Use Google DNS to Speed Up Your Internet!

Posted on September 6, 2010 by administrator

In Dec 2009, Google launched a DNS resolving service called Google Public DNS that uses Google’s infrastructure to improve page loading time. A DNS resolver converts domain names into IP addresses and this process might slow down browsing. Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider.

As the web continues to grow, greater load is placed on existing DNS infrastructure. Since Google’s search engine already crawls the web on a daily basis and in the process resolves and caches DNS information, Google wanted to leverage its technology to experiment with new ways of addressing some of the existing DNS challenges around performance and security.

You can replace your ISP’s DNS service with Google Public DNS by changing the settings of the network connection and using the following IP addresses:

8.8.8.8

8.8.4.4

The DNS protocol is an important part of the web’s infrastructure, serving as the Internet’s phone book: every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they start loading, so your computer may be performing hundreds of lookups a day.

By using Google Public DNS you can:

  • Speed up your browsing experience.
  • Improve your security.
  • Get the results you expect with absolutely no redirection.

OpenDNS, a popular third-party DNS resolving service, offers more feature than Google Public DNS: web content filtering, stats, typo correction, shortcuts, but they’re available if you create an account and enter personal information like your name and address. When you type an invalid URL, OpenDNS redirects you to its own search engine to show suggestions and ads. Other free DNS resolution services: Comodo Secure DNS, OpenNIC, DNS Advantage.

Speeding Up Your Internet

Google Public DNS has implemented several approaches to speed up DNS lookup times:

  • Provisioning servers adequately to handle the load from client traffic, including malicious traffic.
  • Preventing DoS and amplification attacks. Although this is mostly a security issue, and affects closed resolvers less than open ones, preventing DoS attacks also has a benefit for performance by eliminating the extra traffic burden placed on DNS servers.
  • Load-balancing for shared caching, to improve the aggregated cache hit rate across the serving cluster.
  • Prefetching name resolutions, to overcome the limits of conventional, passive caching and aim to serve the majority of requests out of cache. We are experimenting with a DNS prefetching technique which we think offers a significant opportunity for DNS speed-up. Below, we give an overview of the benefits, limitations, and challenges in implementing prefetching, and how we hope to meet those challenges with additional techniques such as traffic prioritization and cache partitioning.
  • Providing global coverage for proximity to all users.

Improving Internet Security

Because of the open, distributed design of the Domain Name System, and its use of the User Datagram Protocol (UDP), DNS is vulnerable to various forms of attack. Public or “open” recursive DNS resolvers are especially at risk, since they do not restrict incoming packets to a set of allowable source IP addresses. We are mostly concerned with two common types of attacks:

  • Spoofing attacks leading to DNS cache poisoning. Various types of DNS spoofing and forgery exploits abound, which aim to redirect users from legitimate sites to malicious websites. These include so-called ”Kaminsky attacks”, in which attackers take authoritative control of an entire DNS zone.
  • Denial-of-service (DoS) attacks. Attackers may launch DDoS attacks against the resolvers themselves, or hijack resolvers to launch DoS attacks on other systems. Attacks that use DNS servers to launch DoS attacks on other systems by exploiting large DNS record/response size are known as amplification attacks.

Google Public DNS recommends the following approaches for increased security:

  • Securing your code against buffer overflows, particularly the code responsible for parsing and serializing DNS messages.
  • Overprovisioning machine resources to protect against direct DoS attacks on the resolvers themselves. Since IP addresses are trivial for attackers to forge, it’s impossible to block queries based on IP address or subnet; the only effective way to handle such attacks is to simply absorb the load.
  • Implementing basic validity-checking of response packets and of nameserver credibility, to protect against simple cache poisoning. These are standard mechanisms and sanity checks that any standards-compliant caching resolver should perform.
  • Adding entropy to request messages, to reduce the probability of more sophisticated spoofing/cache poisoning attacks such as Kaminsky attacks. There are many recommended techniques for adding entropy, including randomizing source ports; randomizing the choice of nameservers (destination IP addresses); randomizing case in name requests; and appending nonce prefixes to name requests. Below, we give an overview of the benefits, limitations, and challenges of each of these techniques, and discuss how we implemented them in Google Public DNS.
  • Removing duplicate queries, to combat the probability of “birthday attacks”.
  • Rate-limiting requests, to prevent DoS and amplification attacks.
  • Monitoring the service for the client IPs using the most bandwidth and experiencing the highest response-to-request size ratio.

In addition, Google Public DNS’ prefetching system, provides fringe security benefits:

  • Strictly prioritize prefetch traffic above user traffic, thereby rate-limiting traffic to nameservers.
  • Partition caches according to the type of traffic, preventing attackers from writing garbage entries to the prefetch cache; and preventing the prefetch system from reading poisoned delegations from the user cache.
  • Keep enough popular names in the cache to satisfy most user queries, continuing to serve users even when under attack.

So Google’s all new DNS is faster and more secure.  So go ahead and change your DNS in your network connection settings to following IP’s:

8.8.8.8

8.8.4.4

And Enjoy a faster and more secure Internet!

Thank you Google!!

This entry was posted in Internet. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>