Google Starts Own DNS Service: 8.8.8.8 and 8.8.4.4

Dec 04, 2009

Google can't get enough of the Internet. Now the company is promoting its own nameserver service that it claims is not only faster than the usual DNS, but more secure.

Why use a public DNS server when there is Google? Using the simple entry in the /etc/resolve.conf file:

nameserver 8.8.8.8
nameserver 8.8.4.4

Linux users can forego their providers' name server and go directly to Google to resolve their IP addresses to domain names. Always up and guaranteed failure-proof and intrusion-safe, says Google. The service also fits quite well within their portfolio: everyone searching the Web for something can google it, why not also IP addresses? It also makes it easier for Google to log usage records, with the result that it will now know just about everything.

The idea of an own nameserver seems trivial, yet ingeniously simple and extremely dangerous. On the one hand it allows bypassing of ISP locks on the nameserver level, on the other hand Goggle can thereby build a central monopoly with a predisposition for censorship that goes way beyond what a search engine should be capable of doing.

Benefits of the new nameserver service, according to Google, are:

  • Speed, via "clever caching" and record prefetching.
  • Security, with mechanisms for preventing spoofing attacks.
  • Validy, by eliminating blocking, filtering or redirection.

We are faster

As usual, Google's number one concern is speed. Users of the new Public DNS service should get much greater name resolution speeds than with the average DNS service, certainly palpable by Google's infrastructure and hopefully corroborated by some testing done before the official launch. Everyone should benefit, by Google's usual claim: "We plan to share what we learn from this experimental rollout of Google Public DNS with the broader web community and other DNS providers, to improve the browsing experience for Internet users globally."

Going it all alone

Google's number two concern has also been long evident: over the years DNS has shown certain opportunities for DNS spoofing and denial-of-service (DoS) attacks that haven't received enough attention. Work on it, mainly through DNSSEC, is being done, however. All the more surprising that a company like Google that has long been entrusted with the Internet's DNS structures is now providing its own DNS solution. It seems to be easier to promote one's own service than work together to make the classic DNS service more secure. Google will therewith not win many friends in the open source arena.

Related content

  • The sys admin's daily grind: DNSDiag

    If some transactions take an inexplicably long time, you don't have to blame yourself for the delayed transmission of user data. Name resolution issues might be to blame. Sys admin Charly has three tools to study the DNS server.

  • Local DNS with Unbound

    You don't have to be satisfied with your ISP's slow and cumbersome DNS server. Your own Unbound server could improve performance as well as security.

  • Pi-hole

    Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.

  • Integrating Google Services

    Just because Google’s services are web-based doesn’t mean you can’t use them from the comfort of your desktop.

  • Welcome

    On August 11, Mozilla CEO Mitchell Baker announced a "significant restructuring" of the Mozilla Corporation. Mozilla is best known for its flagship product, the Firefox web browser. The restructuring is said to include significant staff reductions – the second layoffs of the year.

Comments

  • s/resolve.conf/resolv.conf/

    s/resolve.conf/resolv.conf/
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News