Unfortunately, Google Inc, does not respect Privacy rights enough. Power, Money, etc causes/results all "Google DNS Service" user's all queries to be SHARED with various other entities, and all user's all queries are STORED almost indefinitely in multiple locations, with various other entities.
They/Google should show+place a notice on their Google DNS Service home-page, that, ... "Google/we do not keep or store query logs in any form, nor do we allow anyone else to do such using our resources or via going through us. And Google/we do not share this service related any data with anyone else." (i do not think, that will happen any time soon, guaranteed). further response placed below in between prev mail. Received from curriegrad2004, on 2013-02-21 7:28 AM: > From a security perspective, I would seriously not even bother > querying anybody's DNS servers but rather have BIND to become a > full recursive DNS server using only the root hints provided by > IANA. > I agree with this suggestion. Keep your queries/logs, no matter what it is, to yourself. Simple configuration of BIND (or any other DNS Server or Resolver software), allows anyone (in a server or in a PC) to use their own DNS Server/Resolver. > > Unless frontier is hijacking DNS (port 53) traffic, I'd strongly > recommend using the method mentioned above. > > On Wed, Feb 20, 2013 at 10:16 PM, Todd And Margo Chester > <[email protected]> wrote: >> Hi All, >> >> I can not get frontier's DNS servers to resolve >> releases.mozilla.org. So, in my /etc/named.conf I commented >> out frontier's DNS servers and substituted Google's (8.8.8.8) >> and Open DNS' (208.67.222.222). >> >> # forwarders { 216.67.192.3; 74.40.37.242; }; # forwarders { >> 74.40.74.40; 74.40.74.41; }; forwarders { 8.8.8.8; >> 208.67.222.222; }; >> >> Am I making a security mistake here? >> Yes. If you must have to use external 3rd party DNS Servers, then search/find which pre-notifies that they do not FILTER and they do not LOG/STORE any queries. Use such. Unless, you yourself want to be filtered & censored, (for example, your current list item 208.67.222.222, etc are known for FILTERing & CENSORing as well) and happy about it. >> Many thanks, >> -T
signature.asc
Description: OpenPGP digital signature
