Google Offers Public DNS

December 5, 2009

I’ve talked here before about some of Google’s initiatives to make the Web easier to use and to attract a wider audience, including the Chrome OS, the Chrome Frame plug-in for Internet Explorer, and the proposed new SPDY protocol.  Google, of course, makes its money from selling Internet advertising, so getting more people to use the Web more often is very much in its interest.

This past Thursday, Google announced another initiative to improve the Web browsing experience, the introduction of a Public DNS service.   DNS, the Domain Name System, is one of the fundamental building blocks of the Internet.  It translates a human-readable domain name into the numeric IP address that is actually understood by routers and other parts of the Internet’s “plumbing”.   Here is a simple example of using the DNS with the Linux  host(1) command:

rgibbs@rich90:~$ host has address mail is handled by 20 mail is handled by 10

The DNS database also contains other information used for message routing; for example, it specifies where E-mail for a given domain should be sent, as in the last two lines above.  Every time you access a Web page, or send an E-mail via the Internet, you are making use of the DNS.

Access to DNS servers is generally provided by your ISP, and is, more or less, a “set and forget” bit of configuration data.  However, there are a few problems that users sometimes experience:

  • DNS is just a piece of necessary infrastructure from the ISP’s point of view.  Although most ISPs seem to do a pretty good job of maintaining their DNS servers, in a few cases those servers can get bogged down as traffic grows, or can have odd configuration glitches.
  • Some ISPs (names will be omitted to protect the guilty) have tried to use the DNS as a source of revenue, by redirecting users who mistype a domain name to (sometimes sleazy) advertising pages.
  • The DNS, like many of the other original Internet protocols, was not designed with an emphasis on security.  So it is susceptible to various attacks, notably DNS cache poisoning, which the Bad Guys can use to direct the user to a bogus version of a real domain.

The load on the DNS has also been steadily increasing, both because more and more people are using the Internet, and because Web pages are becoming more complicated, with external links for things like images, advertisements, and embedded video.  As Google says,

The average Internet user ends up performing hundreds of DNS lookups each day, and some complex pages require multiple DNS lookups before they start loading. This can slow down the browsing experience

Some people have expressed concern that this service gives Google another way to capture data about users’ browsing habits.  The company says it will only gather aggregate statistical data that cannot be linked to individuals. Google’s public DNS service will compete with some similar existing services; the best known is OpenDNS, which has gained some popularity because it allows its offering to be customized (e.g., to block porn sites).  From a technical point of view, it will be interesting to see if the Google service really can produce a meaningful increase in performance.

There are other articles on Google’s new Public DNS in the New York Times, Wired, and Ars Technica.

Adobe to Issue Patch, Tuesday

December 5, 2009

Next Tuesday, December 8, in addition to Microsoft’s regular monthly batch of security bulletins,  Adobe is planning to issue security updates for its Flash player and for Adobe AIR.  According to the preliminary security bullletin (APSB09-19), the updates will address critical security issues in these products:

  • Adobe Flash Player and earlier versions
  • Adobe AIR 1.5.2 and earlier versions

The Flash player is one of the most common software packages, on all platforms, generally installed as a browser plug-in.  (It is used, for example, to display video content from sites like YouTube.)  Although not much detailed information is available at this point, this is an update that you should install promptly.

%d bloggers like this: