New Google Service: Public DNS

Menlo Park (ip-192.com): Google Public DNS is a new service that lets IT-Professionals and consumers use Google’s servers to resolve DNS queries. Google says that the new service will speed up the browsing experience and improve security. The primary and secondary DNS addresses used to configure the service are 8.8.8.8 and 8.8.4.4 respectively. The service competes directly with OpenDNS, which started to offer a fully configurable DNS resolver 4 years ago.

As web pages become more complex, referencing resources from numerous domains, DNS lookups can become a significant bottleneck in the browsing experience, according to Google. The Menlo Park based company says that it has implemented several approaches to speeding up DNS lookup times. They include:

• Provisioning servers adequately to handle the load from client traffic, including malicious traffic;
• Preventing DoS and amplification attacks. Although this is mostly a security issue, and affects closed resolvers less than open ones, preventing DoS attacks also has a benefit for performance by eliminating the extra traffic burden placed on DNS servers;
• Load-balancing for shared caching, to improve the aggregated cache hit rate across the serving cluster;
• Prefetching name resolutions, to overcome the limits of conventional, passive caching and aim to serve the majority of requests out of cache;
• Providing global coverage for proximity to all users;

Google also claims that the new service improves security by rejecting

• Unparseable or malformed responses;
• Responses in which the query ID, source IP, source port, or query name do not match those of the request;
• Records which are not relevant to the request;
• Answer records for which a CNAME chain cannot be reconstructed;
• Records (in the answer, authority, or additional sections) for which the responding name-server is not credible. Google say’s it determines the "credibility" of a name-server by its place in the delegation chain for a given domain. The service caches delegation chain information and verifies each incoming response against the cached information to determine the responding name-server's credibility for responding to a particular request.

Several bloggers say the biggest benefit may be that Google returns DNS error messages, which are suppressed by some ISP’s. However, they also state that they are concerned giving Google more information about browsing habits, regardless of the search engine they are using. Instruction on how to configure the new service on Routers and computers can be found here.

Google’s main competitor OpenDNS is currently resolving 20 billion DNS queries per day, and has 15 million end users. A response from OpenDNS founder David Ulevitch can be found here.