Home / Blogs

Google's New Public DNS Service - and Data Retention Issues

In a move potentially of significant importance to the vast majority of Internet users who do not run their own DNS servers to resolve Internet site domain names, Google has announced their own publicly accessible DNS service.

Unlike some other publicly accessible DNS services that may redirect nonexistent domain queries for advertising purposes, Google explicitly states that "Google Public DNS never blocks, filters, or redirects users."

This is a key point for users who by default are configured to resolve their Internet DNS queries through sometimes restrictive ISP DNS services that may redirect or even block some DNS queries.

Using a different DNS service is usually as "easy" as changing the IP addresses in your OS DNS settings, but note that if your ISP is actually diverting the TCP/IP ports that DNS uses to communicate, it will be impossible for you to switch DNS servers through normal mechanisms. (For more information on testing for this condition, please see my Testing Your Internet Connection for ISP DNS Diversions page.)

A concern that frequently arises with DNS services is their logging policies. A DNS server potentially can gather a great deal of information about the Internet sites that you use. Both some ISPs and particular public DNS services have been criticized for their DNS data retention policies, which sometimes provide for indefinite or long retention of full DNS logging data.

Google has obviously recognized the sensitivity of this issue. Their separate privacy policy for the Google Public DNS strikes me as utterly reasonable, particularly given its very rapid (24-48 hours) deletion of what I would consider to be the key privacy-sensitive data.

No doubt this won't satisfy some hard-core Google haters, who will either suggest that Google shouldn't log any DNS query data even for a very short period of time — or will simply claim that Google is lying about their privacy and data retention policies.

But I view graduated "data destruction" policies such as this one announced by Google as being completely appropriate to provide for reasonable research purposes without unreasonably impacting user privacy concerns. I can't help those critics who seem to cynically assume that Google is a serial liar about their privacy or other policies, or are convinced that integrated circuits were an "alien technology" gift from an extraterrestrial civilization.

Since I run my own DNS servers, I'm not in an immediate position to rigorously test the real-world performance of Google's new DNS service. But I'd be interested in your reports about this, including as much detail as you care to provide.

DNS is, for better or worse, at the heart of today's Internet. It will be fascinating to see what Google's efforts in this area will bring forth over time.

By Lauren Weinstein. More blog posts from Lauren Weinstein can also be read here.

Related topics: DNS, Privacy

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Internet Grows to 296 Million Domain Names in Q2 2015

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Introducing the Verisign DNS Firewall

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sponsored Topics