Jan 21, 2013

Google Public DNS A Closer View

Earlier this month, Google announced that it had become the largest public DNS service in the world, handling an average of more than 70 billion requests a day. From Google’s point of view, this was great. As it pointed out in its official blog, a good DNS service helps make the Web faster and more secure. That’s true. But is a giant DNS in Google’s hands really good for the world?


The DNS or Domain Name System is often described as the “phone book” of the Internet, but that analogy tends to understate its importance. Imagine that you’ve suddenly landed in the middle of a giant megalopolis without any street names or building addresses or distinguishing characteristics and no working GPS. That would be the Internet without a domain name system.

But while the DNS system is criticial for planetary communications, helping to run it typically hasn’t brought anyone power or glory. This led to a certain amount of neglect, which in turn created a business opportunity for companies willing to tackle the job of improving DNS.

Three years ago, I sat down with David Ulevitch, a developer who founded OpenDNS in 2005 to help make the Internet faster and more reliable for individuals and businesses by providing a better domain name service. At the time, OpenDNS had built a small but profitable business providing improved DNS for free to individuals and for a fee to enterprises. It later grew to operate the largest network of public DNS servers, serving millions of users around the world.

Unlike Google, Ulevitch has never struck me as being obsessed with world domination, so I reached out to him this week to ask what he thought of Google’s entry, and now colossal presence, in the space.

What are the implications of Google being the largest public DNS service? Is this good for ordinary people who use the Internet?

First, I think it’s a clear indication that Google takes DNS seriously. I’ve always said that Google’s purview is limited to everything between the user and the advertisement. DNS fits squarely within those sights and cuts across a number of strategic areas of focus for Google—speed, security, analytics and control. I think efforts to make the Internet faster is good for ordinary people, but I think that there’s more to Google’s motives then pure benevolence. That’s not to say good can’t be a byproduct, but rather, there are ancillary benefits that may not be as friendly to the ordinary Internet user.

With DNS, it’s possible to control key components of Internet navigation. Google already controls search, they are quickly gaining market share to control the browser, and when you put in DNS, it becomes the trifecta of complete navigational control. The “omnibox” is something Google introduced with Chrome, but I actually introduced it to Google PM Sundar Pichai a number of years before Chrome existed when demoing our vision for OpenDNS to him as he was then the PM for Google Toolbar, and other Google desktop products.

What role has Google played in the DNS ecosystem? Do you see them as a competitor or a partner?

Google has helped raise the importance of DNS above the network engineering community, which has been really good. They’ve also worked with us to advance the state of the art for DNS performance, something we’ve really enjoyed working with them to make happen. It’s not so much competition as it is choice in the market. If they started defaulting Chrome to use Google DNS, I think that’s something we would take issue with, but for now, we like the idea of people using a DNS other than their ISPs, that’s a good idea for a lot of reasons.

What are some of those reasons?

I like the idea of separation of services. ISPs provide a pipe. Other vendors provide security. Other vendors provide email. When one party controls all the services, it’s a “synergy” for the company, but rarely for the consumer. With DNS in particular, there are performance and security benefits that third party DNS providers offer that ISPs aren’t incentivized to do since DNS is a cost-center for them, and a profit-center for us.

Are there any privacy concerns to think about if you configure your network settings to use Google Public DNS?

You are trusting them with all your DNS lookup data, which can be more personal and revealing than I think most people realize. We don’t persist logs for our users without accounts and configured networks, I’m not sure Google makes the same statement. They have a separate privacy policy for Google DNS, and I’m sure they are hypersensitive about privacy concerns, so I wouldn’t be too paranoid.

If an ordinary person using the Web doesn’t make this change, would they have any exposure to Google Public DNS?

Probably not. OpenDNS is in 10′s of 1000′s of public hotspots, retail stores, schools, and businesses. so people often find our service. I’m not sure about Google DNS in that capacity.

If Google is the largest public DNS, who is the largest private DNS?

An ISP—maybe Comcast? I’m not sure. Google claims the most number of queries per day, but we actively discourage automated usage of OpenDNS by machines, crawlers and other software. Google doesn’t. I’m not sure they have more end users than we have. We are still growing at an aggressive clip.

Anonymous has publicly posted its threat to take down the Internet on March 31 by attacking the 13 DNS root servers of the Internet. Do you take this threat seriously?

Anonymous is nothing and everything at the same time. While I think it’d be very difficult to take down the root servers on the Internet, I think it’s entirely possible to cause massive disruption to the Internet in other ways if someone was focused on doing that. The Internet is always getting more secure, and more diversely connected, but there are some weak links still where a specific outage in a specific place would have far-reaching disruptive implications.

Does the presence of players like OpenDNS and Google Public DNS make the Internet more stable?

I think anything which promotes heterogeneity on the Internet promotes stability. Diversity in services, service providers, and separating the layers of the networking stack are all important. Your ISP no longer provides you email because everyone either uses their own or has an account with Hotmail, Gmail or Yahoo mail. The same way people unbundled their email from their ISP, I think they should do with their DNS. Separation of services has been a long-standing best practice in the security community, and it applies now more than ever. In that vein, I’ll reiterate my view that I think Google controlling search, the browser, and the network or DNS layer is a dangerous trifecta that the consumer will probably be best served avoiding. I’m sure we’ll find out soon enough. - source

0 comments:

Post a Comment