Google has made public DNS servers available for one simple reason: They want google.com to resolve using their IPs (74.125.93.xx) instead of other IPs. Notably, if you use OpenDNS, a request for google.com resolves to OpenDNS’ 208.69.36.xx IPs.
This takes, or has the potential to take, ad revenue from Google, so Google responded by having very easy-to-configure (how hard is it to forget “8.8.8.8” and “8.8.4.4”?) DNS servers that don’t include any ads—besides the ads Google themselves include in their search result.
They made the DNS servers geek-friendly: Their DNS servers do not redirect NXDOMANs (DNS replies saying “this host name does not exist”) to an ad-filled page, but correctly forward NXDOMAIN replies on to the end-user.
There’s a good reason OpenDNS’ president is scared of Google’s DNS servers; by offering for free (ad-free) what OpenDNS offers, they have undercut OpenDNS and, quite frankly, OpenDNS’ days are numbered. Yes, they do offer spam/phish/adult content filtering, but the market for that is smaller than the market for “My ISP’s DNS servers suck, give me something more reliable”.
Disclaimer: I sent my resume to OpenDNS a few months ago and never heard from them; while I didn’t get hired at Google, I had a very pleasant experience interviewing with them a few years ago.
Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts
Wednesday, December 9, 2009
Tuesday, September 29, 2009
MaraDNS snapshot update: Documentation updated
I’ve updated MaraDNS’ documentation to have the DNS software and the advocacy pages be more up-to-date. In particular, the pages now acknowledge the existence of MyDNS-ng and there is now a very brief mention of GbDNS.
The MaraDNS tarball with these updated web pages can be seen in the 20090929 snapshot available at this location:
http://www.maradns.org/download/1.3/snap/200909/
The MaraDNS tarball with these updated web pages can be seen in the 20090929 snapshot available at this location:
http://www.maradns.org/download/1.3/snap/200909/
Thursday, June 25, 2009
GbDns : A recursive caching DNS server for Windows
Ok, I just found another DNS implemention out there: GbDns : A recursive caching DNS server for Windows. It looks like it's written in C# and uses the .net framework; I will look at it more later on.
Monday, January 19, 2009
Personal condolences for fellow DNS implementor
I would like to send personal condolences to Paul Rombouts, the maintainer of Pdnsd for the family problems he has had in 2008, and hope 2009 is a better year for him.
I will keep him in my prayers.
I will keep him in my prayers.
Wednesday, July 2, 2008
Unbound: A new DNS server
Just today, I became aware of a new DNS server, Unbound. This DNS server appears to come from the same group who gave us the authoritative-only NSD a few years ago; basically this is, if you will, the recursive half of NSD.
I haven't updated my list of DNS servers to incorporate this DNS server, but am impressed the DNS server got mentioned both in Infoworld and on CNN's web page.
I haven't updated my list of DNS servers to incorporate this DNS server, but am impressed the DNS server got mentioned both in Infoworld and on CNN's web page.
Thursday, August 30, 2007
There's more to DNS than BIND and DjbDNS
Back in early 2001, there were only two DNS servers available: BIND and DjbDNS. Both DNS servers had problems: BIND constantly had security problems in it that gave attackers remote root access to systems. DjbDNS had a non-open source license and a disregard for standards that made using it problematic.
The feeling was that a new DNS server needed to be made. So I started developing MaraDNS. It was a lot of work; DNS is a non-trivial protocol.
Six years have passed since then and a number of DNS servers have come and gone. The ones that are still being actively maintained are my own MaraDNS, NSD, and PowerDNS. [1]
However, whenever a discussion about DNS servers comes up, we get the same BIND-vs-DjbDNS flame war rehashed over and over again. The flame wars are based on the following outdated bits of information:
So, people, wake up and smell the coffee. There are no less than three other DNS servers. Being actively maintained. We are no longer in a BIND-and-DjbDNS world. BIND is no longer a remote root exploit waiting to happen.
- Sam
[1] There are some other DNS servers that are no longer actively maintained or on life support: pdnsd (the last update is from a year ago) and posadis (last update three years ago). There's also MyDNS (last update almost two years ago), which is a "one trick pony" DNS server for people who want to use a database to manage DNS records.
The feeling was that a new DNS server needed to be made. So I started developing MaraDNS. It was a lot of work; DNS is a non-trivial protocol.
Six years have passed since then and a number of DNS servers have come and gone. The ones that are still being actively maintained are my own MaraDNS, NSD, and PowerDNS. [1]
However, whenever a discussion about DNS servers comes up, we get the same BIND-vs-DjbDNS flame war rehashed over and over again. The flame wars are based on the following outdated bits of information:
- BIND has privilege escalation security holes coming out every month (not true since BIND9 became viable in 2002 or 2003)
- DjbDNS has no security holes (not true: DjbDNS has an unpatched remote denial of service security hole)
- There are no free DNS servers besides BIND and DjbDNS (Not true; there are three other active open-source DNS servers)
So, people, wake up and smell the coffee. There are no less than three other DNS servers. Being actively maintained. We are no longer in a BIND-and-DjbDNS world. BIND is no longer a remote root exploit waiting to happen.
- Sam
[1] There are some other DNS servers that are no longer actively maintained or on life support: pdnsd (the last update is from a year ago) and posadis (last update three years ago). There's also MyDNS (last update almost two years ago), which is a "one trick pony" DNS server for people who want to use a database to manage DNS records.
Subscribe to:
Posts (Atom)
