Google has just launched their own public DNS service, and appears to have focussed (now) competitor OpenDNS firmly in its crosshairs. We’ll get into that in a moment, but first, for those of you with a glazed look who are wondering “just what is DNS, and why should I care?”, a little tutorial on what DNS is, and why you should care.
With respect to just what DNS is, as we have written previously, DNS (Domain Name Service) is sort of like directory assistance for the Internet. When you type in to your web browser, for example, , your computer queries a DNS server and asks it “where does www.theinternetpatrol.com live?” The DNS server responds with the IP address associated with www.theinternetpatrol.com – let’s say for sake of example that it’s 127.0.0.1. Your computer then rings up 127.0.0.1, and voila, you’re at the TheInternetPatrol.com website.
Put another way, when you type www.theinternetpatrol.com into the navigation toolbar of your web browser, it is DNS that maps the domain name to its associated IP address (in the case of our example, 127.0.0.1) which uniquely identifies the computer from which the domain’s content – in this case the content of The Internet Patrol – is served.
This all happens when your computer contacts a DNS server, on which resides a copy of the vast (and we do mean vast) master database which holds all IP addresses on the Internet, cross-referenced with the names of the domains that they service.
And it happens magically because your computer either came pre-configured with default DNS server settings, your ISP configured them for you, or whomever set your computer up for you plugged in the address of one more DNS servers. It’s possible to change those settings on your computer so that your computer queries Google’s or OpenDNS’ copy of that database, but hey, if it ain’t broke, why would you want to do that?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Google’s new DNS offering of course promises to be bigger, better, faster, and it’s that last, in particular, which Google is offering front and center, explaining in a blog post today that “Today, as part of our efforts to make the web faster, we are announcing Google Public DNS, a new experimental public DNS resolver.”
Google then goes on to explain:
“We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users. To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community through our documentation:
– Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back.
– Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages.
– Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user’s browsing experience.
It is this last section, “Validity”, which has commentators (and OpenDNS themselves) believing that Google is gunning for OpenDNS, as OpenDNS is known for its method of redirecting users who mis-type the names of the domains that they are trying to visit, and displaying ad-laden pages instead of just telling them “oops, you blew it, try again.”
As we first explained last year, when a company named Barefruit offered a similar service to ISPs who wanted to take advantage of their users’ typographical blunders, “consider what happens when you enter a non-existent URL, or mistype the URL name. When DNS cannot map to a destination IP address, the browser most usually returns a page telling you “server not found”, so if you’re like me you can see you’ve made a mistake, smack your head, and enter the correct URL. And here’s where the ISPs, notable among them Earthlink, started to get clever. Instead of merely telling you that they couldn’t find the server you requested, they intercepted the returned error message and provided you instead with a Web page originating from Barefruit, one of their ad partners, giving a list of sites for which you may have been looking, a search box and some Yahoo ads.” (You can read that full article here.)
Verizon also started doing this with their own version of redirection, which they helpfully provided as the default for their Internet users (you can read about that here.)
But back to OpenDNS. While they are known for redirecting browsers when a URL is mistyped, they are not generally considered evil and, in fact, their users overwhelmingly love them. And OpenDNS founder David Ulevitch is quick to point out in a blog post today that “Google claims that this service is better because it has no ads or redirection. But you have to remember they are also the largest advertising and redirection company on the Internet. To think that Google’s DNS service is for the benefit of the Internet would be naive. They know there is value in controlling more of your Internet experience and I would expect them to explore that fully. And of course, we always have protected user privacy and have never sold our DNS data.”
Ulevitch goes on to point out that there are substantial and important differences between Google’s new DNS offering (considered to be in beta), and OpenDNS’ services, not the least of which include that “when you use Google DNS, you are getting the experience they prescribe. When you use OpenDNS, you get the Dashboard controls to manage your experience the way you want for you, your family or your organization.”
Why you should care – or – should you? Here’s the thing that we think is lost in all of this: the average end user not only doesn’t give a rat’s hindquarters about DNS – they don’t even know know that the rat exists, let alone what DNS is. And even if they do know what DNS is, they probably have no idea that they can change their DNS settings on their computer – that they can change which DNS server their computer queries to find out where Aunt Bessie’s Craft Corner exists on the Internet. They just want to get to the site, they don’t really care how they get there.
In short, the average Internet user isn’t going to know or care about DNS, and they sure as heck aren’t going to rush to their computer and switch their DNS settings to either Google or OpenDNS.
That means that either Google is in it for the hearts and minds of the enterprise (business) community, whose IT people do know and care (some quite deeply) about DNS, or, this really is just an experimental thing that they are doing, to see where it leads.
Either way, it will be interesting to see how it shakes out.
One thing that Google does get immediate kudos for is having their DNS servers have very easy to remember IP addresses – just one read and we’ll remember them always: 8.8.8.8 and 8.8.4.4
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
I laughed out loud when I read about the end users not giving a rats hindquarters about what DNS is or what it does. I agree with that for sure. I opened up a free account with OpenDNS last night because I do care about DNS and the biggest reason was for filtering out of adult rated websites etc. Very good article.
The former CEO of Google is now on Obama’s team. I do not trust a business which keeps records of all searches and which is associated with any politician.
I’ve been using OpenDNS for almost a year. Yes, if a page doesn’t exist of course I get redirected, but RR did the same thing. I believe my service is a ‘little’ faster with OpenDNS.
Privacy, we all (in the IT industry) know that is almost a non-issue. All we can do is use some control over what we say and do online.
I couldn’t agree more about the average user. As long as the computer works, they can use the Internet, all is well.
Thanks for the good info Anne.
BTW, I found this on Twitter.