[dns-operations] Capturing Traffic

Warren Kumari warren at kumari.net
Tue Feb 26 02:14:12 UTC 2013

On Feb 25, 2013, at 7:17 PM, Robert Edmonds <edmonds at isc.org> wrote:

> Noel Butler wrote:
>> and putting tin foil hat on now :)  it would log those requests, and who
>> knows what google does with that data, it sure as hell doesnt do it for
>> the goodness of the planet, there is a commercial reason behind every
>> decision and service they provide.

So, yes, there is a commercial reason -- Google makes basically all its money from folk using the Internet.
While things have been improving, a large number of ISPs were providing very poor recursive DNS services for their users -- DNS is seen simply as a cost and not as a revenue stream, and so they were often oversubscribed and / or not reliable (and / or would lie).

Poor DNS performance leads to a substantially degraded user experience (sometime have a look to see how many DNS resolutions something like the CNN main page requires) -- poor user performance leads to users using the Internet less, which leads to Google not making as much money.

Now I realize that lots of folk would prefer to believe that there is something more nefarious happening (and there is nothing really that I can say to change that) but I figured I should at least try explain why Google provides this...

> yes, who knows what google is doing with all that data.  they would
> never tell us that.
>    https://developers.google.com/speed/public-dns/privacy

Yup, thank you, Robert.

>    [...]
>    Google Public DNS stores two sets of logs: temporary and permanent.
>    The temporary logs store the full IP address of the machine you're
>    using. We have to do this so that we can spot potentially bad things
>    like DDoS attacks and so we can fix problems, such as particular
>    domains not showing up for specific users.
>    We delete these temporary logs within 24 to 48 hours.
>    In the permanent logs, we don't keep personally identifiable
>    information or IP information. We do keep some location information
>    (at the city/metro level) so that we can conduct debugging, analyze
>    abuse phenomena. After keeping this data for two weeks, we randomly
>    sample a small subset for permanent storage.
>    We don't correlate or combine information from our temporary or
>    permanent logs with any personal information that you have provided
>    Google for other services.
>    Finally, if you're interested in knowing what else we log when you
>    use Google Public DNS, here is the full list of items that are
>    included in our permanent logs:
>    * Request domain name, e.g. www.google.com
>    * Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6
>    record), NS, MX, TXT, etc.
>    * Transport protocol on which the request arrived, i.e. TCP or UDP
>    * Client's AS (autonomous system or ISP), e.g. AS15169
>    * User's geolocation information: i.e. geocode, region ID, city ID,
>    and metro code
>    * Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
>    * Whether the request hit our frontend cache
>    * Whether the request hit a cache elsewhere in the system (but not in
>    the frontend)
>    * Absolute arrival time in seconds
>    * Total time taken to process the request end-to-end, in seconds
>    * Name of the Google machine that processed this request, e.g.
>    machine101
>    * Google target IP to which this request was addressed, e.g. one of
>    our anycast IP addresses (no relation to the user's IP)
> -- 
> Robert Edmonds
> edmonds at isc.org
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

American Non-Sequitur Society; 
we don't make sense, but we do like pizza!

More information about the dns-operations mailing list