So who will be using Googles new public DNS service?

Y

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
http://code.google.com/speed/public-dns/
Not me...I'll stick to OpenDNS for all my setups...too bad Google doesn't add malware filtering, would make them more competitive. Plus there's just something that makes me wonder....the biggest ad-tracking agency out there..having top dog access to all this DNS data.

They're sorta showing off some IP address ownership by using those IP addresses eh?
8.8.8.8/8.8.4.4
 
Debating... Still. Might give it a little try. Right now all my ad integrated is using 4.2.2.2 4.2.2.1.

Open dns sounds good too
 
Hmm I didnt even know that google offered DNS servers.

I still just use 4.2.2.1 and 4.2.2.2 also.
 
I'm debating whether I want my internal BIND server forwarding to anything at all. I currently have it setup to forward to OpenDNS but have gotten annoyed with the redirects to their useless search pages.
 
Nice to see someone providing a well provisioned public DNS resolver. 4.2.2.1 and friends are great, but they're not really publicly advertised (as far as I can tell, anyway) and who knows what L3 will do with them in the future. A bit foolish to rely on them, I think.

too bad Google doesn't add malware filtering, would make them more competitive
Click to expand...
No. That's what OpenDNS is for. Google is just providing a proper, unadulterated DNS service. This is really a pretty empty space right now, we've got the unpublicized L3 resolvers and your ISP's often poorly maintained (and increasingly non standards compliant) ones and that's about it. It's good to see a company with the resources and know-how openly provide a proper DNS service.

DNS stats might give them some idea of the popularity of things other than web usage, but the way DNS works makes them pretty much useless standing on their own. One query for a domain could represent ten thousand end-user requests. Probably it will be an interesting dataset, and I'm sure Google will be able to make use of it, but it's so abstracted and aggregate that I'm not concerned at all about the implications. Search and e-mail tracking is orders of magnitude more scary, and not many people seem too worried about that.
 
I wish OpenDNS had easy to remember, elite IP ownership :p I don't have to enter them more than twice a week usually so I always have to look 'em up.
 
keenan said:
Nice to see someone providing a well provisioned public DNS resolver. 4.2.2.1 and friends are great, but they're not really publicly advertised (as far as I can tell, anyway) and who knows what L3 will do with them in the future. A bit foolish to rely on them, I think.


No. That's what OpenDNS is for. Google is just providing a proper, unadulterated DNS service. This is really a pretty empty space right now, we've got the unpublicized L3 resolvers and your ISP's often poorly maintained (and increasingly non standards compliant) ones and that's about it. It's good to see a company with the resources and know-how openly provide a proper DNS service.

DNS stats might give them some idea of the popularity of things other than web usage, but the way DNS works makes them pretty much useless standing on their own. One query for a domain could represent ten thousand end-user requests. Probably it will be an interesting dataset, and I'm sure Google will be able to make use of it, but it's so abstracted and aggregate that I'm not concerned at all about the implications. Search and e-mail tracking is orders of magnitude more scary, and not many people seem too worried about that.
Click to expand...

This pretty much sums up how I feel about it. I'm trying it out, though my ISP DNS servers really seem to be fine.
 
Yea, definitely flashy domain ownership. But I'm with you StoneCat, OpenDNS all the way. I guess having a family changes one's opinion on this whole content filtering thing.

Other than that, I'd stick with my ISP or or the Level 3 Anycast DNS as I'd bet that's faster and more reliable.

But I'm not one of those people who think this is some Evil-Google-Plot. I mean isn't it in their best interest to provide as safe and secure web experience for everyone?
 
With Google's antics in the past, they're far from the "Do No Evil" slogan they came up with when they first launched.

So I'm a bit leery about giving them this kind of data freely without some sort of contract that ensures me they won't use it, etc, etc, etc...
 
Well after running some speed tests the Google DNS servers are mediocre at best. They get owned by L3, which is a bit slower than OpenDNS, which is slower than my ISP's DNS.

Luckily my ISP does a good job, so I use them with OpenDNS as a backup just in case.
 
My ISP's (ATT) DNS servers have had troubles in the past, so I'm using OpenDNS now. Never had issues with them.
 
OpenDNS is pretty good. But I don't really like the way it hijacks error pages and such. It also causes some issues with Outlook Anywhere. Yes you can get around it but it's a pain if they are going to more than 1 server or something.

We primarily use the EasyDNS open resolvers: http://dnsresolvers.com/ Very fast, very reliable. No frills DNS, that's what I like.

Then we use the SonicWALLs we deploy to provide basic content filtering, which is better than simple DNS filtering.

So with this Google offering, we may switch from using EasyDNS to Google DNS.
 
TechieSooner said:
So I'm a bit leery about giving them this kind of data freely without some sort of contract that ensures me they won't use it, etc, etc, etc...
Click to expand...

It's called their privacy policy, which is legally binding. If you use Google for anything else, they already have tons more data on you. Knowing that your IP wanted to resolve a certain domain name is very minor in the grand scheme of things. Yes, it could be somewhat revealing in some cases, but keep in mind that it's simply domain names and IPs. Especially if you found that domain name via a Google search, you're not telling them anything they didn't already know. OpenDNS already does logging similar to Google's, plus they correlate it to your account if you have one (which Google doesn't do).
 
