Google Launches Public DNS to Speed Up Web

In an unusual move, Google announced Google Public DNS on Thursday, a new means by which users can utilize the Google DNS servers to access the Internet.

Google has even added telephone support for those who choose to make the switch.

For many, the DNS settings that lie at the heart of a user's router rarely need to be touched. When a user types in "www.pcmag.com", for example, the user's PC contacts the DNS server via the router and asks for the numerical IP address of the site, somewhat like 1-800-FLOWERS actually connects to a numerical telephone number.

Google's motivation, according to the company, is to both speed up Web browsing as well as provide enhanced security. "We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users," Prem Ramaswami, of Google's Public DNS Team, wrote in a blog post. "To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community."

Check out our hands-on with Google Public DNS.

Allowing Google to handle DNS requests, rather than an ISP, will also mean that mistyped URLs will be redirected to a Google error page rather than an ISP-controlled one, on which the owner of the DNS server can place their own ads, PCMag.com software analyst Michael Muchmore noted.

Users who want to try out the new Google DNS servers can change their DNS settings to 8.8.8.8 or 8.8.4.4, as its instructions describe. Google strongly recommends, however, that users copy down their existing settings. Interestingly, Google also provides telephone support for its Public DNS as well.

The new DNS settings are not for ISPs to use, as Google does not have a service-level agreement (SLA) in place. The project is characterized as "experimental".

The new DNS settings can be used by any user worldwide, although performance increases will be fastest for users who are in close proximity to a Google data center. Those data centers are located worldwide, although Google hasn't specified exactly where they are physically located.

Although DNS servers are maintained by a user's ISP, the OpenDNS project has maintained a similar open resolver project for a number of years. Ramaswami said in an interview that the Google will encourage other open resolvers to engage it in dialogue and to adopt some of the techniques Google's Pubic DNS used to better improve the Web.

In his own blog post, David Ulevitch, the founder of OpenDNS, wrote that while he appreciated the spotlight Google's announcement shone on DNS, he was suspicious of Google's motivations. He also noted in passing that OpenDNS can serve enterprise customers, something that Ramaswami said that Google's Public DNS could not duplicate, at least not yet.

"[I]t's not clear that Internet users really want Google to keep control over so much more of their Internet experience than they do already — from Chrome OS at the bottom of the stack to Google Search at the top, it is becoming an end-to-end infrastructure all run by Google, the largest advertising company in the world," Ulevitch wrote. "I prefer a heterogeneous Internet with lots of parties collaborating to make this thing work as opposed to an Internet run by one big company."

Google's Ramaswami said he also supported the customer's right to choose. "Google believes strongly in consumer choice," he said.

However, Ramaswami also emphatically denied that the company would in any way monetize the data it collected, referring to its privacy policies. "This is about making the Web faster, not about the data," he said. "We've gone out of the way to make this true."

From a speed perspective, the Google DNS servers use prefetching, Google said, refreshing the record on a particular network request continuously, asychronously and independently of user requests for a large number of popular domains before the record expires. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back, the company claimed.

Google Public DNS was also put into place to prevent the sort of DNS poisoning attacks that were disclosed last year. The system can also prevent so-called DNS "amplification attacks" that attack the DNS server itself, and then use them to route other PCs to attack target sites in an orchestrated distributed denial-of-service attack.

But will users want to trust Google with their each and every request to the Internet? In an attempt to defuse concerns, Google also added a privacy page describing how it handles its records.

Google said that it does keep a user's unique IP address, but only for a short time, to detect and prevent a denial-of-service attack. Afterward, Google begins "burning the logs," in Ramaswami's words.

"Google Public DNS stores two sets of logs: temporary and permanent. The temporary logs store the full IP address of the machine you're using," the company said. "We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users. We delete these temporary logs within 24 to 48 hours.

"In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena and improve the Google Public DNS prefetching feature. We don't correlate or combine your information from these logs with any other log data that Google might have about your use of other services, such as data from Web Search and data from advertising on the Google content network. After keeping this data for two weeks, we randomly sample a small subset for permanent storage."

Google representatives referred questions about privacy to the privacy page, but said that the company would make executives available for comment later Thursday morning.

Editor's Note:: This story was updated at 11:56 AM PT with comments from OpenDNS Ulevitch and more details.