Google launches Google Public DNS (with warning!)

Discussion related to network/web services such as Apache, BIND Sendmail, etc.

Google launches Google Public DNS (with warning!)

Postby DutchDaemon » 03 Dec 2009, 19:31

There already is OpenDNS, and now there is Google Public DNS. Google promises not to redirect or intercept any DNS lookup (as opposed to OpenDNS) whether it succeeds or fails. Here is the associated privacy policy.

See post #8 for a serious warning about using this service.
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby graudeejs » 03 Dec 2009, 19:43

Call me paranoid, but Google is taking over the world..... slowly.....
User avatar
graudeejs
Style(9) Addict
 
Posts: 4591
Joined: 16 Nov 2008, 23:23
Location: Riga, Latvia

Postby DutchDaemon » 03 Dec 2009, 19:44

I think you're wrong.

It's not slowly.
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby oliverh » 03 Dec 2009, 20:00

Maybe we see the advent of a new evil empire ;-)
What was the goal of the Linux community--to replace Windows? One can imagine higher aspirations., Bill Joy
User avatar
oliverh
Member
 
Posts: 557
Joined: 16 Nov 2008, 19:21
Location: 127.0.0.1

Postby aragon » 03 Dec 2009, 20:21

Isn't the whole point of distributed DNS to maintain speed and resilience? Kudos to google for thinking up cache prefetching, but I think the world would be better served by the code rather than their service.
aragon
Giant Locked
 
Posts: 2031
Joined: 16 Nov 2008, 17:04
Location: Cape Town, South Africa

Postby graudeejs » 03 Dec 2009, 20:39

Soon we'll pay Google license fee for using dns
User avatar
graudeejs
Style(9) Addict
 
Posts: 4591
Joined: 16 Nov 2008, 23:23
Location: Riga, Latvia

Postby DutchDaemon » 03 Dec 2009, 20:46

Well, Google's datacenters are pretty well distributed globally, so you can assume that their DNS servers have speed and resilience. The 8.8.x.x IP addresses are simply routed to the nearest host by the nearest BGP router. They're < 20 ms from me anyway (probably AMS-IX and/or UK/Ireland).
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby DutchDaemon » 03 Dec 2009, 21:40

Ok, first major (and to me: fatal) error found: Google Public DNS appears to filter out any replies that start with 127.x.x.x, except 127.0.0.2. Logical as that may sound (it's not a publicly routable network), all spam blacklists (Spamhaus, etc.) use 127.x.x.x return codes on queries that are 'hits' (i.e. spam IP addresses). A lot of them do not only use 127.0.0.2 to report a 'hit', but also 127.0.0.3 and up to report different kinds of hits (like on combined blacklists like zen.spamhaus.org). All of these 'higher numbered hits' fail.

Spamhaus case (uses 127.0.0.x return codes):

Using Google DNS:
Code: Select all
# dig A 193.97.250.77.zen.spamhaus.org +short
(nada)


Not using Google DNS:
Code: Select all
$ dig A 193.97.250.77.zen.spamhaus.org +short
127.0.0.[B]11[/B]


SpamCop case (uses 127.0.0.2 return codes):

Using Google DNS:
Code: Select all
# dig A 206.115.50.94.bl.spamcop.net +short
127.0.0.2


So if you're using any form of 'multiple return code' blacklisting (SpamAssassin with DNS blacklists, milters with DNS blacklists, etc.), do not use Google Public DNS or you're likely to get hit with spam.
User avatar
DutchDaemon
Old Fart
 
Posts: 10463
Joined: 16 Nov 2008, 20:17
Location: The Netherlands

Postby graudeejs » 03 Dec 2009, 21:51

Which reminds me little off topic...
http://www.google-watch.org/gmail.html
especially section "Privacy: Not enough, and too much!"

ye, i'm using gmail as well, but only because I can't find any free imap mailbox



EDIT:
It looks like google is supporting spammers
User avatar
graudeejs
Style(9) Addict
 
Posts: 4591
Joined: 16 Nov 2008, 23:23
Location: Riga, Latvia


Return to Web & Network Services

Who is online

Users browsing this forum: No registered users and 2 guests