Anyone using Google DNS?
I'd like to learn about your experiences and hear your questions.

I have a few questions...

1. Is there a test page? (I don't think so.)
Google's instructions for testing (http://code.google.com/speed/public-dns/docs/using.html#testing) are not very valid, imo. Let's just say they aren't as confirming as the Norton or ClearCloud test page. The most effective way I can come up with is to confirm that I am not running any of the others (that I switched from).

2. Anyone have any insights into Google DNS security?
After checking here (http://code.google.com/speed/public-dns/docs/security.html), I learn that the service does quite a bit on the security front, yet it doesn't block or filter.

3. Anyone done any speed testing? I've only conducted informal, anecdotal testing (this one felt faster than that one, etc), and can say that Google DNS is right up there with Norton, ClearCloud, Open and Comodo Secure DNS. But again, I emphasize, I have conducted little if any benchmark testing. It feels very fast.

All in all, I am impressed with the volumes of info available on the Google DNS security approach, as outlined in the link provided above. In fact, they go into far more detail than any other service I have seen. And it seems logical that Google DNS makes a good partner to Google Chrome.

-{ Quote: "
After checking here (http://code.google.com/speed/public-dns/docs/security.html), I learn that the service does quite a bit on the security front, yet it doesn't block or filter." }-

Those are standard procedures that most public DNS providers have. Really, the only benefit of choosing GoogleDNS is if it's faster than your ISP's DNS.

Nothing is faster than my ISP's DNS but I choose a malware blocking DNS service for an extra safety net, I don't care about +5ms.

Google DNS makes it very clear that it will never prevent sites from showing up. It's not "into" that I guess. But it does protect the DNS servers themselves very well while providing you great speeds.

Why would Anyone CHOOSE to route ALL their www's through google ?

You do know they store Everything, & Forever, & can cross reference Everything against your IP. Maybe your ISP does too, but NONE of that data is not available to be publically mined, unlike google's can be !

Pass :P

Nothing to hide nothing to fear.

And if I'm going to trust a company with my information I'll trust Google. Why? Because I know multiple people who work there and I like their philanthropic standpoint that (over 3 years) has donated more than 800million to clean energy while also being one of the most carbon neutral companies.

-{ Quote: "Those are standard procedures that most public DNS providers have. Really, the only benefit of choosing GoogleDNS is if it's faster than your ISP's DNS." }-
How do you know what procedures most DNS providers follow if they don't publish those procedures?

The following sentence from Google sounds like it is saying that all providers do NOT implement the same solutions...
-{ Quote: "Until a standard system-wide solution to DNS vulnerabilities is universally implemented, such as the DNSSEC2 protocol, open DNS resolvers need to independently take some measures to mitigate against known threats." }-
-{ Quote: "Many techniques have been proposed; see IETF RFC 5452: Measures for making DNS more resilient against forged answers for an overview of most of them. In Google Public DNS, we have implemented, and we recommend, the following approaches:
∙ Securing your code against buffer overflows, particularly the code responsible for parsing and serializing DNS messages.
∙ Overprovisioning machine resources to protect against direct DoS attacks on the resolvers themselves. Since IP addresses are trivial for attackers to forge, it's impossible to block queries based on IP address or subnet; the only effective way to handle such attacks is to simply absorb the load.

∙ Implementing basic validity-checking of response packets and of nameserver credibility, to protect against simple cache poisoning. These are standard mechanisms and sanity checks that any standards-compliant caching resolver should perform.

∙ Adding entropy to request messages, to reduce the probability of more sophisticated spoofing/cache poisoning attacks such as Kaminsky attacks. There are many recommended techniques for adding entropy, including randomizing source ports; randomizing the choice of nameservers (destination IP addresses); randomizing case in name requests; and appending nonce prefixes to name requests. Below, we give an overview of the benefits, limitations, and challenges of each of these techniques, and discuss how we implemented them in Google Public DNS.

∙ Removing duplicate queries, to combat the probability of "birthday attacks".

∙ Rate-limiting requests, to prevent DoS and amplification attacks.
Monitoring the service for the client IPs using the most bandwidth and experiencing the highest response-to-request size ratio.

In addition, Google Public DNS' prefetching system, which we developed to improve performance, provides fringe security benefits. It allows us to:

∙ Strictly prioritize prefetch traffic above user traffic, thereby rate-limiting traffic to nameservers.
∙ Partition caches according to the type of traffic, preventing attackers from writing garbage entries to the prefetch cache; and preventing the prefetch system from reading poisoned delegations from the user cache.
∙ Keep enough popular names in the cache to satisfy most user queries, continuing to serve users even when under attack." }-

-{ Quote: "Nothing to hide nothing to fear.

And if I'm going to trust a company with my information I'll trust Google. Why? Because I know multiple people who work there and I like their philanthropic standpoint that (over 3 years) has donated more than 800million to clean energy while also being one of the most carbon neutral companies." }-

Something in your Security Setup says otherwise.

