/>

Heh.

~~~
rimantas
What's interesting, David links only to OpenDNS policy, but does not provide a
link to Google's which would make an easier to compare…

~~~
sriramk
Wow - OpenDNS's privavy policy is much worse than Google's!

------
wglb
Well, _First, it’s not the same as OpenDNS. When you use Google DNS, you are
getting the experience they prescribe._ \--turns out they did not prescribe
that, the standards perscribe that. OpenDNS breaks the protocol.

 _Second, it means that Google realizes that DNS is a critical piece of our
Internet’s infrastructure and that it’s of strategic importance to help people
safely and reliably navigate the Internet._ \-- This is not very astonishing,
as it is pretty much the definition of what DNS is.

 _Third, Google claims that this service is better because it has no ads or
redirection._ \-- And that is because ads and redirection are nonstandard,
broken behavior.

 _Fourth, it means that Google is bringing awareness to a wide audience that
there is a choice when it comes to DNS and that users don’t have to settle for
what their ISP provides._ \-- And they don't have to settle for broken
behavior that other services provide.

 _Fifth, it’s not clear that Internet users really want Google to keep control
over so much more of their Internet experience than they do already_ \-- If
more control means correct behavior, then they might think so.

------
doosra
The fine-grained control is a plus for openDNS.

Second, from the stories that seem to pop up, google's achilles heel is it's
customer service. OpenDNS might be able to do better.

~~~
pyre
Using their DNS server shouldn't require much user input. Nonetheless, most
people use their ISP's DNS servers, and let me tell you that Comcast support
will _always_ tell you that your computer is at fault if there is a DNS issue.
Google is entering a domain where poor customer service is the norm.

Edit: just realized the pun... totally unintended, but funny to see an 'Easter
Egg' of sorts hidden from you in your own post.

------
raphar
A couple of questions:

Hasn't google tried to acquire OpenDns? It's a no brainer!

Has been any contact between the two companies?

The scenario of google (or any company) controling internet traffic is not a
nice one :(

~~~
evgen
Why bother trying to acquire them when there is nothing technically difficult
about what opendns is doing and when google has more resources and technical
expertise to bring to bear on the problem? What exactly would you expect
opendns to bring to the table other than a trademark and a somewhat
controversial reputation?

To be honest I am somewhat surprised that opendns has lasted as long as they
have, but I expected the attack to come from the akamai/cdn direction rather
than directly from google.

------
davidw
I think what makes me nervous about it is that I can't even control my _own_
sites any more if I use Google's DNS, and get the "mysterious Google lockout
with no recourse".

~~~
theBobMcCormick
That makes no sense at all. How would using Google DNS remove your control of
your own domain? Google DNS is just a resolver, it's not an authoritative DNS.
If you were "locked out" for some reason you could just go back to using your
ISP dns servers. Where's the problem?

~~~
davidw
Err... sorry - let's chalk that up to flu leftovers in my head. I was thinking
of a Google DNS service for one's own domains ala EveryDNS.

------
samaparicio
Take the FUD point of view if you want. I don't see it. When a giant enters
your market, this is a great way to react. No dismissal of their impact,
validation that you created a market, desire to keep on competing, and
ultimately, positioning positioning positioning of your competitive
differentiators... I applaud David for his post and I think we can all learn.

