Google has its own DNS service, slipping its tentacles into yet another fundamental aspect of online life. How bad can it be?
Google recently unveiled its Public DNS service. Like OpenDNS, it allows you to bypass your ISP's DNS servers. Unlike OpenDNS, it is managed by Google.
Sterling Camden, TechRepublic's IT Consulting guru, asked me whether this raises any particular security red flags for me. I think he might have been asking it facetiously, because the obvious answer is that it could allow Google to track your DNS requests. DNS is what tells your browser (for instance) what IP address it wants when you give it a domain name (such as google.com) to look up, and anyone whose DNS server you use for such lookups can track what domains you try to resolve if he or she wants to. At minimum, it can track DNS requests by associating them with the requesting IP address, and if you use Google Public DNS, you are putting some trust in Google's hands that it will not gather information on your online behavior in a way that can be traced back to you, or at least that it will not abuse such information or sell it to someone who will abuse it. Of course, maybe he wasn't facetious, and wanted to know if there were any other dangers that jumped out at me.
I rather strongly suspect that Google will not ever sell this information without anonymizing it first, at the very least, and the Google Public DNS FAQ page promises to delete all information it collects after 24 hours. The Internet giant may well use that information to make its ad targeting more accurate, however, just as it has with the contents of our emails handled by its GMail service. It also may just provide faster DNS service, which does benefit Google because the faster you can browse the Web the more Google ads you will see -- and, maybe, the more Google ads you will click.
There are some potential security benefits to using something like Google Public DNS. Google helpfully provides some explanation of some of these benefits, at its Public DNS Security Benefits page, so we need not belabor them here. In many respects, it seems that Google is doing this right in a way we simply cannot always expect our ISPs to do things right.
That leads to another reason this might be a good thing. If you think you cannot trust Google with your DNS request history, you really should think twice about trusting at least most ISPs. Consider, if nothing else, the fact that your ISP has a lot more information about you than just your IP address, regardless of whether you also have a GMail account -- including financial information, physical address and telephone number, name, age, gender, credit card information, and so on. One breach in security at Google -- an event most would consider highly unlikely -- could be no more damaging than revealing your browsing habits. The same at your ISP, on the other hand, could tell an attacker pretty much everything about you that is stored on almost any computer outside your home. Regardless of how much you distrust Google, you might want to ask yourself whether you at least trust it more than Comcast.
Still . . . the very fact of Google sliding its tentacles into yet another fundamental facet of online life might be enough to send a chill up your spine. The DNS addresses Google is using are 188.8.131.52 and 184.108.40.206, but Sterling suggested that maybe 220.127.116.11 is more appropriate. I quipped that 18.104.22.168 is reserved for Microsoft's use, but things do start feeling a little Orwellian when one considers how pervasively Google influences the Internet, at many levels.
I will not let that stop me from playing with Google Wave, though, and Google has done a lot of good for security with a number of tools (like RatProxy and Keyczar) it has released to the public under copyfree licenses.
There are many reasons to be grateful to, and perhaps fearful of, Google. How things balance out is up to you, in the end -- as is everything else about your security.