Google Public DNS Servers Launched

by on December 3, 2009 · 33 comments· LAST UPDATED December 5, 2009

in , ,

Today, Google has announced the launch of their free DNS resolution service. Many ISPs and 3rd party provider such as OpenDNS snoops around or send traffic to ad servers. However, Google promises not to play with end users and send the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience. In other words Google will not hijacking your traffic on non-existent domain name and it will follow strict RFC standard.

From the blog post:

The DNS protocol is an important part of the web's infrastructure, serving as the Internet's "phone book". Every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they complete loading. As a result, the average Internet user performs hundreds of DNS lookups each day, that collectively can slow down his or her browsing experience.

Google DNS Server IP Addresses

The Google Public DNS IP addresses are as follows:
8.8.8.8
8.8.4.4

How Do I Add Google DNS Server IP Address Under Linux?

Simple edit the /etc/resolv.conf file and add above two ip address:

nameserver 8.8.8.8
nameserver 8.8.4.4

Save and close the file. Google do have clear cut privacy policy and speed also seems good to me as compare to my ISP. I guess the people at OpenDNS are going to be pi**ed by this.

Google DNS Server vs Your ISP Server

CDN servers will not work correctly and they will return a list close to Google's DNS servers.
host i.dell.com 8.8.8.8
Sample outputs:

Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
i.dell.com is an alias for img.dell-cidr.akadns.net.
img.dell-cidr.akadns.net is an alias for ccdn-global.dell.com.edgesuite.net.globalredir.akadns.net.
ccdn-global.dell.com.edgesuite.net.globalredir.akadns.net is an alias for a1058.g.akamai.net.
a1058.g.akamai.net has address 203.106.85.169
a1058.g.akamai.net has address 203.106.85.170

203.106.85.169 & 203.106.85.170 located somewhere in KUALA LUMPUR.
host i.dell.com 202.56.250.5

Using domain server:
Name: 202.56.250.5
Address: 202.56.250.5#53
Aliases:
i.dell.com is an alias for img.dell-cidr.akadns.net.
img.dell-cidr.akadns.net is an alias for ccdn-global.dell.com.edgesuite.net.globalredir.akadns.net.
ccdn-global.dell.com.edgesuite.net.globalredir.akadns.net is an alias for a1058.g.akamai.net.
a1058.g.akamai.net has address 122.166.109.9
a1058.g.akamai.net has address 122.166.109.11

122.166.109.9 & 122.166.109.11 located in India. This also applies to NTP pool servers.

Speed

Ping-pong timings:

  • Ping times (ISP dns servers) - 20ms
  • Ping times (Google dns servers) - 116ms
  • Ping times (OpenDNS servers) - 190ms

Resolving timings (use dig @dns-server.address domainname.com):

  • ISP DNS Server - 41 msec
  • Google DNS Server - 262 msec
  • OpenDNS server - 213 msec

In other words I will use my ISPs server instead of Google or OpenDNS due to speed issue and incorrect handling of CDN servers. If you own a small LAN, I recommend setting up a caching dns server called dnsmasq.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 33 comments… read them below or add one }

1 Travis Heinstrom December 3, 2009 at 10:02 pm

In virtually all cases, people’s ISP DNS servers will be faster.

I’m wondering what exactly google’s motive is behind their launch of this service.

Reply

2 Jim Gaudet December 3, 2009 at 10:13 pm

Thanks for the research on this. I have been using OpenDNS because the local DNS servers here in Costa Rica are really bad and go down all the time.

I can tell you so far, and this has only been a few hours, but my overall net speed is faster. Ping time is slower, but net speed faster. Weird…

:~D

Reply

3 Klaus Alexander Seistrup December 4, 2009 at 6:17 am

Fun enough, Google’s public resolvers won’t give you an IPv6 address for http://www.google.com:

$ dig aaaa www.l.google.com @8.8.8.8 +short
$

You have to go to other parties to find that:

$ dig aaaa www.l.google.com @2001:470:20::2 +short
2a00:1450:8005::69
2a00:1450:8005::63
2a00:1450:8005::68
2a00:1450:8005::93
2a00:1450:8005::6a
2a00:1450:8005::67
$

:)

