Thursday, December 03, 2009

Introducing Google Public DNS: A new DNS resolver from Google

Today, as part of our efforts to make the web faster, we are announcing Google Public DNS, a new experimental public DNS resolver.

The DNS protocol is an important part of the web's infrastructure, serving as the Internet's "phone book". Every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they complete loading. As a result, the average Internet user performs hundreds of DNS lookups each day, that collectively can slow down his or her browsing experience.

We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users. To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community through our documentation:
  • Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.

  • Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.

  • Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience.
We hope that you will help us test these improvements by using the Google Public DNS service today, from wherever you are in the world. We plan to share what we learn from this experimental rollout of Google Public DNS with the broader web community and other DNS providers, to improve the browsing experience for Internet users globally.

To get more information on Google Public DNS you can visit our site, read our documentation, and our logging policies. We also look forward to receiving your feedback in our discussion group.

116 comments:

  1. But when will I be able to drink in a Google managed coffee shop?

    ReplyDelete
  2. Wow this is great, I've been using OpenDNS for a while but I've been disappointed that occasionally I will type an invalid domain name and get redirected to their search engine... before that, it was my ISP.

    Glad to hear I can get expected responses when querying for a domain that doesn't actually exist.

    ReplyDelete
  3. Why did Google not join forces with Open DNS and other similar efforts?

    ReplyDelete
  4. Haha, I would love some Google mocha, but back on the matter at hand, I think that a nice fast DNS resolver is great, but the only concern I have is with how the dns query data is handled. Is it logged? Is it disposed of immediately (as should be to avoid any privacy concerns)? I dont want my browsing habits scrutinized by someone who happens to be able to see what IP my google account is logged into, *and* can see what DNS queries my IP is making... All I am saying is that when low level services are managed by people with access to high level information, privacy and annonymity are due to take a hit.

    ReplyDelete
  5. हिन्दी में यह वृत्त पढनेपर बडी प्रसन्नता तो हुई, पर समझ बहुत कम पाया। फिर भी, बधाई हो!!

    ReplyDelete
  6. Voila!

    What I have been waiting for a long time.

    ReplyDelete
  7. What steps will Google be taking to protect the privacy of people using this service? Will you be caching logs of lookups and associating them with people's Google accounts, thusly giving a complete view of all Internet activity coming out of any given machine?

    ReplyDelete
  8. I've added the DNS to my router, and connections have doubled in speed!

    If I type single words into my firefox adress bar, I does however take quite a while before the dns returns a lookup error, and firefox redirects me to the 'feeling lucky' I wanted.

    ReplyDelete
  9. I am also curious about the privacy implications...

    ReplyDelete
  10. No IPv6 support, either as server or client :-(

    $ dig @8.8.8.8 mirror.ipv6.chaz6.com. in aaaa | grep status
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32325

    $ dig @bind.odvr.dns-oarc.net. mirror.ipv6.chaz6.com. in aaaa | grep status
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10201

    ReplyDelete
  11. Congrats guys. 8.8.8.8 nice IP :)

    ReplyDelete
  12. I've been using 8.8.8.8 for a couple of months now... works great.

    ReplyDelete
  13. Great news...just started using the DNS...have to see if its really faster...

    ReplyDelete
  14. wonderful to follow users requests... I'll never use it.

    ReplyDelete
  15. Privacy is a main issue here, I mean, if your browsing history is logged then this looks like 1984 to me...

    ReplyDelete
  16. I'll check it out... yay! for upgrades.

    ReplyDelete
  17. Using it now, I seriously see no difference in speed.
    Its always been fast anyway...

    ReplyDelete
  18. http://code.google.com/speed/public-dns/faq.html

    For those people raising privacy questions, read the FAQ they do log, but IP address info for you computer is only kept for 48 hours then deleted...

    ReplyDelete
  19. Comodo secure dns > google dns
    http://www.comodo.com/secure-dns/

    ReplyDelete
  20. 48 hours is acceptable, as long as that info is not aggregated with any other user data. Promise thats how it is?

