Home & Office

Is Google DNS for your enterprise?

Secure company networks and educate workers on safe surfing habits to minimize risk from users switching to Google's public DNS, advises analyst.
Written by Victoria Ho, Contributor on

Companies should focus on securing their networks and educating workers on "safe surfing" habits, to minimize possible security leaks from users switching to Google's public DNS, advised an analyst.

The search giant last week launched a new public DNS service, allowing users to switch their DNS settings from default ISP-assigned servers to Google's DNS resolver.

Nupur Singh Andley, senior research analyst at Springboard Research, said in an e-mail interview that enterprises face security and privacy leaks related to employees who use Google's service to circumvent company-blocked sites.

This also brings about a loss in productivity, said Andley, since the blocked sites are typically e-mail and social networking sites that tend to consume one's attention.

"[Nonetheless], many employees are not expected to make the effort to work around their corporate security [just] to reach blocked sites, especially when they can visit these sites during their off-hours," he said.

Companies should also work to ensure their data is kept secure, as well as update training processes with these new forms of leaks to keep "safe surfing" habits in check, the analyst said. "It comes down more to people and processes than technology," noted Andley.

Boosting DNS security
In an e-mail response to ZDNet Asia, a Google spokesperson said its new service is aimed at beefing up DNS-related security vulnerabilities.

"DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and route all its users to a malicious Web site," he said. Google's DNS attempts to check the integrity of requests by including additional data in its DNS messages, which are then matched to incoming responses, the spokesperson explained.

The DNS service is also aimed at providing faster resolves, through prefetching and caching records, said the Google executive. "Resolver-side cache misses are one of the primary contributors to sluggish DNS responses... [Prefetching and caching] allow Google to serve many DNS requests in the round-trip time it takes a packet to travel to our servers and back," he said.

According to Andley, while the service would likely mean a faster Internet experience for users, it introduces "one more aspect enterprises have to factor into their security plans and manage". "One has to wonder if the benefits outweigh the additional management needed," he noted.

Competitor, OpenDNS, offers a third-party DNS service that makes money from redirecting non-existent URLs to an ad-supported search page.

Its founder David Ulevitch, wrote in a blog post following Google's DNS announcement: "Google is bringing awareness to a wide audience that there is a choice when it comes to DNS, and that users don't have to settle for what their ISP provides."

A crop of speed-related DNS articles has also since surfaced in public, appearing to target consumer concerns on addressing DNS-related slowdowns. One blog post, for example, explains how users can benchmark their DNS servers to find the fastest resolver, while another article highlights a downloadable program that performs the same function.

Editorial standards