[dns-operations] Capturing 184.108.40.206 Traffic
warren at kumari.net
Tue Feb 26 02:14:12 UTC 2013
On Feb 25, 2013, at 7:17 PM, Robert Edmonds <edmonds at isc.org> wrote:
> Noel Butler wrote:
>> and putting tin foil hat on now :) it would log those requests, and who
>> knows what google does with that data, it sure as hell doesnt do it for
>> the goodness of the planet, there is a commercial reason behind every
>> decision and service they provide.
So, yes, there is a commercial reason -- Google makes basically all its money from folk using the Internet.
While things have been improving, a large number of ISPs were providing very poor recursive DNS services for their users -- DNS is seen simply as a cost and not as a revenue stream, and so they were often oversubscribed and / or not reliable (and / or would lie).
Poor DNS performance leads to a substantially degraded user experience (sometime have a look to see how many DNS resolutions something like the CNN main page requires) -- poor user performance leads to users using the Internet less, which leads to Google not making as much money.
Now I realize that lots of folk would prefer to believe that there is something more nefarious happening (and there is nothing really that I can say to change that) but I figured I should at least try explain why Google provides this...
> yes, who knows what google is doing with all that data. they would
> never tell us that.
Yup, thank you, Robert.
> Google Public DNS stores two sets of logs: temporary and permanent.
> The temporary logs store the full IP address of the machine you're
> using. We have to do this so that we can spot potentially bad things
> like DDoS attacks and so we can fix problems, such as particular
> domains not showing up for specific users.
> We delete these temporary logs within 24 to 48 hours.
> In the permanent logs, we don't keep personally identifiable
> information or IP information. We do keep some location information
> (at the city/metro level) so that we can conduct debugging, analyze
> abuse phenomena. After keeping this data for two weeks, we randomly
> sample a small subset for permanent storage.
> We don't correlate or combine information from our temporary or
> permanent logs with any personal information that you have provided
> Google for other services.
> Finally, if you're interested in knowing what else we log when you
> use Google Public DNS, here is the full list of items that are
> included in our permanent logs:
> * Request domain name, e.g. www.google.com
> * Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6
> record), NS, MX, TXT, etc.
> * Transport protocol on which the request arrived, i.e. TCP or UDP
> * Client's AS (autonomous system or ISP), e.g. AS15169
> * User's geolocation information: i.e. geocode, region ID, city ID,
> and metro code
> * Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
> * Whether the request hit our frontend cache
> * Whether the request hit a cache elsewhere in the system (but not in
> the frontend)
> * Absolute arrival time in seconds
> * Total time taken to process the request end-to-end, in seconds
> * Name of the Google machine that processed this request, e.g.
> * Google target IP to which this request was addressed, e.g. one of
> our anycast IP addresses (no relation to the user's IP)
> Robert Edmonds
> edmonds at isc.org
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
American Non-Sequitur Society;
we don't make sense, but we do like pizza!
More information about the dns-operations