Google launches Public DNS
Google has launched its own public domain name system resolver, Google Public DNS, on Thursday, saying that it is designed to speed web browsing and improve security.
DNS is the service that converts human-readable Internet addresses into numeric versions acted on by routers, and is normally provided by ISPs to their clients.
"The average internet user ends up performing hundreds of DNS lookups each day, and some complex pages require multiple DNS lookups before they start loading," said Google product manager Prem Ramaswami in a blog post. "This can slow down the browsing experience... Over the past several months our engineers have been working to make improvements to our public DNS resolver to make users' web-surfing experiences faster, safer and more reliable."
The company will use its own DNS servers to resolve queries from computers using Google Public DNS. In its Thursday announcement, Google said that page loading performance would be improved by provisioning and load balancing its servers, and by minimising denial of service attacks.
Google will also experiment with pre-fetching name resolutions to speed page loading, loading translations into its cache before they are asked for, in the expectation that they will be required.
Google Public DNS does not support DNS security extensions (DNSSEC), a protocol that guarantees the integrity of DNS data and prevents cache poisoning — a vulnerability in DNS where attackers can insert misdirection information that hijacks user requests.
The company said it has implemented basic validity checking of response packets and nameserver credibility, to guard against poisoning, and is adding entropy to requests through measures including randomising source ports and nameservers. This makes requests harder to target by attackers, Google said.
Google Public DNS will collect IP address information for the user computer, but this will be deleted after a maximum period of 48 hours. Permanent logs will be kept of ISP and location information, but this information will not be combined with other user information, said Google, and the service will comply with the company's privacy policy.
"We don't correlate or combine your information from these logs with any other log data that Google might have about your use of other services, such as data from web search and data from advertising on the Google content network," according to a post on the Google Public DNS privacy page. "After keeping this data for two weeks, we randomly sample a small subset for permanent storage."
Google's free open resolver is a rival to other open DNS resolvers already available, including Open DNS.
OpenDNS founder David Ulevitch said in a blog post on Thursday that Google may use data generated from DNS resolution.
"Google claims that this service is better because it has no ads or redirection," wrote Ulevitch. "But you have to remember they are also the largest advertising and redirection company on the internet. To think that Google's DNS service is for the benefit of the internet would be naive."
OpenDNS redirects users to landing pages with advertising when queries fail to resolve.