Google Public DNS

Google Public DNS is a free Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server.

Google Public DNS was announced on 3 December 2009,[1] in an effort described as "making the web faster and more secure".[2][3] As of 2014, it is the largest public DNS service in the world, handling 400 billion requests per day.[4] Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

Service

Google Public DNS operates recursive name servers for public use at the IP addresses 8.8.8.8 and 8.8.4.4 for IPv4 service, and 2001:4860:4860::8888 and 2001:4860:4860::8844, for IPv6 access.[5][6] The addresses are mapped to the nearest operational server by anycast routing.[7]

The service does not use conventional DNS name server software, such as BIND, instead relying on a custom-designed implementation, conforming to the DNS standards set forth by the IETF. It fully supports the DNSSEC protocol since 19 March 2013. Previously, Google Public DNS accepted and forwarded DNSSEC-formatted messages but did not perform validation.[8][9]

Some DNS providers practice DNS hijacking while processing queries, redirecting web browsers to an advertisement site operated by the provider when a nonexistent domain name is queried. This is considered intentional breaking of the DNS specification.[10] The Google service correctly replies with a non-existent domain (NXDOMAIN) response.[11]

The Google service also addresses DNS security. A common attack vector is to interfere with a DNS service to achieve redirection of web pages from legitimate to malicious servers. Google documents efforts to be resistant to DNS cache poisoning, including “Kaminsky Flaw” attacks as well as denial-of-service attacks.[12]

Google claims various efficiency and speed benefits,[13] such as using anycast routing to send user requests to the closest data center, over-provisioning servers to handle denial-of-service attacks and load balancing servers using two cache levels with a small per-host cache containing the most popular names and another pool of servers partitioned by the name to be looked up. This second level cache reduces the fragmentation and cache miss rate that can result from increasing the number of servers.

Privacy

Google stated that for the purposes of performance and security, the querying IP address will be deleted after 24–48 hours, but ISP and location information are stored permanently on their servers.[14][15][16]

According to Google's general privacy policy, "We [Google] may combine personal information from one service with information, including personal information, from other Google services".[15] However, Google Public DNS's policy specifically states that "We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services."[14]

History

In December 2009, Google Public DNS was launched with its announcement[17] on the Official Google Blog by product manager Prem Ramaswami, with an additional post on the Google Code blog.[18]

In January 2019, Google DNS adopted the DNS over TLS protocol.[19]

DNSSEC

At the launch of Google Public DNS, it did not directly support DNSSEC. Although RRSIG records could be queried, the AD (Authenticated Data) flag was not set in the launch version, meaning the server was unable to validate signatures for all of the data. This was upgraded on 28 January 2013, when Google's DNS servers silently started providing DNSSEC validation information,[20] but only if the client explicitly set the DNSSEC OK (DO) flag on its query.[21] This service requiring a client-side flag was replaced on 6 May 2013 with full DNSSEC validation by default, meaning all queries will be validated unless clients explicitly opt out.[22]

Client subnet

Since June 2014, Google Public DNS automatically detects nameservers that support EDNS Client Subnet (ECS) options as defined in the IETF draft (by probing nameservers at a low rate with ECS queries and caching the ECS capability), and will send queries with ECS options to such nameservers automatically.[23]

Censorship in Turkey

In March 2014, use of Google Public DNS was blocked in Turkey after it was used to circumvent the blocking of Twitter, which took effect on 20 March 2014 under court order. The block was the result of earlier remarks by Prime Minister Tayyip Erdogan who vowed to "wipe out Twitter" following damaging allegations of corruption in his inner circle. The method became popular after it was determined that a simple domain name block was used to enforce the ban, which would easily be bypassed by using an alternate DNS system. Activists distributed information on how to use the service, and spray-painted the IP addresses used by the service as graffiti on buildings. Following the discovery of this method, the government moved to directly block Twitter's IP address, and Google Public DNS was blocked entirely.[24][25][26][27]

