Home / Blogs

Google's New Public DNS Service - and Data Retention Issues

In a move potentially of significant importance to the vast majority of Internet users who do not run their own DNS servers to resolve Internet site domain names, Google has announced their own publicly accessible DNS service.

Unlike some other publicly accessible DNS services that may redirect nonexistent domain queries for advertising purposes, Google explicitly states that "Google Public DNS never blocks, filters, or redirects users."

This is a key point for users who by default are configured to resolve their Internet DNS queries through sometimes restrictive ISP DNS services that may redirect or even block some DNS queries.

Using a different DNS service is usually as "easy" as changing the IP addresses in your OS DNS settings, but note that if your ISP is actually diverting the TCP/IP ports that DNS uses to communicate, it will be impossible for you to switch DNS servers through normal mechanisms. (For more information on testing for this condition, please see my Testing Your Internet Connection for ISP DNS Diversions page.)

A concern that frequently arises with DNS services is their logging policies. A DNS server potentially can gather a great deal of information about the Internet sites that you use. Both some ISPs and particular public DNS services have been criticized for their DNS data retention policies, which sometimes provide for indefinite or long retention of full DNS logging data.

Google has obviously recognized the sensitivity of this issue. Their separate privacy policy for the Google Public DNS strikes me as utterly reasonable, particularly given its very rapid (24-48 hours) deletion of what I would consider to be the key privacy-sensitive data.

No doubt this won't satisfy some hard-core Google haters, who will either suggest that Google shouldn't log any DNS query data even for a very short period of time — or will simply claim that Google is lying about their privacy and data retention policies.

But I view graduated "data destruction" policies such as this one announced by Google as being completely appropriate to provide for reasonable research purposes without unreasonably impacting user privacy concerns. I can't help those critics who seem to cynically assume that Google is a serial liar about their privacy or other policies, or are convinced that integrated circuits were an "alien technology" gift from an extraterrestrial civilization.

Since I run my own DNS servers, I'm not in an immediate position to rigorously test the real-world performance of Google's new DNS service. But I'd be interested in your reports about this, including as much detail as you care to provide.

DNS is, for better or worse, at the heart of today's Internet. It will be fascinating to see what Google's efforts in this area will bring forth over time.

By Lauren Weinstein. More blog posts from Lauren Weinstein can also be read here.

Related topics: DNS, Privacy

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

2016 U.S. Election: An Internet Forecast

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

What Holds Firms Back from Choosing Cloud-Based External DNS?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Internet Grows to 296 Million Domain Names in Q2 2015

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Introducing the Verisign DNS Firewall

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias
Port25

Email

Sponsored by
Port25