    ReplyDelete
  21. Main thing I'm interested in is how to refresh Google's cache. I regularly am migrating clients to different providers (mail, web, etc.) and the OpenDNS ability to refresh their cache immediately is quite handy.

    ReplyDelete
  22. "Today, as part of our efforts to make the web faster,"

    More like your efforts to take over the world! Google, I'm keeping my eye on you.

    *puts on til-foil hat*

    ReplyDelete
  23. REALLY NICE.. I HAVE ACTIVATED IT....

    ReplyDelete
  24. Whoa - considerably faster than O2's UK DNS servers. Good stuff Google!

    ReplyDelete
  25. @dave: Right in the main post is a link to http://code.google.com/speed/public-dns/privacy.html which directly answers your questions. Why don't you read it?

    (But because you probably won't: No, nothing is aggregated.)

    ReplyDelete
  26. This is good stuff! Love it!

    ReplyDelete
  27. I think it's time, that OpenDNS providers block Google for 2-3 days, so Google will stop this project and improve open DNS service instead. "We are evil" should be the new google slogan...

    ReplyDelete
  28. It would be cooler if they were white-listed with themselves for AAAA lookups, seeing as they are already anycast :D

    ReplyDelete
  29. @pkasting I had already read that, I was simply saying that caching of user data from DNS queries is OK for 48 hours like they say *because* they are not aggregating it with personal userdata from the other google services. The little question at the end was more of a joking "are you sure?" (said like a naive child) than anything serious. I have been using Google's wonderful products since the day that they started letting us have access to their infant search system way back in the day. If I didnt trust them to be responsible with any info that they gleen from my computer usage habits, I wouldnt be anywhere near this site (they can see my IP!! and stuff...). lol On a serious note, I only raised the concern because this type of issue is something that we have to worry about, even with a privacy policy put up saying that such things will never happen. Caution is our only ally some days.

    ReplyDelete
  30. Ping times for google seem slower than open DNS for me. I'm in San Francisco, getting 64ms from google, 13ms from openDNS.

    Is there a better way to measure DNS speed?

    ReplyDelete
  31. isto e otimo com costantes falhas da speedy da telefonica uma outra opicão e muito bom

    ReplyDelete
  32. The few tests I tried, OpenDNS was faster.

    ReplyDelete
  33. I think the real point of this is to add yet another stream of information about you that Google can use to target ads.

    ReplyDelete
  34. how a bout new website ? how long it takes that a new website add to the google DNS ?

    ReplyDelete
  35. This rocks! Thank you so much:)!

    ReplyDelete
  36. Thanks to Google, Better and Better surfing speed each time....well...download i think its not effected.

    ReplyDelete
  37. Chaz6... in fairness, I think that the DNS for that domain is just broken.

    From Comcast:
    % dig @68.87.69.146 mirror.ipv6.chaz6.com in aaaa | grep 'status'
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32642

    From a local Seattle-area ISP:
    % dig @ns1.eskimo.com mirror.ipv6.chaz6.com in aaaa | grep 'status'
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12524

    Meanwhile, another query for an IPv6 address via Google DNS turns up okay:
    % dig @8.8.8.8 ipv6.research.microsoft.com in aaaa | grep 'status'
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18117

    ...I think chaz6.com's DNS is to blame, not Google's.

    ReplyDelete
  38. Unfortunately Goodle DNS has the same problem with
    OpenDNS, i.e. where the websites use region specific
    cache servers such as akamai.

    Worse still is when the ISPs use some forms of
    cache proxy servers. E.g. here in NZ, OpenDNS and now
    Google DNS cannot server these sites correctly. One
    example is engadget.com. Pity.

    ReplyDelete
  39. How long until Google includes their own top-level domains in their DNS, bypassing ICANN completely?

    ReplyDelete
  40. This comment has been removed by the author.

    ReplyDelete
  41. @shutteresque

    That is because none of those dns servers are ipv6-connected. The dns servers authoritative for ipv6.chaz6.com. are not reachable with ipv4. There is a difference between having an AAAA record and being able to reach DNS servers over IPv6.

