
Ask HN: What happens if Google's Public DNS fails? 8.8.8.8 8.8.4.4 - therealmarv
I know that Google has probably the best servers in the world. But seeing how many people and companies (even seen it on  telecommunication companies) rely on it is frightening.
======
xja
It's strange how the fact that it has an easily rememberable IP address has
driven adoption of 8.8.8.8. I have a couple of other DNS servers memorized
from before 8.8.8.8 appeared, I'd likely switch to them.

I guess the predictable would happen. Badly configured systems would stop
working. Systems with a working secondary DNS would keep working.

More interesting question is what could you do if 8.8.8.8 was compromised?
That could be interesting.

~~~
Piskvorrr
Compromised? Not much to do, but it also wouldn't _hurt_ much. A rogue DNS can
mishandle your queries, but in this age of HTTPS and SSH and whatnot, you
should see right away that you're not connecting to legitimate endpoints:
certificates aren't going to match.

~~~
therealmarv
The country Turkey compromised the Google DNS IPs once. It's also a way to
block certain websites (no matter if HTTPS or not):
[http://arstechnica.com/information-
technology/2014/03/turkey...](http://arstechnica.com/information-
technology/2014/03/turkey-now-blocking-social-media-by-hijacking-google-dns/)

~~~
Piskvorrr
Nope. Just rerouted packets going for 8.8.8.8 somewhere else; that's a MITM,
not a compromise (although with an unauthenticated service such as DNS, the
difference is academic for the client). Still, the sites are still accessible
if you can get the IP address from somewhere else - which can be a different
DNS server or even the _hosts_ file.

I do agree that such block is enough to deter most non-technical users.

~~~
therealmarv
That article is also old. I'm guessing Turkey has upgraded and maybe bought
some tech from the Greate Firewall of China ;)

------
Piskvorrr
It's just one of the (many) available options. E.g. there's OpenDNS with
208.67.222.222 and 208.67.220.220 - and most importantly, there's the local
DNS provided by ISP. That one is supposed to be the primary one, with Google's
and OpenDNS's servers being a _fallback_ or an _alternative_.

I use both G and ODNS - when the local defaults aren't working. I definitely
would not recommend these as your _primary_ servers, precisely because they're
provided merely as a courtesy to you, without any guarantees whatsoever.

------
konart
Well, first of all, just like any sane person have backups (your files, your
plans etc) - any sane person or business have (or at least should have) a
backup configuration in case prefered DNS goes down.

So this is not a problem really.

------
LinuxBender
If the open resolvers fail, people will have to go back to the method the
internet has used since it's inception of utilizing the internet root servers.