Reply

4 nixCraft December 4, 2009 at 8:54 am

@Klaus, not really, google.com do not have ipv6. They’ve ipv6 at ipv6.google.com:

dig aaaa ipv6.google.com @8.8.8.8 +short

ipv6.l.google.com.
2001:4860:c004::68

dig aaaa cyberciti.biz @8.8.8.8 +short

2607:f0d0:1002:11::4

Reply

5 Klaus Alexander Seistrup December 4, 2009 at 9:05 am

@Vivek
I know that one, but that’s not what I’m looking for. I want to be able to look up the AAAA record for http://www.google.com (CNAME http://www.l.google.com) directly, and I cannot do that at Google’s public resolvers. I.e., what I want is the second scenario on the pic at http://www.google.com/intl/en/ipv6/ — and I can do just that by using 2001:470:20::2 as resolver…

Reply

6 Klaus Alexander Seistrup December 4, 2009 at 9:18 am

@Vivek

I’m aware of ipv6.google.com, but that’s not what I want. I want to be able to look up the IPv6 address of any Google service, and Google’s public resolvers wont let me do that.
Using 2001:470:20::2 as the resolver for anything in google.com gives me what I want.
See e.g. http://www.google.com/intl/en/ipv6/ for details.

Reply

7 Adi December 4, 2009 at 11:34 am

The reason for which Google gives you this service nice and clean even if it is a lot slower than more than 99% of ISP (even basic) DNS servers is quite clear for me:
DNS queries are very useful in building a very specific and accurate profile of a someone’s behavior on Internet; and this is extremely useful in all kinds of optimization for search engines (SEO) and Company and also is a very normal, obvious step to globalization (as in global control)…
All they have to do is convince you to use them; and it would not be very hard as many people consider Google services quite stable and “great” without thinking to what they give up in using them.
Corroborate this with other actions Google has taken in last years and you may see that even having Google as ISP anywhere in the world won’t be very hard to believe…. imagine only what can be obtained from analyzing all traffic a person / organization does! (this kind of analysis is already used for years in planing targeted hacking attacks for example)

Reply

8 mrfancypants June 21, 2010 at 11:32 pm

u know we dont have to REALLY worry if they are killing babies or making dogs eat old peoples food and old people eat the babies until there is suddenly no one posting aboput google’s destiny as the big brother stomping step dad who beats his wife and turns his own mother away on a cold winter night.

At that point I will thoroughly enjoy being able to say

“told ya so”
“I told you”
“told ya”
“didn’t I tell you”
“I told that to you”
“that was told to you by me”
“I did the telling of that to you”

and

“damn, shoulda moved to china where they knew the game and had a sporting chance….”

ps. told ya

Reply

9 nixCraft December 4, 2009 at 2:54 pm

@Klaus, I got your point. May be someone need to send an email to Google about this problem.

@ Adi, usually, ISP servers are overloaded and not optimized for caching purpose. However, Google is one of the biggest ad company too. So they do have some sort of interest tracking users.

Reply

10 Dudley van der Poll December 4, 2009 at 6:42 pm

I enabled open DNS after experiencing problems with my home internet connection, after upgrading to Ubuntu 9.10. It definitely improved things. I block the advertisements using adsweep etc via greasemonkey. The reason this article caught my attention are the comments by Vivek Gite. I started learning shell scripting because of his excellent tutorial. Thank you Vivek! I will not be using Googles DNS services yet till they have gone through the teething problems that all new things are prone to. Thanks once again Vivek!

Reply

11 Dudley van der Poll December 4, 2009 at 6:53 pm

My apologies. I just found out Vivek is the creator of this site! Anyway, keep up the good work!:)

Reply

12 vivek December 5, 2009 at 8:11 am

i was wondering that ISP’s can configure their routers to direct DNS requests to their own servers.

Reply

13 Andon December 5, 2009 at 3:08 pm

why not run ur own DNS server with ACL to accept 127.0.0.1 queries w/ recursion? (if u are running linux)

Reply

14 Yonit December 6, 2009 at 5:53 am

Hi Vivek,
will this break the CDN setup?
ie. give you the caching servers closer to google dns?
or will it just do the resolving from a DNS server closer to Google, and still give you the cache servers closer to you?

thanks,
Yonit

ps. – why did you take off the url part from your comments?

Reply

15 nixCraft December 6, 2009 at 4:42 pm

@Yonit,

Yes, you will get CDN server closer to Google dns server and not to your geo location. In other words user may get common media and steaming file slowly from cdn networks.

ps. – why did you take off the url part from your comments?