    Try `dig +trace ipv6.chaz6.com. in ns` and then look up the addresses of those dns servers.

    ReplyDelete
  42. I wonder how long it will be before Windows will come preloaded with Microsoft ran DNS severs....

    ReplyDelete
  43. Instead of a coffee shop, wouldn't a kool-aid stand be more appropriate?

    ReplyDelete
  44. seems faster and snappier to me sweet !!!

    ReplyDelete
  45. This comment has been removed by the author.

    ReplyDelete
  46. This comment has been removed by the author.

    ReplyDelete
  47. chriscut said...

    "I wonder how long it will be before Windows will come preloaded with Microsoft ran DNS severs...."


    Those servers will run Linux.

    ReplyDelete
  48. a utility to see the speed difference would make this more convincing from an end user perspective.

    ReplyDelete
  49. ummm I want/need filters on you-know-what...I guess I will stay with OpenDNS

    ReplyDelete
  50. Hilarious people thinking Google needs their private information so bad...

    1. Redirect is to google search. More you use Google search, and better Google search is to the websites you want with Google adverts... the more they make money.

    2. Really? trust openDNS more than Google? Who stands more to loose if they do something crazy?

    3. The faster and more ubiquitous the internet is... the more people use
    it... the more people use Google and the more adverts served up by Google people see.


    Sure, be wary of any company... but most of the concerns people throw out are purely reactionary and thoughtless.

    Think more Skynet than Cruella ;o)

    ReplyDelete
  51. kiwi on the run, the problem with servers like akamai is that you are in NZ. They are not designed to serve you. They are local servers.

    ReplyDelete
  52. All your IP belong to us.

    ReplyDelete
  53. For these who advocate OpenDNS, I used them for a while, then discontinued. There are too many unknowns, and I deem their policies unacceptable for me.

    ReplyDelete
  54. Is this an alternative to DNSSEC? What are other Alternatives?

    ReplyDelete
  55. Woo. That's great. I've try configuration with Google DNS and it's running faster than OpenDNS (Vietnam network).
    Thanks :)

    ReplyDelete
  56. nifty, but broken in it's implemnentation because it fills it's own cache from diseperate locations. This is going to cause problems for any large network which uses anycast dns to ensure clients are routed to the nearest network resource.

    ReplyDelete
  57. we need a proxy as well
    (there is no better way to listen to traffic )

    ReplyDelete
  58. I've been using OpenDNS for 2+ years, love the service, but looking for some change. I like the filter options they got, but that's not really all I use it for....I got a hosts file + Peerblock for that kind of stuff anyhow....

    I think I'll give Google DNS a whirl/test just to see how I like it. Sort of a "vacation" from the "web search" redirects for NXDOMAIN sites, etc that I encounter, fighting spam domains at inboxrevenge forums :)

    ReplyDelete
  59. we're need completely new dns system

    ReplyDelete
  60. This comment has been removed by the author.

    ReplyDelete
  61. @Google, why should I switch from OpenDNS.com to GoogleDNS? What's the benefit?

    ReplyDelete
  62. When is Google going to make oil that doesn't need to be changed?

    ReplyDelete
  63. Im going to try it on http://www.stateyourbeef.com/
    Ill let you know how it work's

    ReplyDelete
  64. @Sam Barnum
    From Italy, connected directly with fiber:

    srv-italy:~# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=247 time=16.3 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=247 time=17.8 ms

    srv-italy:~# ping 208.67.222.222
    PING 208.67.222.222 (208.67.222.222) 56(84) bytes of data.
    64 bytes from 208.67.222.222: icmp_seq=1 ttl=54 time=31.7 ms
    64 bytes from 208.67.222.222: icmp_seq=2 ttl=54 time=31.9 ms


    And:
    first time:
    srv-italy:~# time host microsoft.com 8.8.8.8
    real 0m0.275s
    srv-italy:~# time host microsoft.com 208.67.222.222
    real 0m0.104s

    next one:
    srv-italy:~# time host microsoft.com 8.8.8.8
    real 0m0.061s
    srv-italy:~# time host microsoft.com 208.67.222.222
    real 0m0.118s

    No one at 8.8.8.8 query microsoft.com before myself? :)

    ReplyDelete
  65. @Dave:
    watch out for the word "free" !
    Sure they are logging everything..
    Your mail with gmail, your browsing everytime you use google, and almost 70% of the sites out there use adsense, so your presence there is already logged.

