Google DNS has an effect if your ISP uses a Proxy?

Discussion in 'privacy technology' started by berryracer, Sep 5, 2011.

Thread Status:
Not open for further replies.
  1. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    I want to use Google DNS rather than my ISP's but I heard that if your ISP uses a Proxy server for its connections, then it wont have any effect, is that true?
     
  2. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    anyoneo_Oo_O?
     
  3. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Gives me UNKNOWN for a lot
     
  5. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    From a Security point of view, 'why someone prefers Google DNS over Norton DNS?' o_O
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    preference and they just probably think that Google DNS is less likely to get compromised than Norton DNS or probably it is much faster :D

    or they just pick the one more trustworthy for them :D
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Yes, if I remember correctly, if the connection goes through a proxy, then that proxy usually resolves the names, and not your selected DNS. It's simple to test this: leave the DNS fields in the network adapter's setup empty and try to access an internet site. if it works, it means someone/something else than your DNS is resolving the names.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Google's servers are less likely to get compromised in my opinion. Why? Because I trust Google to secure their servers well.

    http://code.google.com/speed/public-dns/docs/security.html
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Seriously? This is coming from the company that got exploited by China for using old versions of IE6. But ok, I think you'd give your soul to Google.

    Their servers are no more secure that those of OpenDNS and NortonDNS(DynDNS). You can use the GRC test to check what security procedures your DNS servers support.
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Google's servers "probably" won't get compromised by Malware etc, but they sure can & are Permanently tapped into by the NSA, as are nearly All, if not ALL USA ISP's !

    Remember AT&T's San Francisco's not so "secret" anymore room :D & that's just one of Many around the USA, All linked together & fed back to the NSA via Big Fat Pipes !
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Well, I'm no conspiracy theorist or privacy paranoid person (though I do use Scroogle as I prefer it). I just find it funny when someone comes and advertises (dare I say preaches?) a product with nothing other than "trust(faith) in the company".

    Keep these things in the Opera and Apple cults, Google doesn't need to be ruined by them.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Somehow the words Google and security in the same sentence give me a chuckle. We all know what they do, so I won't go down that road again. However, both Clone and Funky have good points. Your personal trust is not a good reason to use to explain away the possibility of Google getting utterly "pwned" again. Just because Google put a sandbox in Chrome doesn't mean they can secure everything, and I'd say Google is a pretty high value target. They might be able to fend off tomfoolery, but a focused, highly skilled attacker or funded operation against them is a different game.
     
  13. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    Thank you, same goes for subjective preferences to so called issues of browser security, anyone using Google Chrome shouldn't talk about security. Btw, long time user of Google DNS here ;)
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Sorry to blow out the fire of the party, the following is constructed using cold hard facts made possible by the awesome work of Mr. Steve Gibson (https://www.grc.com/dns/dns.htm). No magic, faith, or trust were included in the creation of the following evidence.

    NortonDNS(DynDNS backend) Anti-Spoofing Rating: Excellent
    dyn.png

    GoogleDNS Anti-Spoofing Rating: Moderate
    google.png


    Not only does GoogleDNS score a worryingly "moderate", it also has ZERO support for DNSSEC. Sorry Hungry.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Did I get into an argument without realizing it? o_o

    I'll post my response later... but I was never trying to incite debate. I felt that that was fairly clear when I said it was my personal preference. I was not "knocking" any other DNS or making any assumptions based on contrasting facts (I certainly didn't cite any studies on Norton) I only knew how Google secured their servers so that's what I posted about.
     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    You quoted someone who compared Norton against Google and you stated Google was less likely to be compromised because you "trust" Google, opinion or not, you still broadcasted it as a reason to pick one over the other, a.k.a. a comparison. I'm sure you can see how people would like to see such a claim backed up by facts, not "trust". After all, we're here to learn.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I stated that my opinion was that Google had some strong security implementations in place. I don't know a lot about how Norton secures them.

    If I had facts to back it up I certainly would not have said it was my opinion or that it was a matter of faith/trust. I think I've made it clear that I have absolutely no issues saying that I'm right about something and (at least attempting) to back it up.

    I'm writing a post right now, I just have to rerun your test because I forgot to copy something down the first time.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't know what they do apparently. I must be missing something.

    I know that they provide one of the most secure browsers and operating systems.

    My "trust" has no bearing on this. My "trust" was based on the single article I'd read provided by google. I felt that by even adding the word "trust" and "my opinion" to my post it was fairly clear that this was not some definitive statement.

    If I were to do something like that I'd say "Chrome is objevtively the most secure browser." =p not "I put my trust in Chrome because it is in my opinion the most secure browser."

    -------

    This is really the main post I want to respond to because here's where the ACTUAL content is.

    First of all, that site is great. Lots of information and the test is very reliable.

    I'd like to point out that this site is in fact linked to in Google's page about DNS Cache security:
    http://code.google.com/speed/public-dns/docs/security.html

    I'd also like to point out what the moderate score actually means.

