[dns-operations] Capturing 8.8.8.8 Traffic

Tue Feb 26 13:32:57 UTC 2013

<Rant alert>

Google might be doing X,Y or Z with DNS data, but IMO, the fact doesn't
excuse ISPs border filtering requests or spoofing 8.8.8.8/8.8.4.4

What happened to personal responsibility by the way? Do we really want
our ISPs to nanny us just in case Big Evil Google data mines my DNS
queries ? Why can't people make their own decisions and face the
consequences ?

Maybe the next step is to deep-packet-inspect HTTP to filter tracking
cookies too ? Just in case <Insert Evil Corp Here> does <Insert Evil
Action Here> ?

Again, IMO, it's a very slippery slope, and a dangerous one.

cheers

~Carlos

On 2/25/13 10:17 PM, Robert Edmonds wrote:
> Noel Butler wrote:
>> and putting tin foil hat on now :)  it would log those requests, and who
>> knows what google does with that data, it sure as hell doesnt do it for
>> the goodness of the planet, there is a commercial reason behind every
>> decision and service they provide.
> 
> yes, who knows what google is doing with all that data.  they would
> never tell us that.
> 
>     https://developers.google.com/speed/public-dns/privacy
> 
>     [...]
> 
>     Google Public DNS stores two sets of logs: temporary and permanent.
>     The temporary logs store the full IP address of the machine you're
>     using. We have to do this so that we can spot potentially bad things
>     like DDoS attacks and so we can fix problems, such as particular
>     domains not showing up for specific users.
> 
>     We delete these temporary logs within 24 to 48 hours.
> 
>     In the permanent logs, we don't keep personally identifiable
>     information or IP information. We do keep some location information
>     (at the city/metro level) so that we can conduct debugging, analyze
>     abuse phenomena. After keeping this data for two weeks, we randomly
>     sample a small subset for permanent storage.
> 
>     We don't correlate or combine information from our temporary or
>     permanent logs with any personal information that you have provided
>     Google for other services.
> 
>     Finally, if you're interested in knowing what else we log when you
>     use Google Public DNS, here is the full list of items that are
>     included in our permanent logs:
> 
>     * Request domain name, e.g. www.google.com
> 
>     * Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6
>     record), NS, MX, TXT, etc.
> 
>     * Transport protocol on which the request arrived, i.e. TCP or UDP
> 
>     * Client's AS (autonomous system or ISP), e.g. AS15169
> 
>     * User's geolocation information: i.e. geocode, region ID, city ID,
>     and metro code
> 
>     * Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
> 
>     * Whether the request hit our frontend cache
> 
>     * Whether the request hit a cache elsewhere in the system (but not in
>     the frontend)
> 
>     * Absolute arrival time in seconds
> 
>     * Total time taken to process the request end-to-end, in seconds
> 
>     * Name of the Google machine that processed this request, e.g.
>     machine101
> 
>     * Google target IP to which this request was addressed, e.g. one of
>     our anycast IP addresses (no relation to the user's IP)
> 