It will back later on. I’ve some problem with my custom made spam filters plugin and latest version of WP. This is a temporary situation. I Will update code later on ..

@Dudley, No problem!

@Andon, nice suggestion, DJB or bind caching is for small and large network. It will speed up queries.
HTH

Reply

16 Raihan_naufal December 15, 2009 at 3:27 am

Pertamaaax .. Gan!!!,

I will try …thanks for research opendns, I hope more smootly than ISP on my country yg agak lemot gitu loh <> :P

regards,

raihan_naufal

Reply

17 Aaqil Mahmood December 19, 2009 at 11:58 pm

I hate u everyone, cruel world listen to me, how can i block bad sites by category etc with Google DSN? Like I block in OpenDNS

Reply

18 Nilesh December 30, 2009 at 11:07 am

Does Google provide Phishing Protection, Filters, etc. like that of OpenDNS ?

iTech7.com | Explore Technology

Reply

19 Aaqil Mahmood December 30, 2009 at 12:43 pm

@Nilesh: Na, I am missing those things with Google DNS

Reply

20 Nobody December 30, 2009 at 1:15 pm

@Aaqil,

Are you a geeky desktop user? If so learn how to setup your own squid and SquidGuard blocking service.

OpenDNS has its own problem just like Google DNS server. Both of them sell your personal data and they do not have clear cut privacy policy.

Reply

21 Nilesh January 2, 2010 at 11:31 am

@Nobody-

If Google sells your private data then everybody should stop using Google.

iTech7.com | Explore Technology

Reply

22 Jesus Christ January 5, 2010 at 9:03 am

This great man

Reply

23 Jon January 22, 2010 at 9:34 pm

Comodo also offers free DNS, I think that if you care about privacy you should be using an external DNS and not your ISP.

Reply

24 Jasen May 25, 2010 at 11:36 am

DNS is cleartext ypur ISP can still read the traffic if they want.

Reply

25 kubrick January 26, 2010 at 9:21 am

The IP address is very easy to remember.
I think it’s the only advantage of this public DNS service.
My ISP DNS (Telefonica) is currently working faster.

Cheers!

Reply

26 fox May 21, 2010 at 6:03 am

I think if you care about privacy you would never ever want to use google DNS!
I’m pretty sure google will collect everything plus more about you and what domains you are resolving.

Reply

27 Fred Obvious May 22, 2010 at 6:11 am

Uh, no, they didn’t anounce this ‘today’.

They announced it in Dec of 2009 – its old news.

Reply

28 nixCraft May 22, 2010 at 7:48 am

This is old news; but I got some sort of problem with WP it is showing old feed item as new items.

Reply

29 Jasen May 25, 2010 at 11:42 am

google’s DNS outperforms my ISP on certain domains,
I think someone has dropped the ball.

jasen@gonzo:~$ host usmc.mil
usmc.mil has address 204.223.145.65
;; connection timed out; no servers could be reached
jasen@gonzo:~$ host usmc.mil 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

usmc.mil has address 204.223.145.65
usmc.mil mail is handled by 10 mx3.nmci.usmc.mil.
usmc.mil mail is handled by 10 mx4.nmci.usmc.mil.
usmc.mil mail is handled by 10 mx7.nmci.usmc.mil.
usmc.mil mail is handled by 10 mx8.nmci.usmc.mil.
usmc.mil mail is handled by 10 mx1.nmci.usmc.mil.
usmc.mil mail is handled by 10 mx2.nmci.usmc.mil.

send in the marines!

Reply

30 Nilesh May 27, 2010 at 4:31 am

Google DNS is not suitable if you want to filter out sites like OpenDNS. I’ll stick with OpenDNS until Google launches their filtering service. I don’t want to be a victim of phishing, etc. !

Reply

31 horis insurance October 3, 2010 at 11:26 pm

Possibly the greatest read that I read in my life???

Thurman

Reply

32 Sam December 16, 2010 at 9:51 am

Google may be good or evil but I’m in Vietnam right now and if I want access to Facebook I can either install Tor or I can use Google’s DNS. I think it’s nice, even if they actually get some financial benefit from it.

Reply

33 joe November 23, 2011 at 4:35 pm

will they have any restrictions on what websites we can visit and what content we can download?

Reply

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous post:

Next post: