Feeds

Google moves to extend DNS protocol

Geo loco revamp

  • alert
  • submit to reddit

SANS - Survey on application security programs

Google has teamed with DNS maven Neustar to propose an extension to the net's existing Domain Name System protocol, hoping to improve the way the protocol maps web users to particular data centers.

The news comes little more than a month after the web giant cum world power sensationally entered the DNS resolution business with its free Google Public DNS service.

Yesterday, Google and Neustar posted their proposed DNS extension to the dnsext mailing list, and other DNS providers - including conspicuous Google rival OpenDNS - are named as contributors to the proposal.

The Domain Name System converts text urls into numeric IP addresses. Typically, the first layer of this process - the "recursive" DNS service - is run by your ISP. But alternatively, you can opt for a third-party recursive provider like OpenDNS or, yes, Google. The recursive provider then taps records websites have stored with "authoritative" DNS providers like Neustar's UltraDNS.

In essence, the extension proposed by Google and Neustar would allow recursive DNS providers to pass a portion of the user's IP address data to the authoritative provider. This gives the authoritative provider a better idea of where users are located, which means it's more likely to send users to a nearby data center when resolving a net address.

If a site is served up from multiple locations, the authoritative provider will attempt to send the user to the closest location. But as it stands, authoritative providers only see the IP address of the recursive provider - not the end user. If you're in, say, San Francisco but you're using a recursive DNS provider based in Chicago, the website you're trying to visit can only assume you're in Chicago.

"As more and more people start to use recursive systems [along the lines of OpenDNS], this is becoming a much bigger problem," Neustar senior director of technology Sean Leach, who coauthored the DNS proposal, tells The Reg.

Leach tells us that early this fall - before Google released PublicDNS - Neustar approached Mountain View about collaborating on an extension of the DNS protocol and discovered that the Mountain View giant was already working on such a project.

Under the new DNS extension proposed by Google and Neustar, the recursive provider would pass the first three octets - i.e. the top 24 bits - of the user IP, so the authoritative provider would not have access to the entire address.

Today, the recursive provider already grabs the user's IP - and that includes Google. Mountain View unveiled its free Google Public DNS in early December. This was billed as an effort to speed DNS resolutions, but it also gives Google access to additional slice of user traffic data.

According to the company, it limits how long it retains certain information collected by its Public DNS service, including your IP. Your IP address, Google says, is stored but then deleted after 24 to 48 hours.

Nonetheless, Google's new service has been sharply criticized by OpenDNS, the current market leader. "To think that Google’s DNS service is for the benefit of the Internet would be naive. They know there is value in controlling more of your Internet experience and I would expect them to explore that fully," said CEO and founder David Ulevitch.

"It’s not clear that Internet users really want Google to keep control over so much more of their Internet experience than they do already - from Chrome OS at the bottom of the stack to Google Search at the top, it is becoming an end-to-end infrastructure all run by Google, the largest advertising company in the world. I prefer a heterogeneous Internet with lots of parties collaborating to make this thing work as opposed to an Internet run by one big company.". ®

Update: This article has been updated to removed claims that this proposal would speed resolutions

3 Big data security analytics techniques

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.