    Kaminksi (hope I spelled that correctly) says it himself:
    Even though on or more of the spoofability parameters shown above does indicate a worrying spoofability grade of "Moderate" (you can replace this with anything other than excellent and you get the same speech), our attempt to directly quiery this server from the Internet failed.

    I think that's an important note. Is the security less that Norton? In terms of this specific test, absolutely. Does this particular vulnerability succeed? No.


    Now, DNSSEC. Certainly a plus for Norton!

    Here's what Google has to say on the matter:
    It seems that they believe that until DNSSEC2 becomes a standard it's best to use other mitigations. I don't necessarily agree and I'm sure you won't either.

    You have nothing to apologize for, I could care less whose DNS is more secure in terms of brand loyalty. I think it's fair to say that Norton does a better job securing the servers themselves and on top of that they provide further malware protection by blocking known-malicious hosts.

    I was somewhat surprised by the "jump" to prove me wrong about what was fairly clearly not a well evidenced opinion. I thought that was fairly clear - I had only meant to provide some food for thought and a little light reading =p

    tl;dr I agree with you. I'm not sure how my one post was somehow half of an argument haha but it certainly was not intended to be that way!
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Oopsies I messed up the formatting a bit. Feel free to reload and see the first half of my post.

    I went ahead and responded to multiple people so you can feel free to just skip to whichever part is a response to you =p or read the whole thing, whichever.
     
    Last edited: Sep 11, 2011
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Marketing must work well on you. :D You don't get people using your service without creating a large article about the security features you provide to try dazzle the users. After all there is only one reason Google does DNS, tracking.

    Without going too offtopic... I apologize for being completely bemused by you recommending a service based on nothing other than faith... Like I've already stated, I'd rather not see Google generating a cult like Opera or Apple, something you are clearly expressing. I like Chrome and I like Google search (it makes Scroogle possible), the only reason I don't let Opera near my system anymore, or consider iProducts is quite simply the ridiculous cult of "faith" following consumers(advertisers?).

    Anyway, I've my my point.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not really. When Google DNS first came out it was noticeably faster and that's why I used it. I'd never seen marketing for it and I wouldn't call an info pagemarketing either.

    People often mistake my assumption that I'm right (and I do almost always work on that assumption) for some sort of brand loyalty. I do not care about Google. If someone started accusing Microsoft or Mozilla of things I'd defend them too (if I felt they were innocent.) I'm on quite a lot of forums and I hear so much crap about Chrome antitrust when it's all BS - it's virtually 100% open source (just not the PDF reader) it's just become knee-jerk to correct people.

    EDIT: Remember, CHROME antitrust. Not Google.

    I would not consider myself a fanboy. I used Firefox for years when I considered it better than Chrome and as soon as I considered Chrome better I jumped ship - I care just as much for Google as I did for Mozilla, not at all.

    I'll happily switch to Norton after I do my own tests/ research.
     
  22. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hey Hungry, just so I can make my own self clear, my post wasn't an attack. What I meant by trust not being good enough to explain the security or lack thereof of something, is that you really can't trust anyone but your own self. It's really, imho, pretty silly to put "faith" in a product or service. They all fail in one way or another, and all companies are there to take cash, not to be your friend. Okay, before I go too far off the track here, lol, what I meant by "we all know what they do", was that we all know every service they provide is in return for the data we put into their search engine, the websites we visit, the things we buy, and so on, to pass along to advertisers.

    At this point, and yeah, I will be this harsh, it's pretty stupid of anyone to think Google is not doing these things. There has been plenty of evidence that they do over the years, and they have been caught with their pants down enough to prove things without meandering off to Google to post an article about it here.

    You give up a lot to use their services, and that's fact. Some people don't mind, some people do. Keep in mind security is not (to many people), simply about keeping malware out. Privacy is a factor too, and, again, there is plenty of information out there to show Google is not what you use for privacy. I'm not against Chrome, I'm not against their search engine, I have no deep seated urge to watch Google crumble. It simply is what it is.

    So, that's what I meant by my post, it wasn't an attacking post. Use what you feel is safe and works best for you. We're all big boys and girls, we have brains, we can decide things for ourselves.
     
  23. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Using Google DNS now
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Agreed. Everything about using Google DNS just seems so wrong to me. No way I'd trust them. I've eliminated all things Google from my setup. I would sooner just trust my ISP's DNS servers over Google. I believe it is largely about trust, personally.

    I really don't have to worry about it now that I'm using a VPN, I use their DNS servers. I use Comodo Secure DNS otherwise, only because I use their FW/D+ and choose it during setup. But looking at it objectively, on paper it looks like Norton's has the best DNS service at this time. But that may no longer be the case once Comodo Secure DNS 2.0 is unleashed? Looks really good.
     
Loading...
Thread Status:
Not open for further replies.