1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google launches Google Public DNS (with warning!)

Discussion in 'Web and Network Services' started by DutchDaemon, Dec 3, 2009.

  1. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,618
    Likes Received:
    14
    There already is OpenDNS, and now there is Google Public DNS. Google promises not to redirect or intercept any DNS lookup (as opposed to OpenDNS) whether it succeeds or fails. Here is the associated privacy policy.

    See post #8 for a serious warning about using this service.
     
  2. graudeejs

    graudeejs Member

    Messages:
    4,594
    Likes Received:
    0
    Call me paranoid, but Google is taking over the world..... slowly.....
     
  3. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,618
    Likes Received:
    14
    I think you're wrong.

    It's not slowly.
     
  4. oliverh

    oliverh New Member

    Messages:
    557
    Likes Received:
    0
    Maybe we see the advent of a new evil empire ;-)
     
  5. aragon

    aragon New Member

    Messages:
    2,031
    Likes Received:
    0
    Isn't the whole point of distributed DNS to maintain speed and resilience? Kudos to google for thinking up cache prefetching, but I think the world would be better served by the code rather than their service.
     
  6. graudeejs

    graudeejs Member

    Messages:
    4,594
    Likes Received:
    0
    Soon we'll pay Google license fee for using dns
     
  7. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,618
    Likes Received:
    14
    Well, Google's datacenters are pretty well distributed globally, so you can assume that their DNS servers have speed and resilience. The 8.8.x.x IP addresses are simply routed to the nearest host by the nearest BGP router. They're < 20 ms from me anyway (probably AMS-IX and/or UK/Ireland).
     
  8. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,618
    Likes Received:
    14
    Ok, first major (and to me: fatal) error found: Google Public DNS appears to filter out any replies that start with 127.x.x.x, except 127.0.0.2. Logical as that may sound (it's not a publicly routable network), all spam blacklists (Spamhaus, etc.) use 127.x.x.x return codes on queries that are 'hits' (i.e. spam IP addresses). A lot of them do not only use 127.0.0.2 to report a 'hit', but also 127.0.0.3 and up to report different kinds of hits (like on combined blacklists like zen.spamhaus.org). All of these 'higher numbered hits' fail.

    Spamhaus case (uses 127.0.0.x return codes):

    Using Google DNS:
    Code:
    # dig A 193.97.250.77.zen.spamhaus.org +short
    (nada)
    Not using Google DNS:
    Code:
    $ dig A 193.97.250.77.zen.spamhaus.org +short
    127.0.0.[B]11[/B]
    SpamCop case (uses 127.0.0.2 return codes):

    Using Google DNS:
    Code:
    # dig A 206.115.50.94.bl.spamcop.net +short
    127.0.0.2
    So if you're using any form of 'multiple return code' blacklisting (SpamAssassin with DNS blacklists, milters with DNS blacklists, etc.), do not use Google Public DNS or you're likely to get hit with spam.
     
  9. graudeejs

    graudeejs Member

    Messages:
    4,594
    Likes Received:
    0
    Which reminds me little off topic...
    http://www.google-watch.org/gmail.html
    especially section "Privacy: Not enough, and too much!"

    ye, i'm using gmail as well, but only because I can't find any free imap mailbox



    EDIT:
    It looks like google is supporting spammers