CircleID

In a move potentially of significant importance to the vast majority of Internet users who do not run their own DNS servers to resolve Internet site domain names, Google has announced their own publicly accessible DNS service.

Unlike some other publicly accessible DNS services that may redirect nonexistent domain queries for advertising purposes, Google explicitly states that "Google Public DNS never blocks, filters, or redirects users."

This is a key point for users who by default are configured to resolve their Internet DNS queries through sometimes restrictive ISP DNS services that may redirect or even block some DNS queries.

Using a different DNS service is usually as "easy" as changing the IP addresses in your OS DNS settings, but note that if your ISP is actually diverting the TCP/IP ports that DNS uses to communicate, it will be impossible for you to switch DNS servers through normal mechanisms. (For more information on testing for this condition, please see my Testing Your Internet Connection for ISP DNS Diversions page.)

A concern that frequently arises with DNS services is their logging policies. A DNS server potentially can gather a great deal of information about the Internet sites that you use. Both some ISPs and particular public DNS services have been criticized for their DNS data retention policies, which sometimes provide for indefinite or long retention of full DNS logging data.

Google has obviously recognized the sensitivity of this issue. Their separate privacy policy for the Google Public DNS strikes me as utterly reasonable, particularly given its very rapid (24-48 hours) deletion of what I would consider to be the key privacy-sensitive data.

No doubt this won't satisfy some hard-core Google haters, who will either suggest that Google shouldn't log any DNS query data even for a very short period of time — or will simply claim that Google is lying about their privacy and data retention policies.

But I view graduated "data destruction" policies such as this one announced by Google as being completely appropriate to provide for reasonable research purposes without unreasonably impacting user privacy concerns. I can't help those critics who seem to cynically assume that Google is a serial liar about their privacy or other policies, or are convinced that integrated circuits were an "alien technology" gift from an extraterrestrial civilization.

Since I run my own DNS servers, I'm not in an immediate position to rigorously test the real-world performance of Google's new DNS service. But I'd be interested in your reports about this, including as much detail as you care to provide.

DNS is, for better or worse, at the heart of today's Internet. It will be fascinating to see what Google's efforts in this area will bring forth over time.

By Lauren Weinstein. More blog posts from Lauren Weinstein can also be read here.

Related topics: DNS, Privacy