HomeBlogscarneeki's blog

Google's Public DNS Product, a simple explanation

Submitted by carneeki on Wed, 12/09/2009 - 22:09

Next time you're setting up a network and you want to use a DNS server; consider that Google now offer a public DNS service very similar to the OpenDNS offering.

For those already in the know of these things, the Google IP addresses are *very* simple to remember;
Primary: 8.8.8.8
Secondary: 8.8.4.4

The OpenDNS IPs are almost as simple;
Primary: 208.67.222.222
Secondary: 208.67.220.220

For those who are interested in more information - the DNS "Domain Name System" is like a phone book for your computer to use the Internet. Each time you type in a website, your computer looks up the name and turns it into a set of numbers in the background so you don't need to worry about it except when setting up for the first time. Usually your ISP will offer this service; however other companies are starting to offer it too.

What is the benefit in using a service not located at my ISP? Wouldn't my ISP be a better choice because they're servers are closer to me (network wise)?

Usually yes, using a service hosted at your ISP would be faster; however, DNS is this system designed to be resilient against the kind of failures we don't typically see on the Internet anymore. DNS uses a lot caching of tiny results (these "phonebook" results) and they have an expiry which is typically anywhere from 30 minutes to several hours (or several days depending on the kind of result). This is important, because such short expiry times mean more lookups more frequently. So when you hit your ISP, your ISP then starts a long chain of queries on your behalf.

But this doesn't explain how Google will do a better job

No, but I had to give you the background so you knew how DNS works right now so you can see how Google's might be better for you.

Chances are, Google have a DNS server near you. Sure that 8.8.8.8 IP address might look like it's in the US, but using some pretty funky techniques involving things called "AS Numbers" along with BGP (another blog topic entirely), you could actually be really connected to a server much closer than you think.

This server is the one you talk to.

Now Google have some pretty smart engineers working for them. I like to think I'm a pretty smart engineer too, and if I were them, I'd create a proprietary protocol to share a massive cache of DNS information so that the really long chain of lookups that your ISP has to do is avoided. Also in this protocol, if any server detects a change in the information of a lookup, it updates the cache and pushes that change to other servers.

Ahh so it's not about giving the answer to you more quickly through more bandwidth or lower latency connections, it's about giving the answer to you more quickly using a shared cache with fewer intermediary lookups right?

Exactly. :)

Any other advantages?

Yes actually... One of the reasons I switched my networks to OpenDNS is that malicious sites are very quickly blocked off by the DNS provider. If a family member clicks on a link to a site that is sent by a friend, they get shown a page saying that the site is malicious, it might have a virus, or similar. Many browsers and anti-virus software does this for you, but you have to install large clunky software (like Norton), or a plugin on your browser. This saves having to install anything because it's handled by someone else (for free!).

Not only that, any malware that might get installed on your computer (that's been missed by my anti-virus software), may sit there benignly because my DNS provider has blocked it from accessing any thing. It's just another layer of awesome protection requiring little to no effort on your part.

So... why would a business like Google or OpenDNS offer such a service?

Well... Some say they are being very altruistic offering free services like this, but think of it this way. It's now not just every search you type that they could log, but every website you visit. Combine that information with your approximate geographic location, and that's some very powerful data you can sell to marketing companies who might be interested in setting up a shop in your city full of stuff you're interested in. Even if you use Yahoo, or Profusion, looking for a new car, they'll see you visit the car manufacturer's homepage because your computer uses their DNS server to find the "phone number" for that manufacturer's website.

Some call that evil, but you're just a freeloader if you want to use the service and prohibit them doing anything with it. Besides, Google or OpenDNS do not require you to use their service, so you're free to simply go back to your ISP. But who says your ISP isn't doing the same thing? And they're the ones with your home address...

If you're wondering what OpenDNS has to say about Google's competing product, David Ulevitch, founder of OpenDNS has left some of his thoughts, which, as they're coming from a competitor, should probably be taken with a grain of salt (though at the same time it doesn't make him wrong).

Currently OpenDNS offers a far superior product in terms of features; you can sign up to a free plan for fine grained control over sites, even compiling your own white / blacklists. More advanced features go up the scale as do price. But Google's product seems to reflect exactly what OpenDNS offers for free without registration; it is probably only be a matter of time before they roll a DNS dashboard into Google Apps and will be able to compete with OpenDNS's enterprise edition.