Posts tagged ‘OpenDNS’
Google made some big news in the world of DNS recently. The company announced on their blog that they currently respond to over 70B DNS requests per day, making Google the largest provider of public DNS services. (DNS translates domain names to IP addresses, and returns the correct online destination to users).
Back in 2009 I wrote about the launch of Google Public DNS, and wondered what effect it would have on the market. One result is that consumers now have a well known technology company offering them a better DNS experience than they get from their ISPs, which historically have never had any reason to invest in better DNS performance. Google claims it does not store personally identifiable information from DNS traffic, and does not combine it with any other Google service.
Other industry players will need to respond to the growth of Google Public DNS. OpenDNS is a startup company that in many ways pioneered free recursive DNS service in 2005. (Quick DNS primer — recursive DNS returns answers to users, authoritative DNS provides those answers to be returned).
Forbes just published a Q&A in which OpenDNS founder David Ulevitch attempts to spread some fear, uncertainty and doubt (FUD) about Google becoming too central in how users connect online. Over the years I’ve been impressed with how quickly Ulevitch responds to any market development that could affect OpenDNS. In particular, he started using social media channels to support his corporate messaging well in advance of other companies in the space.
This well-timed media interview is another example. With coverage of Google overriding privacy settings in Safari browsers fresh in the news, it’s smart messaging to raise doubts about the company becoming dominant for DNS.
At CircleID, there’s a fascinating discussion on how Google’s growth affects VeriSign, operator of the dominant .com and .net domains. VeriSign operates .com and .net under an exclusive contract with ICANN, the administrator of certain Internet infrastructure functions. The piece is written by George Kirikos, a long-time critic of ICANN who uses the 70B requests a day number to criticize VeriSign’s exclusive contract.
George points out that one metric VeriSign has used for years to justify its ability to effectively support .com and .net is DNS requests handled. Based on the latest public statement, that number is currently a daily average of 59B, less than Google’s 70B. As the comment thread of the piece makes clear (worth the time to review), the comparison isn’t really apples to apples since Google is recursive and VeriSign is authoritative. Even more critically, VeriSign has a much heavier burden to provide a stronger level of service than does Google.
Most people don’t understand how DNS works, never mind understand the difference between VeriSign’s number and Google. Having divested itself of its telecom business (to TNS in 2007) and security (Symantec in 2010), all of VeriSign’s eggs are in the DNS/.com/.net basket. (The company also has a small managed security business called iDefense). Rather than trying to explain the differences and draw further attention to Google’s growth, I’d expect VeriSign to drop the DNS request number from its external messaging.
As I wrote back in 2009, Google was sure to create big waves by entering the DNS space. It sure makes the space more interesting. And as Ulevitch of OpenDNS admitted in his interview, the growth of Google Public DNS raises the awareness of the importance of DNS. That’s a very good thing in and of itself.
The first two weeks in December haven’t just been the glide path to Christmas this year. 2009 has belatedly turned into a year of innovation and business moves around the Domain Name System (DNS), a vital but under-appreciated protocol essential for the proper functioning of the Internet. All this news may finally propel awareness of DNS beyond strictly technical circles.
First off, let’s start with the big Internet whale. On 12/3 Google announced they were offering Google Public DNS, a free service that allows anyone to use DNS supplied by Google. The company already controls about 65% of online advertising, so why not control the on-ramp millions of consumers use to get online? Here’s TechCrunch’s take, just one story among much coverage.
When Google muscles into a market, they create a lot of waves. As TechCrunch points out, a startup called OpenDNS has been successful in the recursive DNS space. (quick DNS tidbit — recursive DNS returns answers to users, authoritative DNS provides the right answers) Both services are free — OpenDNS makes money by presenting ads to users who type incorrect URLs, or domains that don’t exist. Google says it won’t do this, and their “pure” DNS will deliver a not found response. (Google proudly saying no ads served — nice irony)
While this is going on, my client Neustar and Infoblox announce a strategic relationship. To over-simplify a bit for clarity, both are leaders in the area of authoritative DNS. Neustar is the number one provider via the cloud, offering DNS as a managed service. Infoblox offers DNS management via an appliance approach, a “box” if you will that resides in the customer’s network. In the past these two have been competitors — now by working together they have created a potent, one stop shop for ISPs and top Internet brands. Here’s a good piece by Carolyn Marsan of Network World on the partnership.
Now back to OpenDNS. On 12/10 Neustar announces they have launched the Real-Time Directory service, the first fundamental change in how the DNS operates in about 20 years. Basically it allows changes made to DNS to be almost instantaneous, rather than waiting up to a full day for servers to ask for changes (due to something called caching). OpenDNS is the first recursive provider to sign up, making their DNS better than Google’s. Take that, you “do no evil” bullies! Here’s Cade Metz of The Register with a good synopsis.
So it’s been quite a couple of weeks for old DNS. And very exciting for me, and not just because my client is right in the middle of these developments. DNS is a protocol that really needs the attention, as was made plain by the Kaminsky vulnerability in July of 2008. Now it’s getting it, and with Google in the mix more media may pay attention.
So what’s next for DNS? I can’t say, but a great by-product of Google offering DNS is it makes the big ISPs take a harder look at how they do DNS. Up to now it’s been an after-thought – maybe now they will focus on ways to make the recursive DNS they provide millions of consumers more reliable and secure. And that’s something to be thankful for as you purchase your gifts online this holiday season.
Saw an interesting news item that broke Monday courtesy of DomainNameNews and SlashDot that hasn’t been broadly covered yet. Apparently VeriSign has been awarded a patent for the resolution of mis-typed domain names. This was at the heart of the controversy back in 2003 around their SiteFinder Service. Amidst a storm of criticism ICANN insisted VeriSign shut down the service, and the company eventually agreed.
Personally I believe if VeriSign had been less secretive about its plans and had briefed important Internet constituencies beforehand about this change to how the Internet operated, there would have been less criticism. VeriSign and ICANN eventually settled their differences re SiteFinder, and as part of the re-awarding of the .com franchise VeriSign promised never to bring a SiteFinder-like service back. But, this patent is interesting for what it means in the present, not the past.
Many companies currently resolve incorrect domain names to pages that contain advertising. They don’t do it the way VeriSign did it, by changing the way the root server operates for .com addresses. But the result is the same, and would seem to be covered by the patent. Companies like Earthlink, Verizon and OpenDNS bring their customers to advertising pages every time they “fat-finger” a domain name. Just think about how often we all do this, and you can imagine the amount of Internet traffic potentially involved. Some of these companies weren’t re-directing this traffic safely — there were security problems with the ad partner Earthlink chose to deal with:
So, the government seems to have handed VeriSign a new revenue stream. Letters may be going out shortly demanding a licensing fee — or maybe they’ve already been sent.
UPDATE — AP wrote story: http://biz.yahoo.com/ap/080514/techbit_internet_typos.html?.v=2