Verisign launches Public DNS service that respects user privacy

[Batu69]

Verisign Public DNS is a free DNS service that promises better connection times, stability, security, and privacy when compared to the majority of public DNS services available on today's Internet.

The DNS services that Internet providers offer are often not the fastest, and it is easy enough to verify that by running programs like DNS Benchmark which test the performance of multiple DNS servers on the host system to find out which performs the best.

When it comes to third-party Public DNS services, there are plenty to choose from. While speed and reliability should definitely be a point of consideration, there may be others of interest including privacy, restrictions and extras that services may offer.

Companies may sell data that they collect based on your computer's look ups, and others may redirect you to custom error pages with their ads on them instead of the web browser's default error page.

While it is easy enough to find out about custom error pages, whether a company is selling or processing your data may not always be that obvious.

Verisign's newly launched Public DNS service promises to respect user privacy:

And, unlike many of the other DNS services out there, Verisign respects your privacy. We will not sell your public DNS data to third parties nor redirect your queries to serve you any ads.

The setup guide walks you through setting up the DNS server on desktop and mobile operating systems. Note that there is no program or app that you can run to set Verisign Public DNS automatically on a system.

Before you do that, you may want to test the performance of the DNS service. This can be done with the excellent DNS Benchmark which ships with dozens of DNS servers. You do need to hit the Add/Remove button to add both Verisign Public DNS IP addresses to it. The IP addresses that you need to add are 64.6.64.6 and 64.6.65.6.

As you can see on the screenshot above, it came in second right after the local network nameserver used on the test device.

The status tab confirms furthermore that it won't intercept bad domain names which means that the browser's error page will be used whenever you try to load a domain name that does not exist.

Public DNS is a bare-bones DNS service apart from that offering no filtering options for you to configure for example. That's not necessarily a bad thing considering that you may not need these options at all. It is quick to set up and if you run into issues, quick to remove as well.

Verisign promises not to sell the data but it will still process it internally as mentioned in the Terms of Service.

Verisign uses the Service Data to provide the Service and for internal business and analysis purposes. [..] Verisign will not sell, distribute any personally identifiable information (PII) collected as a result of performing the Service. Verisign will not permanently store the PII and will retain such PII for no longer than is necessary.

Closing Words

Benchmark results may vary depending on where you connect to the Internet from. It is therefore suggested to run benchmarks if you consider switching to the DNS service.

Source

[jamesDDI]

Good to know, but i did non understand if they keep logs. For now seems not compatible with dnscrypt..

Edit: yup, they keep logs..

[Akaneharuka]

Is google DNS private ?　:(

[jamesDDI]

Is google DNS private ?　 :(

What you mean with 'private'?

[straycat19]

Is google DNS private ?　 :(

If you want private don't connect your computer to a network, there is no such thing as private, all the DNS servers keep logs, even the ones that say they don't. One so-called private DNS I had personal knowledge of was able to go back 5 years and supply information critical to an internet fraud case. So believe what you will, just don't bet your privacy on it.

[jamesDDI]

Is google DNS private ?　 :(

ok ,now i have understood. You need to use dnscrypt: https://dnscrypt.org/ there are 2 windows gui in this page but i use a third not mentioned there: https://github.com/bitbeans/SimpleDnsCrypt

Here one page with all downloads: https://download.dnscrypt.org/dnscrypt-proxy/

Here an HOW TO page on Tier2 servers: https://www.opennicproject.org/configure-your-dns/

Very good also https://dnscrypt.eu/servers.

In Tier2 page choose always those with "Logging complete disabled"

Edit: for better explain you need to choose a server with:

1) Logging completely disabled

2) DNSSEC validation

3) dnscrypt will do the rest

So you will have the BETTER of those 3 worlds ;)

You need to play a bit to see what is better for you ;)

[xyzdev]

Is google DNS private ?　 :(

ok ,now i have understood. You need to use dnscrypt: https://dnscrypt.org/ there are 2 windows gui in this page but i use a third not mentioned there: https://github.com/bitbeans/SimpleDnsCrypt

Do you use SimpleDnsCrypt? I just created a thread yesterday - didn't saw this one till' now - about the DNSCrypt subject, here.

Maybe you can check it out, it doesn't work on me, don't know why.

[zavana]

Is google DNS private ?　 :(

Their white paper..

https://developers.google.com/speed/public-dns/privacy?

​What we log

Google Public DNS stores two sets of logs: temporary and permanent. The temporary logs store the full IP address of the machine you're using. We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users.

We delete these temporary logs within 24 to 48 hours.

In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena. After keeping this data for two weeks, we randomly sample a small subset for permanent storage.

We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.

Finally, if you're interested in knowing what else we log when you use Google Public DNS, here is the full list of items that are included in our permanent logs:

• Request domain name, e.g. www.google.com
• Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6 record), NS, MX, TXT, etc.
• Transport protocol on which the request arrived, i.e. TCP or UDP
• Client's AS (autonomous system or ISP), e.g. AS15169
• User's geolocation information: i.e. geocode, region ID, city ID, and metro code
• Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
• Whether the request hit our frontend cache
• Whether the request hit a cache elsewhere in the system (but not in the frontend)
• Absolute arrival time in seconds
• Total time taken to process the request end-to-end, in seconds
• Name of the Google machine that processed this request, e.g. machine101
• Google target IP to which this request was addressed, e.g. one of our anycast IP addresses (no relation to the user's IP)

​