After the launch of Google Public DNS, I asked Google a couple of questions that I'm sure many of you may be wondering about the service.
The first question I asked centered around what makes Google Public DNS faster than using a local cache. The second question is about privacy -- what kind of information does Google collect from users of this service?
1) What makes this faster than a local cache
- The service is not just about speed, it's also about security, and the validity of responses
- In terms of speed, we are prefetching queries and keeping a large number of domains in our cache to ensure we can return responses in the time it takes to reach a Google Data Center
- Every DNS query has a Time To Live.
- For example, google.com might return a time to live for 300 seconds for which time you can keep the query in your cache.
- Most resolvers: After 300 seconds, if a user asks the question again, your resolver will traverse the web to find the answer.
- Google Public DNS: Before the 300 seconds expires, Google asks the question again, regardless of the end user asking us. This makes sure we keep our cache warm.
- Packet loss: In addition, since DNS runs on the UDP protocol which does suffer from packet loss, we treat the packets very safely and decouple our finding the answer from the user asking the question. This reduces packet loss rate and the requirement to retransmit and wait for an answer.
2) What type of information Google will be gathering from users who use this service
- We are equally concerned about this issue so we went out of our way to detail exactly what we're doing with privacy here: code.google.com/speed/public-dns/privacy.html
- Our goal is to make the web faster; not to collect end user data.
- IP address information is only kept for 24-48 hours in case we need to detect malicious use (such as Denial of Service attacks)
- After 48 hours the IP is discarded
- For 2 weeks, we keep your ISP and geolocation information (such as Comcast from San Fran)
After 2 weeks, we further randomly downsample that
- We promise to NEVER correlate any of these logs with any other logs we keep for any other products
So, if you're looking for a speedy, and secure DNS resolver, you should try Google Public DNS. I've been using it since it was released, and haven't had any problems yet. As far as speed is concerned, I think initially it seemed faster, but after some use I'm not really noticing a huge difference.