# Hands On with Google's Public DNS



## Gauravs90 (Dec 5, 2009)

DNS is the switchboard of the internet: Type in a text URL like www.thinkdigit.com, and it finds the numeric IP address to get you there. Google, which seems to be releasing something in just about every consumer-facing software space, has now entered this behind the scenes networking space with its new Google Public DNS. I set up a couple of PCs using Google Public DNS, both inside and outside of our corporate network, to see if there was any real advantages to using Google's DNS servers. The results were mixed, although Google DNS did offer some benefits that neither your default DNS server or competitor OpenDNS do.

*Why Google DNS?*
When I saw that Google had begun offering a free Public DNS service, I had two thoughts: one, that Google wanted to thwart ISPs' common practice of intercepting mistyped URLs with a page of ads; and two, that Google intended to gather still more and more data on the Internet usage habits of the world's users. 


Google has partially dispelled both of these concerns, claiming only to store data tied to particular users for a short time, and only anonymized, aggregated data on a permanent basis.


The benefits of using this DNS service, according to Google, are speed and security, with a minor benefit of avoiding the redirection alluded to above. The company's blog post claims that it provisions its DNS servers more robustly, making them resistant to DoS attacks; provides better cache and server load-balancing; and uses geographically distributed servers. The last really won't be an advantage over an ISP's own DNS servers, but will over other public servers. Your ISP's location will most likely be physically closer to you than the Google server. 

To address security threats, Google has implemented a few strategies, such as validity checking, adding entropy to requests through randomization, and rate-limiting queries to prevent crippling denial-of-service attacks. Unlike the other big public DNS server, OpenDNS, Google doesn't filter phishing sites and block the domains of known malware-distributing sites. (The last feature is only in the paid version of OpenDNS.) OpenDNS also lets you specify sites to block, and lets you create URL shortcuts and can correct address typos. 


I set up a couple of machines, both inside and outside our corporate network, to see if there was any real advantages to using Google's DNS servers. I'll take you through the setup and run some speed tests to see whether the new service lives up to its claims of a faster Web experience. 

*Setting up the Google DNS Service on your computer*
Google's page on the Public DNS service gives instructions on how to implement this service, but there are a couple of key considerations to keep in mind. You should change the DNS entry on your router, rather than the PC, if you're using a router. That way, any machines you add to your local network will use your chosen DNS server. On one test setup, I found that setting the DNS server on the PC didn't actually change the mistyped-URL site behavior, while changing it on the router did. 


Second, you shouldn't use this for your work PC, because it could interrupt or slow down your network access, as it did for me, at least temporarily. It also took down my Outlook/Exchange e-mail. And nothing is as fast as an on-site DNS server, which most companies use. Note too, that Google's DNS doesn't work for Internet Protocol Version 6, which even Google admits as being a key to the growth of the Internet. 


To set up your system to use Google DNS, the best way is to adjust your router's DNS settings. Type in your router's IP address. (If you don't know it, one way is to enter a command line prompt from Windows, then type "ipconfig" and look at the IP address for the router.) You'll need to enter your router's username and password. Then, hunt down the DNS screen, as our slideshow indicates.  _*Be sure and note your existing DNS settings, and write them down.*_ Then enter 8.8.8.8 as the Preferred DNS server and 8.8.4.4 as the alternate DNS server. Your router will probably need to reboot, which will sever your Internet connection momentarily. If it doesn't connect, restore your old DNS addresses you copied down. 


(Another method you can use in Windows 7 and Vista: Open the Control Panel, choose Network and Internet, then Network and Sharing, then "Change adapter settings" on the left panel in Windows 7 or "Manage Network Connections" in Vista. In XP, just go to Control Panel | Network Connections. Find your network adapter in the resulting dialog, right-click it, and choose Properties. In this dialog, highlight Internet Protocol Version 4, and click the Properties button. In the bottom half of this dialog, click the "Use the following DNS server" button, and enter 8.8.8.8 as the Preferred DNS server and 8.8.4.4 as the alternate DNS server.) 



*Does it change search results for mistyped URLs?*
I was pleased to see that changing your DNS server to Google's didn't redirect to search results when I typed a nonexistent URL. To test this, try typing a nonsense address like "www.adfdfsiuio.com" and see if your ISP hijacks the bad URL to its own search results. Some browsers will display a page from the default search provider: In Internet Explorer, I got a Bing "not found" page and in Chrome I got a page suggesting I search with Google, but in Firefox, I got a simple "Server not found" error: the correct result!   
*Is Google DNS faster?*
Google claims that its DNS service is faster than others, so I tested by running the nslookup command at the command line in a simple batch file that also displays start and finish times to see how long it takes to complete using a specified DNS server's address. I tested on a PC located in New York City using Verizon as the ISP. 


The differences are in tenths and hundredths of a second, but over the course of a day's Web surfing, that can add up, especially for sites that require multiple DNS lookups. I noticed that more obscure sites, such as www.atomische.com, took longer than popular sites on the first try—since the DNS server being used would have to fetch the IP address from another authoritative server the first time, and after that, my chosen DNS server would usually have cached the address, making subsequent lookups much quicker. Strangely, after this first lookup, the more obscure sites actually were faster than the popular ones. 


Here are my results: 
 Regular ISP Connected Machine (Seconds to  URL lookup) 
        *img704.imageshack.us/img704/3166/62015304.jpg

Another way to check speed is to use FastNext.com's DNS timing test. I tested this with my three DNS server on several sites as well, and the differences were even less significant than my test with nslookup: 
         *img704.imageshack.us/img704/5130/45594989.jpg


I can't imagine the vast majority of users will bother changing their DNS settings, or even know what they are—unless of course they're peeved by their ISP hijacking "not found" pages with unwanted search results. That's one nice, if minor, benefit of Google DNS. 


As far as the privacy of your surfing habits goes, either you trust that Google is doing what it says it is or you don't. Overall, I don't see speed as a reason to switch to Google DNS, as local ISP DNS servers will usually be adequate, and OpenDNS is marginally faster than either. Still, if you're given to tweaking your computer and suspect that you're not getting all the speed you could (and who doesn't, sometimes) you might want to point to a different DNS server. Personally, I'd recommend OpenDNS, based on my tests.


*www.pcmag.com/article2/0,2817,2356703,00.asp


----------