    ReplyDelete
  66. This comment has been removed by the author.

    ReplyDelete
  67. TO answer all privacy concerns, why would google be more likely to keep data than the provider of your current DNS. Would Google jeopardise their position by being untrustworthy.

    ReplyDelete
  68. I'm not sure I understand what Google are doing here??

    Is this just (and only) for browsing the internet? I.e. I type www.domain.com into the browser, then I bypass looking at that domains chosen NS for the host servers IP address, in favour of Google doing a live look-up on it?
    If so... hmmm...
    I just can't see that Google can do a look-up and quicker than a decent ISP, especially not if I want a UK site on a UK ISP.

    Perhaps I'm barking up the wrong tree, but I currently don't understand.

    Cheers Google for making this new venture clear to us end users.

    ReplyDelete
  69. Great news! Hope combined with SPDY, the web may be more twice as faster as its now :-)

    Cheers !

    ReplyDelete
  70. Sounds great!! 와...정말 구글의 서비스정신이 어디까지 갈지 궁금합니다. 구글 멋져요.

    ReplyDelete
  71. Why there is not DNSSEC validation on this resolvers? There is several TLD domains with working DNSSEC. For example "cz" TLD..

    ReplyDelete
  72. intersting ip Address : 8.8.8.8 and 8.8.4.4
    cheers

    ReplyDelete
  73. Personally, I would love to see Google start its own Internet.

    Now that would be special.

    ReplyDelete
  74. This is intimately connected wit the recent patent awarded on using a top level domain as a url shortener. See http://news.ycombinator.com/item?id=974111

    Google will probably just buy these guys and own the whole DNS / tinyurl space.

    ReplyDelete
  75. Wow. it is fast. I compared time for DNS queries...

    Google (8.8.8.8)
    0.032488
    0.032382
    Local ISP
    0.182394
    0.287977

    ReplyDelete
  76. Perhaps we will all benefit in the end with more DNS resolvers available to us. But I am afraid of Google taking over the world, beginning with me.. Bottom line, is it faster than OpenDNS? Will give it a bash.

    ReplyDelete
  77. I don't think it is gonna benifit much for asia-pac region users. A normal RTT to mentioned server is much higher.

    ReplyDelete
  78. Nice services....

    ReplyDelete
  79. dammit... there goes google being ambitious/effective again. maybe bill gates should surrender before it gets too bad(?)

    ReplyDelete
  80. Google has more resources and it is the best at everything that it provides...so it will be definitely better than Open DNS

    ReplyDelete
  81. After scanning our emails from gmail, know what we like on youtube, our profiles on orkut ... now they want to know about our site ... GOOGLE is a weapon for New World Order NWO

    ReplyDelete
  82. I would LOVE some Google hostedDNS like fx. DNSMadeEasy.com or the danish registrar GratisDNS.dk

    Thanks Google!

    ReplyDelete
  83. nice I love google it works well

    ReplyDelete
  84. Thanks and I have tested google DNS seems to be working alright from Sri Lanka via Mobitel HSDPA connection. I have used openDNS in the past. I just want to make sure things are clear to me. What makes Google DNS better than others like OpenDNS? or provided by ISP? (Internet Service Providers) DNS?

    ReplyDelete
  85. defently gonna try see what this can bring about :o

    ReplyDelete
  86. Is is possible to configure our own custom domain names in the DNS server ?

    As for example, if I need to check whether my application (hosted on a web server on my server) benefits from Google's DNS server in terms of performance, can I configure my own domain name/IP address combination ?

    ReplyDelete
  87. This comment has been removed by the author.

    ReplyDelete
  88. wow, I love this idea and experiment. I like web to be faster

    ReplyDelete
  89. im ok with my current speed,plus most of time taken to load a page is not the DNS resolution but rather latency from throughput restrictions. This is another clear cut example of why we should not just believe everything google says.

    thanks but no thanks goog.

    ReplyDelete
  90. Good effort.... Speedup the web experience...but don,t forgate IPV6... future of Tomorrow's Internet.

    ReplyDelete
  91. WOW! YouTube got faster when i use GoogleDNS

    ReplyDelete
  92. I've been using 4.2.2.1 - 4.2.2.6 for a few years. It works beautifully. Also I've noticed that Cox Cable's DNS servers are public too. I don't even use my isp's dns servers (bellsouth, now AT&T) because I know they're overloaded. Weren't the IP's it uses (8.8.8.8 and 8.8.4.4) part of IBM's Global Services, or am I thinking of 9.0.0.0?

    ReplyDelete
  93. I've been using Open Dns because its fast and I can block categories of servers (adult, pornography, parked domains) and 8.8.8.8 will be easy to remember, but it appears to be a bit slower than Open DNS. Since I'm about all things Google I'm glad to help test.

    ReplyDelete
  94. This is very nice, i have tested some domains and seeming very fast resolver as compared to others like openDNS and my own ISP.... :). Keep it up nice work. Now need some security implementations...

    Regards
    Mushtaq

    ReplyDelete
  95. nice IP, I'm trying, it's good ...

    ReplyDelete
  96. I also make a try!

    Thanks Google for this new update!

    ReplyDelete
  97. google are the king of search. Any DNS request relies on search technology. This is why Google is faster than your local ISP. Did you read the article? They can provide DNS lookup in the time it takes a packet to do a round trip.

    Privacy concerns will be exactly the same as with any other google services (gmail, blogger, youtube, even search). If you dont like it, dont use it. easy.

    Also,
    * they only know your ip address, not you.
    * your ip address identifies your computer, not you.
    * your data on your computer is just as accessible to anyone else as it is to google.
    * anything you send to google will be accessible by google.
    * If you dont want google to see what sites you visit, dont use google dns. (your ISP probably logs it anyway)

    ReplyDelete
  98. This has been around so long, and many of us actually saw this coming, this is part of the Open Roots, and is not new at all. Actually in retrospec, they are do nothing more then what is already in place on a global scale. The only question I have for Google, is are you going to handle the other TLD's and HOW? Are you conforming to the ICANN way of life, or are you actually going to use the inclusive name spacing? Hope you guys did your homework.

    12/08/2009 7:21 PM

    ReplyDelete
  99. Thanks Google for this new update! Very Good.

    ReplyDelete
  100. DNS safety measures are essential for authentication, data integrity and denial of existence. I am associated with Domain Names, Web Hosting and Online Marketing Services. Your information will be quite supportive to me. Thanks for sharing your this valuable news.
    Network Solutions Coupons

    ReplyDelete
  101. Hi,

    Good one on Introducing Google Public DNS: A new DNS resolver from Google.If you are interested in developing a home based business then http://debtfreeliving.ilovesuccess.net can help you. They provide a Top Rate ethical home-based business that you can enjoy from the comfort of your own home.

    Thanks,
    Camilynn

    ReplyDelete
  102. I'd been using Google Public DNS since Dec 24th 2009, and I'm not at all impressed. The biggest issues I had with it is that it made google websites and services mostly fail. google.com, gmail, googleanalytics which a lot of sites have used now, would all not work most of the time. I switched back to my own in-house DNS after getting them back up after some major overhaul work to my servers and I was back in business no problem.

    I don't know why specifically Google's Public DNS would not work for their own sites, but wow, that was not very fun at all once I realized the cause was the DNS. I'd have never suspected it.

    ReplyDelete
  103. ya it is good work to speed the web also catch the data what people searching and which are new website user using.... A NEW APPROCH TO FIND NEW TRENDS...

    ReplyDelete
  104. Nice tips, thanks

    ReplyDelete
  105. where i can get free domain for my blog in blogspot?

    ReplyDelete