# Google launches Google Public DNS (with warning!)



## DutchDaemon (Dec 3, 2009)

There already is OpenDNS, and now there is Google Public DNS. Google promises _not_ to redirect or intercept any DNS lookup (as opposed to OpenDNS) whether it succeeds or fails. Here is the associated privacy policy. 

See post #8 for a serious warning about using this service.


----------



## graudeejs (Dec 3, 2009)

Call me paranoid, but Google is taking over the world..... slowly.....


----------



## DutchDaemon (Dec 3, 2009)

I think you're wrong.

It's not slowly.


----------



## oliverh (Dec 3, 2009)

Maybe we see the advent of a new evil empire ;-)


----------



## aragon (Dec 3, 2009)

Isn't the whole point of distributed DNS to maintain speed and resilience?  Kudos to google for thinking up cache prefetching, but I think the world would be better served by the code rather than their service.


----------



## graudeejs (Dec 3, 2009)

Soon we'll pay Google license fee for using dns


----------



## DutchDaemon (Dec 3, 2009)

Well, Google's datacenters are pretty well distributed globally, so you can assume that their DNS servers have speed and resilience. The 8.8.x.x IP addresses are simply routed to the nearest host by the nearest BGP router. They're < 20 ms from me anyway (probably AMS-IX and/or UK/Ireland).


----------



## DutchDaemon (Dec 3, 2009)

Ok, first *major* (and to me: fatal) error found: Google Public DNS appears to filter out any replies that start with 127.x.x.x, except 127.0.0.2. Logical as that may sound (it's not a publicly routable network), all spam blacklists (Spamhaus, etc.) use 127.x.x.x return codes on queries that are 'hits' (i.e. spam IP addresses). A lot of them do not only use 127.0.0.2 to report a 'hit', but also 127.0.0.3 and up to report different kinds of hits (like on combined blacklists like zen.spamhaus.org). All of these 'higher numbered hits' fail.

*Spamhaus case (uses 127.0.0.x return codes):*

*Using Google DNS:*

```
# dig A 193.97.250.77.zen.spamhaus.org +short
(nada)
```

*Not using Google DNS:*

```
$ dig A 193.97.250.77.zen.spamhaus.org +short
127.0.0.[B]11[/B]
```

*SpamCop case (uses 127.0.0.2 return codes):*

*Using Google DNS:*

```
# dig A 206.115.50.94.bl.spamcop.net +short
127.0.0.2
```

So if you're using _any_ form of 'multiple return code' blacklisting (SpamAssassin with DNS blacklists, milters with DNS blacklists, etc.), do _not_ use Google Public DNS or you're likely to get hit with spam.


----------



## graudeejs (Dec 3, 2009)

Which reminds me little off topic...
http://www.google-watch.org/gmail.html
especially section "Privacy: Not enough, and too much!"

ye, i'm using gmail as well, but only because I can't find any free imap mailbox



EDIT:
It looks like google is supporting spammers


----------

