Public DNS servers

[ykrapsp]

Hey there guys got a question,

Are there any security risks involved when using a public DNS server like Google's or Open DNS? I mean the DNS requests are actually send over the internet, instead of to your local ISP, right? Does anyone know if they keep logs of the DNS request you send them?

Can anyone provide some more info on this topic?

Cheers!

[TOMxEU]

DNS requests are usualy send over the internet, even for local providers, my local ISP has DNS servers in other towm, my previous ISP has them in other country.
Local providers also keep log records, depends on the local laws for how long and how detailed, so not just for DNS requests, but for any unencrypted traffic as well.

[ykrapsp]

Hey, thanks for your reply, really appreciate it.

I'm using OpenDNS now since it is very fast compared to my ISP DNS. The only thing im worried about is that keep record of my DNS requests. I'm not sure what to do.

[TOMxEU]

You might try other DNS services, which have more restrictive privacy policy unlike www.opendns.com/privacy , for example: https://dns.norton.com/dnsweb/privacy.do .

Quote:

How long we keep the information

The information is typically purged within two (2) days.

[ykrapsp]

Thanks, I might switch to Norton DNS then.

Hmmm should I be worried when using a third party public DNS? Or am I just being too paranoid here?

[TOMxEU]

I would, actually I trust public DNS, which is being thoroughly checked by experts and used by millions, rather then some local ISP, who can secretly do whatever he wants.

[PaulyDefran]

Some others:

http://server.privacyfoundation.de/index_en.html

PD

[ykrapsp]

Quote:

Originally Posted by PaulyDefran

Some others:

http://server.privacyfoundation.de/index_en.html

PD

Hmm are these servers you mentioning part of a Tor Exit Node? Really don't trust those to be honest.

I prefer well-known and widely used public DNS servers. I just wonder if I should use them over my ISP's.

[TOMxEU]

DNSCrypt for Windows is available in alpha version for public, it encrypts traffic from PC to DNS server. http://www.wilderssecurity.com/showthread.php?t=322957

[ykrapsp]

Hmm is it necessary to use a tool like that? Currently using Norton DNS and I have to say, I can see a significant change in speed. I'm still not sure what to think about the privacy side of all this

[awkwardpenguin]

There's a lot more out there to pick from than just OpenDNS or Norton, some which state they have no logging policies.
http://www.wilderssecurity.com/showthread.php?t=317807

[ykrapsp]

So, I just read that OpenDNS reached 50 million users. It's hard to believe that they have the capacity and ability to keep logs for all those users right?

[treehouse786]

Quote:

Originally Posted by TOMxEU

I would, actually I trust public DNS, which is being thoroughly checked by experts and used by millions, rather then some local ISP, who can secretly do whatever he wants.

my thoughts exactly

[ykrapsp]

Quote:

Originally Posted by treehouse786

my thoughts exactly

Certainly have a point here. But since I'm not a resident of the US, I don't really like sending my DNS requests to a US-based DNS Server. The US-law is less strict compared to the one in my country, which means its much easier (in general) for 'individuals' to retrieve anyone's sensible info.

On the other hand, my ISP's DNS servers are really bad. Monthly, there are failures in the servers, which really annoys me.

Besides that, the OpenDNS privacy policy doesn't really state how and the amount of time the info is stored. Unfortunately there are no alternatives.