[dns-operations] After Google Mail, Google Docs, Google Wave... Google DNS

Douglas Otis dotis at mail-abuse.org
Fri Dec 4 20:00:05 UTC 2009


On Dec 4, 2009, at 9:17 AM, Stephane Bortzmeyer wrote:

> Indeed, one think that puzzles me about Google DNS: since the resolvers are far away from my machine and are anycasted (which complicates the detection of a hijacking), why didn't Google provide a way to secure the link with them (such as TSIG) ?

Chrome does aggressive prefetching of DNS , which more than doubles the amount of DNS traffic.  Google DNS is likely a public extension of an internal service aimed directly at improving performance.  Some users are addicted to speed as much as they are to strong coffee. :^)

Off-topic: Its about speed, much like in the saying, "time is money." 

Chrome OS offers four second cold boots, and a 1s awake from sleep.  Their DNS helps them outpace competitor browsers and searches, since the competition will not use Google DNS by default.

As BIOS bootkit malware takes advantage of industry wide code compression routines, one must wonder whether Chrome OS's inspection of their kernel is better able to detect these threats.  The answer is likely yes.  Few enterprise systems have the ability to write-protect onboard flash, or flash and hidden tracks within storage devices.  When 80% of all the systems within an enterprise can be 0wned within a day, these threats may mean only an operating system as thin as Chrome OS can be supported.  Perhaps Google wins through attrition of competent support having reasonable recovery strategies.  With respect to enterprise security, its worse that one might imagine, where many elect to continue operations while 0wned.

-Doug


More information about the dns-operations mailing list