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4

All you need to know.
 
I am going to keep OpenDNS. I like to keep my systems diversified. Relying too much on a single company is always a bad idea, especially with Google's track record for stability and security. I mean I've lost count of how many times Google Apps log in servers have gone down over the past year.
 
vertices said:
OpenDNS is pretty good. But I don't really like the way it hijacks error pages and such. It also causes some issues with Outlook Anywhere. Yes you can get around it but it's a pain if they are going to more than 1 server or something. .
Click to expand...

What issues have you had with Outlook over http? I live by that..wherever I go, at clients sites, at home..my Outlook over http works well at all locations.

The error pages for typos in URLs never bothered me...it's not OpenDNS's fault you did a typo. You look at that, or cannot display page, or one of the registration squatters pages.
 
It works like this. Outlook Anywhere will always first try to connect to the local host name of the exchange server, such as myexchsrvr.mylocaldomain.local. This is usually not resolvable on the public internet, so Outlook then attempts to use the public FQDN, which it can connect to. And then you have Outlook functioning. It first must fail on the local host name.

Since OpenDNS sees this first failed lookup, you get a certifcate error everytime you open Outlook if you are using OpenDNS. It jumps on the failed lookup, that Outlook is really designed to do. The cert is an OpenDNS cert, which highly confused me at first. It then works, but you do get a cert error which is bad when you are trying to teach users proper security measures.

The workaround is to ensure that you are coming from a properly setup OpenDNS account that has the local hostname of all Exchange servers you might be connecting to listed as exclusions. Then you don't get the cert error.

http://forums.opendns.com/comments.php?DiscussionID=241

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24936021.html

They whitelisted autodiscover but unless your local host name of your exchange server is autodiscover, this won't help much. It's not the autodiscover lookup that causes the error.

It's just annoying. I really don't like it.

And as far as the references to 4.2.2.X DNS servers, I've often had very slow responses from those servers. They really aren't that great. OpenDNS or EasyDNS, or I'm sure Googles new servers are much faster.
 
Huh....I don't get that error on my setups. I setup an a-record pointing to the WAN IP of the network, I import the certificate into trusted, and then I setup Outlook...outside of the network, resolving to the a-record I made.

I have several clients setup with WANs...and the remote satellite offices have Outlook running over http, and I always use OpenDNS as my DNS forwarders..even under DNS service of their DCs.

//opens up Outlook 2K7 on his laptop on home network, ...types in password...BAM...opens right up!
 
keenan said:
Nice to see someone providing a well provisioned public DNS resolver. 4.2.2.1 and friends are great...

Google is just providing a proper, unadulterated DNS service...

...It's good to see a company with the resources and know-how openly provide a proper DNS service...

...Search and e-mail tracking is orders of magnitude more scary, and not many people seem too worried about that.
Click to expand...

hmm... check out what happened to this poor chap [here] with google docs...

if we can't trust google who can we trust??? ;)

no company is benevolent...
 
amd_ftw said:
no company is benevolent...
Click to expand...
That's true, and as a matter of fact the best you can hope for is a company which is both extremely wise and extremely greedy. We know google is greedy, now we just need to see how wise they are.

I'll give their DNS servers a go, see how things work out.
 
I'm thinking that I'm sticking with openDNS too. Google has enough of my info with the HTC hero, Google apps and another Google account.
Posted via [H] Mobile Device
 
OpenDNS works well with me. It's easy and simple to use. No deep geek degree is needed to leave you senseless. (that's a lot of e's to type) :D
 
I tried them, but they're much slower than Level 3 or OpenDNS. I've used Level 3 for awhile, but just switched back to Open because it's faster.
 
OpenDNS user here also. But am trying out google for testing purposes.

As to concerns about tracking usage data - using my stock ISP dns (Comcast) will do the same thing plus Comcast has my full subscriber info to cross reference the usage info to where as OpenDNS or Google don't. So I would worry less about the free DNS tracking you and more about what your ISP is doing with your all of personal and usage data combined.
 
YeOldeStonecat said:
Huh....I don't get that error on my setups. I setup an a-record pointing to the WAN IP of the network, I import the certificate into trusted, and then I setup Outlook...outside of the network, resolving to the a-record I made.

I have several clients setup with WANs...and the remote satellite offices have Outlook running over http, and I always use OpenDNS as my DNS forwarders..even under DNS service of their DCs.

//opens up Outlook 2K7 on his laptop on home network, ...types in password...BAM...opens right up!
Click to expand...

Damnit I just loss a massive post somehow. :(

You are doing something weird with your setups I suspect. You have the same a-record on the inside and outside or something?

Try https://sdfh4dlkjhsdkjfghsdlkjfhsd.com

notice the cert error even though the site doesn't exist?

then try http://sdfh4dlkjhsdkjfghsdlkjfhsd.com

no error, just a list of junk

It's just how OpenDNS works. I have no idea how it's not giving you that error. The self signed cert you use shouldn't really be different from the official certs we use.

Outlook will always try to go to the local host name of your exchange server first. Even if set to always use HTTP.
 
You must log in or register to reply here.
Back
Top