Google Public DNS

from Wikipedia, the free encyclopedia

Google Public DNS is a domain name system service offered worldwide by Google . The service works as a recursive name server . Google Public DNS was announced on December 3rd, 2009 to make the web faster and safer, it claims.

Then, in August 2010, Google started the DNS service. Since 2018 it has been the most widely used public DNS service in the world, with over a trillion addresses delivered per day. Google Public DNS is not related to the Google Cloud DNS , which is a DNS hosting service.

service

The Google Public DNS operates recursive name servers for public use under the following four IP addresses. The addresses are anycast - routing routed to the nearest operational server.

IPv4 addresses 8.8.8.8

8.8.4.4

IPv6 addresses 2001: 4860: 4860 :: 8888

2001: 4860: 4860 :: 8844

DNS addresses dns.google.com

dns.google

The service does not use conventional DNS name server software such as BIND , but relies on a customer-specific implementation that conforms to the DNS standards set by the IETF . It has fully supported the DNSSEC protocol since March 19, 2013. Previously, Google Public DNS accepted and forwarded DNSSEC-formatted messages, but did not perform any validation.

Some DNS providers practice DNS hijacking when processing requests by redirecting web browsers to an advertising site operated by the provider when a non-existent domain name is queried. This is considered a deliberate breach of the DNS specification. The Google service responds correctly with a non-existent domain (NXDOMAIN).

The Google service is also concerned with DNS security. A common attack vector is to intervene in a DNS service in order to redirect websites from legitimate to malicious servers. According to Google's own statement, the service is making efforts to combat DNS spoofing , including being resistant to attacks using the Kaminsky vulnerability and denial-of-service attacks.

Google gives various efficiency and speed benefits, such as B. the use of anycast routing to send user requests to the closest data center, over-provisioning of servers to handle denial-of-service attacks and load balancing servers using two cache levels with a small cache per host, the contains the most popular names and another pool of servers partitioned by the name to be looked up. This second level cache reduces the fragmentation and cache miss rate that can result from increasing the number of servers.

In June 2020, DNSPerf ranks Google Public DNS as the fourth fastest public DNS resolver in the world, behind Cloudflares 1.1.1.1 , DNSFilter and OpenDNS .

DNS64

The Google Public DNS64 service operates recursive name servers for public use under the following two IP addresses for use with NAT64 . These servers are compatible with DNS over HTTPS .

IP addresses 2001: 4860: 4860 :: 6464

2001: 4860: 4860 :: 64

DNS addresses dns64.dns.google

privacy

Google itself states that, for performance and security reasons, the requested IP address is temporarily stored for 24-48 hours, but the information about the Internet service provider and the location are stored permanently on their servers.

According to Google's general data protection declaration and terms of use, it says: "The data we collect may be combined for the purposes described above across all services and devices." (Google: Data protection declaration and terms of use). In the guidelines of Google Public DNS it is explicitly stated: “ We do not correlate or associate personal information in Google Public DNS logs with your information from use of any other Google service except for addressing security and abuse. "(German:" We do not correlate or link your personal information in the Google Public DNS protocols with your information from the use of other Google services, unless it is about security and misuse. ")

history

On December 3, 2009, Google Public DNS was announced on the official Google blog by product manager Prem Ramaswami. In addition, a post appeared on the Google Code Blog.

Since January 2019, Google Public DNS has supported the DNS-over-TLS protocol.

DNSSEC

When Google Public DNS was introduced, DNSSEC was not directly supported. Although RRSIG entries could be queried, the AD (Authenticated Data) flag was not set in the starting version , which means that the server was not able to validate signatures for all data. This was updated on January 28, 2013 when Google's DNS servers began to provide DNSSEC validation information unnoticed, but only if the client had explicitly set the DNSSEC OK (DO) flag when queried . This service, which requires a client-side flag, was replaced by default on May 6, 2013 with a full DNSSEC validation, which means that all queries are validated unless the clients explicitly refuse it.

Client subnet

As of June 2014, Google Public DNS has been automatically detecting name servers that support EDNS client subnet options as defined in the IETF draft (by probing name servers at a low rate with ECS queries and caching the ECS capability) Automatically send requests with ECS options to such name servers.

Censorship in Turkey

In March 2014, the use of Google Public DNS was blocked in Turkey after it was used to circumvent the Twitter blocking that came into force on March 20, 2014 by court order. The blockade was the result of earlier dictatorial statements by then Prime Minister Recep Tayyip Erdoğan , who had sworn that "Twitter [...] will be uprooted" ( Recep Tayyip Erdoğan : Spiegel of March 21, 2014) after he had harmful corruption allegations in his inner circle had raised. The method became popular after it was discovered that a simple domain name block was used to enforce the ban, which could easily be bypassed by using an alternate DNS. Activists distributed information about the use of the service and sprayed the IP addresses used by the service as graffiti on buildings. After discovering this method, the government moved to block Twitter's IP address directly, and Google Public DNS was completely blocked.

See also

Web links

Individual evidence

  1. Public DNS: Google wants to speed up the web. In: Spiegel Online . December 4, 2009, accessed July 9, 2020 .
  2. a b Jens Minor: Happy 8.8.8.8 Birthday: Google's Public DNS 8.8.8.8 celebrates its birthday & gives interesting insights. In: googlewatchblog.de. August 11, 2018, accessed July 10, 2020 .
  3. Thomas Cloer: 8.8.8.8 and 8.8.4.4: Google's public DNS servers are plowing. In: computerwoche.de. February 16, 2012, accessed July 12, 2020 .
  4. a b Yunhong Gu: Google Online Security Blog: Google Public DNS Now Supports DNSSEC Validation. In: security.googleblog.com. March 19, 2013, accessed July 13, 2020 .
  5. What is DNS hijacking? In: ionos.de. January 28, 2020, accessed July 13, 2020 .
  6. Mr. Dns: What Is NXDOMAIN? In: dnsknowledge.com. May 14, 2010, accessed on July 13, 2020 .
  7. Security Benefits - Public DNS. In: developers.google.com . Retrieved July 13, 2020 .
  8. Performance Benefits - Public DNS. In: developers.google.com . Retrieved July 13, 2020 .
  9. DNS Performance - Public DNS Resolver - Raw Performance. In: dnsperf.com. June 30, 2020, accessed on July 13, 2020 .
  10. Google Public DNS64 - Google Developers. In: developers.google.com . Retrieved July 13, 2020 .
  11. a b Google Public DNS - Your Privacy. In: developers.google.com . Retrieved July 13, 2020 .
  12. ^ Prem Ramaswami: Official Google Blog: Introducing Google Public DNS. In: googleblog.blogspot.com. December 3, 2010, accessed July 13, 2020 .
  13. ^ Prem Ramaswami: Introducing Google Public DNS: A new DNS resolver from Google - The official Google Code blog. In: googlecode.blogspot.com. December 3, 2009, accessed July 13, 2020 .
  14. Stefan Beiersmann: Google donates TLS encryption to its public DNS servers. In: zdnet.de. January 10, 2019, accessed July 13, 2020 .
  15. nanog: Google's Public DNS does DNSSEC validation. In: seclists.org. January 29, 2013, accessed July 13, 2020 .
  16. ^ Geoff Huston: DNS, DNSSEC and Google's Public DNS Service. In: CircleID. July 17, 2013, accessed on July 13, 2020 .
  17. Shen Wan: Google Public DNS now auto-detects nameservers that support edns-client-subnet. In: groups.google.com. June 9, 2014, accessed July 13, 2020 .
  18. Twitter switched off in Turkey. In: Spiegel Online . March 21, 2014, accessed July 13, 2020 .
  19. Pavel Lokshin: Internet censorship: Turkish provider pose as Google. In: zeit.de . April 1, 2014, accessed July 13, 2020 .
  20. Turkish Internet providers manipulate Google DNS servers. In: sueddeutsche.de . April 1, 2014, accessed July 13, 2020 .