[dns-operations] Capturing Traffic

Carlos M. Martinez carlosm3011 at gmail.com
Tue Feb 26 13:32:57 UTC 2013

<Rant alert>

Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't
excuse ISPs border filtering requests or spoofing

What happened to personal responsibility by the way? Do we really want
our ISPs to nanny us just in case Big Evil Google data mines my DNS
queries ? Why can't people make their own decisions and face the
consequences ?

Maybe the next step is to deep-packet-inspect HTTP to filter tracking
cookies too ? Just in case <Insert Evil Corp Here> does <Insert Evil
Action Here> ?

Again, IMO, it's a very slippery slope, and a dangerous one.



On 2/25/13 10:17 PM, Robert Edmonds wrote:
> Noel Butler wrote:
>> and putting tin foil hat on now :)  it would log those requests, and who
>> knows what google does with that data, it sure as hell doesnt do it for
>> the goodness of the planet, there is a commercial reason behind every
>> decision and service they provide.
> yes, who knows what google is doing with all that data.  they would
> never tell us that.
>     https://developers.google.com/speed/public-dns/privacy
>     [...]
>     Google Public DNS stores two sets of logs: temporary and permanent.
>     The temporary logs store the full IP address of the machine you're
>     using. We have to do this so that we can spot potentially bad things
>     like DDoS attacks and so we can fix problems, such as particular
>     domains not showing up for specific users.
>     We delete these temporary logs within 24 to 48 hours.
>     In the permanent logs, we don't keep personally identifiable
>     information or IP information. We do keep some location information
>     (at the city/metro level) so that we can conduct debugging, analyze
>     abuse phenomena. After keeping this data for two weeks, we randomly
>     sample a small subset for permanent storage.
>     We don't correlate or combine information from our temporary or
>     permanent logs with any personal information that you have provided
>     Google for other services.
>     Finally, if you're interested in knowing what else we log when you
>     use Google Public DNS, here is the full list of items that are
>     included in our permanent logs:
>     * Request domain name, e.g. www.google.com
>     * Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6
>     record), NS, MX, TXT, etc.
>     * Transport protocol on which the request arrived, i.e. TCP or UDP
>     * Client's AS (autonomous system or ISP), e.g. AS15169
>     * User's geolocation information: i.e. geocode, region ID, city ID,
>     and metro code
>     * Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
>     * Whether the request hit our frontend cache
>     * Whether the request hit a cache elsewhere in the system (but not in
>     the frontend)
>     * Absolute arrival time in seconds
>     * Total time taken to process the request end-to-end, in seconds
>     * Name of the Google machine that processed this request, e.g.
>     machine101
>     * Google target IP to which this request was addressed, e.g. one of
>     our anycast IP addresses (no relation to the user's IP)

More information about the dns-operations mailing list