Yesterday, Google made a launch announcement about a new public DNS Service. I’ve been using OpenDNS for the past couple years, so any new DNS service is interesting for me. After poking around the Google Public DNS site for a bit, and running some tests locally, I decided to switch over to Google’s DNS. Here are the top five reasons:
While OpenDNS responses are technically valid, they go against the spirit of the DNS protocol. If a hostname doesn’t exist, the DNS server should return a negative response. OpenDNS strongly defends this as a ‘feature’, but when Verisign (the root dns server of .com, .net, etc..) enabled this same feature, it caused a complete shitstorm. To their defense OpenDNS does allow people to turn off this feature, but I couldn’t find out how to do this. You probably need to create an account and download some kind of client software.
They make TONS of money, and that’s kind of a slippery slope. They have lots of data about which queries generate the most revenue. So what’s to stop them from returning their landing page for valid hostnames which are high-earners. Yes this is cynical, and it probably won’t happen, but if they do it cautiously, nobody will really notice, and they’ll get a lot more more revenue.
Also related to 1), but I’d like to focus on software development. Lets say you’re writing software which interacts with hosts given some user input (i.e crawling a website, downloading content, sending e-mail, etc.). Undoubtedly there’s going to be user errors, and if you’re using OpenDNS, no matter what hostname you query, you’ll always get their server as a result.
Using OpenDNS:
>>> socket.gethostbyname("www.google-misspelled.com")
'208.67.219.132'
>>>Using GDMS:
>>> socket.gethostbyname("www.google-misspelled.com")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
socket.gaierror: [Errno -2] Name or service not known
>>>I’d definitely like to see an error or exception if I’m trying to reach an invalid host, or I’ll end up sending a lot of junk to opendns.
Google DNS seems really focused on Security and reducing the number of DNS-related threats. They go into much more detail here.