See also

References

  1. ^ Geez, Google Wants to Take Over DNS, Too Wired, 3 December 2009
  2. ^ Introducing Google Public DNS, Official Google Blog
  3. ^ Pondering Google's Move Into the D.N.S. Business New York Times, 4 December 2009
  4. ^ "Google Public DNS and Location-Sensitive DNS Responses", Google, 27 February 2017.
  5. ^ Google DNS Speed
  6. ^ Mario Bonilla   View profile    More options (2011-06-09). "Announcement on public-dns-announce". Groups.google.com. Retrieved 2012-10-10.CS1 maint: Multiple names: authors list (link)
  7. ^ Google DNS FAQ Countries
  8. ^ "Frequently Asked Questions". Retrieved 3 July 2017.
  9. ^ Google Online Security Blog: Google Public DNS Now Supports DNSSEC Validation
  10. ^ "Public DNS Server with no hijacking!". Retrieved 22 Jun 2012.
  11. ^ What Is NXDOMAIN? Email PDF Print Mar/13/12 (2012-03-13). "What Is Nxdomain?". Dnsknowledge.com. Retrieved 2013-05-24.
  12. ^ "Google Public DNS Security Threats and Mitigations". Retrieved 22 June 2012.
  13. ^ "Google Public DNS Performance Benefits". Retrieved 22 June 2012.
  14. ^ a b "Google Public DNS: Your Privacy". Google. 2016-04-01. Retrieved 2016-09-05.
  15. ^ a b "Google Privacy Policy". Google. 2014-03-31. Retrieved 2014-07-01.
  16. ^ "Google Public DNS and your privacy". PC World. 4 December 2009.
  17. ^ Introducing Google Public DNS Official Google Blog, 3 December 2009
  18. ^ "Introducing Google Public DNS". Google Code Blog. 3 December 2009.
  19. ^ "Google DNS follows Cloudflare and is now using the TLS protocol". PPC Land. 2019-01-12. Retrieved 2019-01-12.
  20. ^ "Google's Public DNS does DNSSEC validation". nanog mailing list archives. 29 January 2013.
  21. ^ Huston, Geoff (17 July 2013). "DNS, DNSSEC and Google's Public DNS Service". CircleID.
  22. ^ "Google Public DNS Now Supports DNSSEC Validation". Google Code Blog. 1 June 2013.
  23. ^ Public-DNS-announce mailing list: Google Public DNS now auto-detects nameservers that support edns-client-subnet
  24. ^ "Turkish citizens use Google to fight Twitter ban". The Verge. Retrieved 24 March 2014.
  25. ^ "Twitter website 'blocked' in Turkey", BBC News, 20 March 2014. Retrieved 23 March 2014.
  26. ^ "'We'll eradicate Twitter': Turkey blocks Twitter access", PCWorld, 21 March 2014. Retrieved 22 March 2014
  27. ^ "Turkey becomes first country ever to ban Google DNS". Today's Zaman. Archived from the original on 24 March 2014. Retrieved 24 March 2014.

External links

1.1.1.1

1.1.1.1 is a free Domain Name System (DNS) service. The public DNS service and servers are maintained and owned by Cloudflare in partnership with APNIC. The service functions as a recursive name server providing domain name resolution for any host on the Internet. The service was announced on April 1, 2018, and is claimed by Cloudflare to be "the Internet's fastest, privacy-first consumer DNS service". On November 11, 2018, Cloudflare announced a mobile version of their 1.1.1.1 service for iOS and Android.

Ad blocking

Ad blocking or ad filtering is a software capability for removing or altering online advertising in a web browser or an application. The most popular ad blocking tools are browser extensions. Other methods are also available.

Browser security

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript — sometimes with cross-site scripting (XSS) — sometimes with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities (security holes) that are commonly exploited in all browsers (including Mozilla Firefox, Google Chrome, Opera, Microsoft Internet Explorer, and Safari).

CDNetworks

Founded in 2000, CDNetworks is a full-service content delivery network (CDN) which provides technology, network infrastructure, and customer services for the delivery of Internet content and applications. The company is positioning itself as a multinational provider of content delivery services, with a particular emphasis on emerging Internet markets, including South America, India and China. The company's content delivery network consists of 169 Point of Presence (PoPs) on six continents, with over 30 locations in Russia and China. Services include CDN, video acceleration, DDoS protection, cloud storage, cloud access security broker (CASB), web application firewall (WAF) and managed DNS with cloud load balancing. Key differentiators include a large number of global PoPs, good network presence in China and Russia, and high-profile clients such as Forbes, Samsung and Hyundai. CDNetworks has offices in the U.S., South Korea, China, Japan, UK and Singapore.

Censorship in Denmark

Censorship in Denmark has been prohibited since 1849 by the Constitution:

§ 77: Any person shall be at liberty to publish his ideas in print, in writing, and in speech, subject to his being held responsible in a court of law. Censorship and other preventive measures shall never again be introduced.

This effectively means that published material does not need prior acceptance from a censor before being released, also known as prior restraint. However, child pornography, hate speech, copyright, libel, and state security laws do exist, which means that authors, publishers, and others can be held responsible for statements in publicly disseminated material that violates these laws. Until June 2017, §140 of the Danish penal code (colloquially, blasfemiparagraffen) outlawed blasphemy.

Content delivery network

A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and high performance by distributing the service spatially relative to end-users. CDNs serve a large portion of the Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social media sites.CDNs are a layer in the internet ecosystem. Content owners such as media companies and e-commerce vendors pay CDN operators to deliver their content to their end users. In turn, a CDN pays ISPs, carriers, and network operators for hosting its servers in their data centers.

CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, multi-CDN switching and analytics and cloud intelligence. CDN vendors may cross over into other industries like security, with DDoS protection and web application firewalls (WAF), and WAN optimization.

DNS hijacking

DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

These modifications may be made for malicious purposes such as phishing, or for self-serving purposes by Internet service providers (ISPs) and public/router-based online DNS server providers to direct users' web traffic to the ISP's own web servers where advertisements can be served, statistics collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.

DNS over TLS

DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.

As of 2019, Cloudflare, Quad9, Google, Quadrant Information Security and CleanBrowsing are providing public DNS resolver services via DNS over TLS.

In April 2018, Google announced that Android Pie will include support for DNS over TLS. DNSDist, from PowerDNS also announced support for DNS over TLS in its latest version 1.3.0. BIND users can also provide DNS over TLS by proxying it through stunnel. Unbound supports DNS over TLS since 22 January 2018.

Domain Name System Security Extensions

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

EDNS Client Subnet

EDNS Client Subnet is a DNS extension that allows a recursive DNS resolver to specify the network subnet for the host on which behalf it is making a DNS query. This is generally intended to help speed up the delivery of data from content delivery networks, by allowing better use of DNS-based load balancing to select a service address serving the content expected to be hosted at that domain name, when the client computer is in a different network location from the recursive resolver. The EDNS client subnet mechanism is specified in RFC 7871.

As of 2017, DNS resolution service providers supporting EDNS Client Subnet include OpenDNS and Google Public DNS.

Internet censorship circumvention

Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

Various techniques and methods are used to bypass Internet censorship, and have differing ease of use, speed, security, and risks. Some methods, such the use of alternate DNS servers, evade blocking by using an alternate address or address lookup system to access the site. Techniques using website mirrors or archive sites rely on other copies of the site being available at different locations. Additionally, there are solutions that rely on gaining access to an Internet connection that is not subject to filtering, often in a different jurisdiction not subject to the same censorship laws, using technologies such as proxying, Virtual Private Networks, or anonymization networks.An arms race has developed between censors and developers of circumvention software, resulting in more sophisticated blocking techniques by censors and the development of harder-to-detect tools by researchers. Estimates of adoption of circumvention tools vary substantially and are disputed. Barriers to adoption can include usability issues, difficulty finding reliable and trustworthy information about circumvention, lack of desire to access censored content, and risks from breaking the law.

List of Google products

The following is a list of products and services provided by Google.

Norton ConnectSafe

Norton ConnectSafe was a free public DNS service offered by Symantec Corporation that claimed to offer a faster and more reliable web browsing experience while blocking undesirable websites. The service was retired on November 15, 2018.

OpenDNS

OpenDNS is a company and service that extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering in addition to DNS lookup, if its DNS servers are used.

The company hosts a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.On August 27, 2015, Cisco acquired OpenDNS for US$635 million in an all-cash transaction, plus retention-based incentives for OpenDNS. OpenDNS' business services were renamed as Cisco Umbrella; home products retained the OpenDNS name. Cisco said that it intended to continue development of OpenDNS with its other cloud-based security products, and that it would continue its existing services.Previously OpenDNS provided an ad-supported service "showing relevant ads when we [show] search results" and a paid advertisement-free service. The services are based on software proprietary to the company.

OpenNIC

OpenNIC (also referred to as the OpenNIC Project) is a user-owned and -controlled top-level Network Information Center that offers a non-national alternative to traditional Top-Level Domain (TLD) registries such as ICANN. As of January 2017, OpenNIC recognizes and peers all existing ICANN TLDs, for compatibility reasons. However, OpenNIC has not yet evaluated and does not hold a formal position on future ICANN TLDs.In addition to resolving hostnames in the ICANN root, OpenNIC also resolves hostnames in OpenNIC-operated namespaces, as well as within namespaces with which peering agreements have been established. Some OpenNIC recursive servers (Tier 2 servers) are known for their high speeds and low latency, relative to other more widely used DNS recursors, as well as their anonymizing or no-logging policies. Many servers offer DNSCrypt. Tier 2 servers are operated by community volunteers across a multitude of geographic locations.

Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of Internet users, because they require a non-default configuration in one's DNS resolver.

Public recursive name server

A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected. Reasons for using these services include:

speed, compared to using ISP DNS services

filtering (security, ad-blocking, porn-blocking, etc.)

reporting

avoiding censorship

redundancy (smart caching)

access to unofficial alternative top level domains not found in the official DNS root zonePublic DNS resolver operators often cite increased privacy as an advantage of their services; critics of public DNS services have cited the possibility of mass data collection targeted at the public resolvers as a potential risk of using these services. Several services now support secure DNS lookup transport services such as DNS over HTTPS and DNS over TLS.

Public DNS resolvers are operated either by commercial companies, offering their service for free use to the public, or by private enthusiasts to help spread new technologies and support non-profit communities.

Quad9

Quad9 is a not-for-profit public-benefit organization supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), and many other cybersecurity organizations for the purpose of operating a privacy-and-security-centric public DNS resolver. Its main differentiators from other DNS resolvers are that it does not record the queries users send to it, and that it automatically blocks domains known to be associated with malicious activity. Quad9 offers DNS over TLS service over port 853, DNS over HTTPS over port 443 and DNSCrypt service over port 443.

Recep Tayyip Erdoğan

Recep Tayyip Erdoğan (; Turkish: [ɾeˈdʒep tajˈjip ˈæɾdoan] (listen); born 26 February 1954) is a Turkish politician serving as the 12th and current President of Turkey since 2014. He previously served as Prime Minister from 2003 to 2014 and as Mayor of Istanbul from 1994 to 1998. He founded the Justice and Development Party (AKP) in 2001, leading it to general election victories in 2002, 2007 and 2011 before standing down upon his election as President in 2014. Coming from an Islamist political background and as a self-described conservative democrat, he has promoted socially conservative and liberal economic policies in his administration. Under his administration, Turkey has experienced democratic backsliding.Erdoğan played football for Kasımpaşa before being elected in 1994 as the Mayor of Istanbul from the Islamist Welfare Party. He was stripped of his position, banned from political office, and imprisoned for four months, for reciting a poem that promoted a religious point of view of government during a speech in 1998. Erdoğan abandoned openly Islamist politics and established the moderate conservative AKP in 2001.

Following the AKP's landslide victory in 2002, the party's co-founder Abdullah Gül became Prime Minister, until his government annulled Erdoğan's ban from political office. Erdoğan became Prime Minister in March 2003 after winning a by-election in Siirt.Erdoğan's government oversaw negotiations for Turkey's membership in the European Union, an economic recovery following a financial crash in 2001, changes to the constitution via referenda in 2007 and 2010, a Neo-Ottoman foreign policy, and investments in infrastructure including roads, airports, and a high-speed train network, and finally the Turkish currency and debt crisis of 2018. With the help of the Cemaat Movement led by preacher Fethullah Gülen, Erdoğan was able to curb the power of the military through the Sledgehammer and Ergenekon court cases. In late 2012, his government began peace negotiations with the Kurdistan Workers Party (PKK) to end the ongoing PKK insurgency that began in 1978. The ceasefire broke down in 2015, leading to a renewed escalation in conflict. In 2016, a coup d'état was unsuccessfully attempted against Erdoğan and Turkish state institutions. This was followed by purges and an ongoing state of emergency.

Political scientists no longer consider Turkey as a fully fledged democracy, citing the lack of free and fair elections, purges and jailing of opponents, curtailed press freedom, and Erdoğan's efforts to broaden his executive powers and minimize his executive accountability. Widespread 2013 protests broke out against the perceived authoritarianism of Erdoğan's policies; he criticized the protestors and then had them suppressed by police, which killed 22 people, injured numerous others and brought international condemnation from foreign governments and human rights organizations. This stalled negotiations related to EU membership. Following a split with Gülen, Erdoğan promulgated sweeping judicial reforms he insisted were needed to purge Gülen's sympathisers, but which were criticised for threatening judicial independence. A US$100 billion corruption scandal in 2013 led to the arrests of Erdoğan's close allies, and incriminated Erdoğan. His government has since come under fire for alleged human rights violations and crackdown on press and social media, having blocked access to Wikipedia, Twitter, Facebook and YouTube on numerous occasions. Erdoğan's government lifted the bans when directed by court orders, but later reimposed them. In 2016, Turkey under Erdoğan began a crackdown on freedom of the press; in 2016 and 2017, more journalists have been incarcerated in Turkey than in any other country. He was re-elected in the 2018 general election and assumed the role of Executive President and became both the head of state and head of government.

Reverse DNS lookup

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. This may be used to try to identify the originator’s domain name to track, for example, a spammer sending spam emails or the domain name of a computer trying to break into a firewall or someone trying to hack the system. It may also be used to determine the name of the internet service provider assigned to a particular IP address. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

Although the informational RFC 1912 (Section 2.1) recommends that "every Internet-reachable host should have a name" and that "for every IP address, there should be a matching PTR record," it is not an Internet Standard requirement, and not all IP addresses have a reverse entry.

Overview
Advertising
Communication
Software
Platforms
Hardware
Development
tools
Publishing
Search
(timeline)
Events
People
Other
Related

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.