Sunday, December 06, 2009

What took so long for Google Public DNS?

In 2008 when PayPal was complaining about Safari, I agreed with Jeremiah that the best solution to stop phishing attacks was at the infrastructure level, with DNS. OpenDNS seemed to be the only game in town that was performance optimized and had built-in phishing filtering.

In 2009 Apple released Safari 3.2 with anti-phishing filtering. I revealed I had switched to OpenDNS and had been using it for 3 months. That continued until about 3 months ago when I mistyped some domain name in Safari and saw one of those OpenDNS branded error page with search results and ads. I knew they were going to do this, but hadn't seen it before and was annoyed when it happened. So I switched back to the DNS servers that Comcast assigns via DHCP, but performance was abysmal. I hadn't decided yet if I was going back to OpenDNS or not, but then Google launched free Public DNS.

What took so long?
I'm really struggling to come up with a reason Google hadn't already launched Public DNS. Of all the products that Google has released as public betas, capturing DNS traffic seems like that most natural way to make search smarter. Even if a customer isn't using Google search, their search could still be getting smarter through intelligence on the DNS stream. Linksys et all will soon be putting Powered by [VENDOR] DNS stickers on them to monetize their default DNS. Now that Google's done it, how long before Microsoft Public DNS is launched? Or do they buy OpenDNS to get into the game quick. DNS Wars 1.0 has just begun. Amazing that such a "low-level" networking service, around since the dawn of Internet time, stagnant for so long, will now be a hotbed of competition and innovation.

Why did Google do this?
The main reason is that excellent DNS helps Google make more money. Google doesn't have to own DNS to get some benefits, but by guaranteeing and controlling quality DNS, here's what Google gets:

  • Fast Performance
    • Chrome OS only runs Web applications. Slow DNS means slow apps. As Jason Kottke reminded us, Google knows that as little as a .5 sec delay in page load speeds means a traffic drop of 20%.
  • Request Info Aggregation and Analysis
    • See the section on privacy
  • Name Resolution Security
    • Implementing it's own DNS allows Google to hook into their existing anti-phishing lists.
    • This guarantees below the application layer interception of malicious sites that people might accidentally be requesting. If all your apps are Web apps, this goes a long way to eliminating Web app malware.

More on performance
I ran 100,000 pings to Google's primary public DNS server, 8.8.8.8, and 100,000 pings to OpenDNS' primary public DNS server, 208.67.222.222, and these where the response times (all in milliseconds):

serverminavgmaxstddev
Google Public DNS16.82327.5783901.46542.118
OpenDNS10.23819.2523895.15843.579

Surprisingly, OpenDNS performs better than Google's Public DNS. If anyone would be able to create the fastest DNS, everyone would have put money on Google winning this. This does change the decision making process on which DNS to use. Use OpenDNS and get the fastest performance today, but accept redirection on error to an ad-laden page or go with Google for slower performance but no redirection (today) on error. It's a tough call, I may switch back to OpenDNS.

More on privacy concerns
First thing I thought when I read Rentzsch's blog post headline was that this was another opportunity for GOOG to gather information about you. Of course, Rentzsch links out to another blogger because this is probably the first thought on anyone's mind whenever Google launches anything. Then I read their privacy policy and it's reasonable. Of course Google is going to anonymize and combine all the information now flowing their way. But they are not going to route queries for unknown servers to Google Search, they let the browser take care of that. This is very smart because you can easily see how this could turn into a future antitrust concern. That is the power of owning a users' DNS, you can send people to wherever you want. But until Google does something evil, I have switched to their servers.

Conclusion
You have to admire the response from OpenDNS founder David Ulevitch about Google's entry in the market. And really, why should be be scared? OpenDNS will still be able to sell their service to companies that are Google-phobic. They have also just become a prime acquisition target of at least Microsoft, and possible Apple. Faster and safer DNS improves everyone's Internet experience, whether you believe in Web-only apps or connected device apps, everyone wins.