-{ Quote: "Anonymous usage statistics/ anything that makes a call to Google (about my browsing habits) is disabled" }-

So, if nothing to fear... why hide?

-{ Quote: "Why would Anyone CHOOSE to route ALL their www's through google ?

You do know they store Everything, & Forever, & can cross reference Everything against your IP. Maybe your ISP does too, but NONE of that data is not available to be publically mined, unlike google's can be !

Pass :P" }-
Hello CloneRanger

If you choose to believe Google (big "if" there, right?), here (http://code.google.com/speed/public-dns/faq.html#privacy) is what they say, in part, about storing everything & forever...

-{ Quote: "With Google Public DNS, we collect IP address (only temporarily) and ISP and location information (in permanent logs) for the purpose of making our service faster, better and more secure. Specifically, we use this data to conduct debugging, to analyze abuse phenomena and to improve our prefetching feature. After 24 hours, we erase any IP information.
Does Google share the information it collects from the Google Public DNS service with anyone else?
No. " }-

-{ Quote: "Something in your Security Setup says otherwise.



So, if nothing to fear... why hide?" }-
Mostly because I don't need the services that those provide. I still send anonymous crash reports and I send malicious website reports as well.

However I don't use "Use a web service to help resolve navigation errors" nor do I use "Use a prediction service to help complete search and URL's typed in the address bar" because I don't like those services.

That's still a privacy feature so I figured I'd put it in my security setup.

Originally Posted by Hungry Man

-{ Quote: "And if I'm going to trust a company with my information I'll trust Google. Why? Because I know multiple people who work there " }-

I used to know someone who worked in a Super Top Secret USA Spy Base, nice guy, but what They did, & still do, ain't so nice !

-{ Quote: "and I like their philanthropic standpoint that (over 3 years) has donated more than 800million to clean energy while also being one of the most carbon neutral companies." }-

Don't get me going on that person who supposedly "invented the internet" & his Multi $M crooked CO2 schemes >:( See my sig for real FACTS about so called Global Warming etc :thumb:

@ Page42

Hi, thanks for that :thumb: But it doesn't reassure me :P

My point about knowing people there is that we've talked about Google's practices.

I uh... don't really feel like discussing global warming... I tend to avoid talking to you in general because you're nuts... no offense >_>

edit: Eh, that's meaner than I want to be. I mostly just disagree with everything you say and you seem like a typical conspiracy "theorist" and I've talked to enough of you to know I'm wasting my time and yours.

@ Hungry Man

You brought up the subject of,

-{ Quote: "clean energy & "carbon neutral" companies." }-

Not me ;D I only pointed out the way to find out the FACTS !

-{ Quote: "conspiracy "theorist"" }- Not me, only interested in FACTS about conspiracys :)

Me Nuts, coming from you, i'll take it as a compliment :P

K... like I said... not interested in any sort of discussion, I've learned my lesson talking to people like you... "facts" are only "facts" when you people want them to be and when they come from so-called reputable sources (aka Alex Jones and other nutjobs.)

Meanwhile, getting back on topic would be a plus.

The subject of trust inevitably seems to come up when one mentions Google.
Since I trust myself, anyone I trust after that is just a sub-set of trusting myself.

Being overly concerned about privacy on the internet is akin to jumping in a pool of water and worrying about getting wet.

Does anyone think that Google DNS is doing anything any different than other services?

In terms of securing their databases? Yes, they seem to imply that not everything they do is standard.

Definitely the impression I got as well.

Why anonymous reports when you have nothing to hide Hungry Man? What's the point of privacy features? Of course, you can't fit into it's literal definition.

Anyhow, I don't find Google DNS that useful, because I'm more interested in the security of my computers than their servers.

Sorry to break the news, but the "facts" on both sides of the green issue are construed and distorted to achieve the agenda that each side wants to achieve.

Much of the information people are fed is given a bias. You really can't trust either side unless you are on that side. For someone like myself who attempts to have rational reasoning, both sides are extreme and not to be trusted fully.

This applies to so much in life, whether environmentalism, goverment, religion or even computer security.

Sul.

Then just weigh in on the security aspect, Sul, and forget the green stuff.
I'm looking for input in a DNS service, not a clean energy discussion. 8)

-{ Quote: "Then just weigh in on the security aspect, Sul, and forget the green stuff.
I'm looking for input in a DNS service, not a clean energy discussion. 8)" }-
My point is, regarding Google DNS, as with the other aspects I mentioned, the end user is given "information" which is likely to have a spin on it IF it came from one camp or the other. Is Google tracking users of that service? Or are they only providing a secure service?

It is always more challenging to find an unbiased opinion based on fact in circumstances like these, isn't it?

Sul.

I understand, Sul.
It often comes down to a case of who you choose to believe.
Do you use a DNS service?
Do you have an opinion on the security that Google DNS claims to offer with its service?
One poster stated that they all pretty much offer the same thing.
Google, in my opinion, sure goes out of their way to reveal what they offer... even if it is offered by everyone.
At least Google is describing what they do, which makes me tend to believe more of the "spin" you were alluding to.
:)

-{ Quote: "
1. Is there a test page? (I don't think so.)
Google's instructions for testing (http://code.google.com/speed/public-dns/docs/using.html#testing) are not very valid, imo." }-

Probably the easiest way is to use nslookup.

228027

Ever since there's been threads about DNS, I've tried several and I ended up using Google DNS for its speed. It is a matter of perception, I can't give exact figures, like Page says it feels very fast.

I don't know about security, but what kind of threats could there be that can't be dealt with my own security applications?

If your DNS server is unprotected it can be poisoned. This can lead you to go to sites that may LOOK legitimate (you'll try to go to facebook, it'll take you to "facebok.com" or something) and then you'll enter incorrect information. Or the webpage will try to download malware or try to exploit your browsers/ plugins.

http://www.grc.com/dns/benchmark.htm

https://www.grc.com/dns/dns.htm

These should help you find the fastest and most secure DNS servers for your system. Use them wisely.

-{ Quote: "These should help you find the fastest and most secure DNS servers for your system. Use them wisely." }-
Thanks, SirPeterPan.
I have run the Benchmark test previously, and honestly thought all the GRC tests pertained to speed only.
Now I see otherwise.
I just ran thru a spoofability test for Google DNS on my system.
I plan to run the same tests with Norton DNS, ClearCloud and Comodo Secure DNS, and then of course compare results.
I may end up :wacko: by that time.

Don't forget to run the build custom nameserver list (http://www.grc.com/dns/custom-list.htm) of the GRC DNS Benchmark tool.

That might require about 40 minutes, but in the end you will be 100% sure that the fastest DNS servers available will be tested.

Also remember that ClearCloud will be discontinued soon:
-{ Quote: "Effective September 1, 2011, GFI's ClearCloud DNS service will be discontinued and no longer available for consumer use. We would like to thank all of the beta testers for their valuable feedback throughout this last 12 month evaluation period. To discontinue using the ClearCloud DNS service, you will need to reconfigure your network connection. If this is not done prior to September 1, 2011, your Internet connectivity will be interrupted. Learn how to remove ClearCloud DNS from your computer by clicking here (http://www.clearclouddns.com/FAQ/#6). " }-

Yep, I know CC is being discontinued.
As I mentioned yesterday, I seem to be alternating between Norton DNS, Comodo Secure DNS and now Google DNS.
I used to have ClearCloud in that mix, but since they are discontinuing the service, I moved on. ;)

Let me ask you, in the GRC DNS Nameserver Spoofability Test, by any chance do you know if it is a good thing, or a bad thing, when "significant additional randomness has been introduced into this nameserver's queries"?
228035

No idea.

Does that program give any advantages over namebench?

I've given up on the while 3rd party DNS thing. Google doesn't really offer a different experience than using the Level 3 public servers. OpenDNS is faster sometimes, but not others. Norton has too many false positives and is slow to pick up newly registered domains. None of them are faster than the ISP's servers. After much experimenting I find nothing to gain. YMMV.

I've only experienced 2 FPs with Norton so far - both fixed very fast, faster than CC would.

I'm curious how you can claim that a service that is a completely free malicious site block list, and uses no resources on your machine, can be of no benefit. It's like claiming browsers having their own blacklists is of no benefit.

If you wish not to, just PM me the sites that were blocked, and I'll post it over on their forums.

-{ Quote: "I've given up on the while 3rd party DNS thing. Google doesn't really offer a different experience than using the Level 3 public servers. OpenDNS is faster sometimes, but not others. Norton has too many false positives and is slow to pick up newly registered domains. None of them are faster than the ISP's servers. After much experimenting I find nothing to gain. YMMV." }-
Same here. After trying that nifty little benchmark program (thanks SirPeterPan) even Google DNS was way slower than local servers. After all I'm very well equipped to cope with infected websites, hence I picked a fast server. Speed is intoxicating.

-{ Quote: "..I'm curious how you can claim that a service that is a completely free malicious site block list, and uses no resources on your machine, can be of no benefit..." }-

Firstly, they are slower so that is a minus. Secondly, as IT Manager where I work I provide my own blocklists and security from other sources, nothing gained there. Thirdly, my boss owns hundred of domains and whenever we change anything Norton DNS takes days to pick it up and we can't access our own sites (this is my biggest complaint).

I appreciate their free offering but for myself it causes more problems than it solves. Maybe if they get faster at picking up new DNS A records I'll reconsider.

Ok, I thought you were speaking as a home user. Generally, businesses use business class products/licenses.

-{ Quote: "Ok, I thought you were speaking as a home user. Generally, businesses use business class products/licenses." }-

Yep. It's probably a great service for a home user, especially if kids are around. But I don't have that problem. ;D