cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

The struggle is real ...

Google has hard wired their devices to bypass the DNS your ISP forces you to use. For the purist and super techie that thinks his network should always be in his control, this is an issue. For the ISP who thinks that they own their network you have to ride on their rails.

 

3 different perspectives of ownership and they are all correct, to a point. Where do you fall in this debate? Maybe like Ozzie in his song “Crazy Train” we could cooperate: 

 

...

Crazy, but that's how it goes
Millions of people living as foes
Maybe it's not too late
To learn how to love and forget how to hate

...

6 Replies
Baechle
Advocate I

Mark,

 


@Flyslinger2 wrote:

Google has hard wired their devices to bypass the DNS your ISP forces you to use. For the purist and super techie that thinks his network should always be in his control, this is an issue.


I'm not sure I fully understand where this is an issue.  DNS is a fractured service, and often organizations may not advertise DNS for internal hosts beyond their own servers.  It could make sense that Google provides a DNS that it wants its own devices to use because it has private records.

 


@Flyslinger2 wrote:

For the ISP who thinks that they own their network you have to ride on their rails.


Do you know of an ISP that forces customers to use their DNS? 

 


@Flyslinger2 wrote:

3 different perspectives of ownership and they are all correct, to a point. Where do you fall in this debate?


I guess I am in the camp of I want to be squarely in control over my own access and services.

 

-EB

Flyslinger2
Community Champion



I guess I am in the camp of I want to be squarely in control over my own access and services.

 

-EB


Which is where the guru Paul Vixie is as well.  I have always changed my customers forward facing DNS servers to always use upper level servers that were not part of the ISP's infrastructure.  I don't have hard facts that the ISP is doing anything particularly nefarious but money always drive most issues.

 

Personally, my network is default network settings.  I'm not too concerned about my network as I only have two Roku's and two iTV units. I'm not a heavy IoT user.

Shannon
Community Champion

 


@Flyslinger2 wrote:

Google has hard wired their devices to bypass the DNS your ISP forces you to use. For the purist and super techie that thinks his network should always be in his control, this is an issue. For the ISP who thinks that they own their network you have to ride on their rails.


 

Since the device is hard-coded to use Google's DNS servers, this may only be an issue if your router / ISP blocks traffic going to Google DNS servers, in which case the service would fail, and support might have to be contacted.

 

It's all about convenience vs privacy, and I'm sure the majority of users won't be worried about the latter. (If they are, they can't simply stop using the service, or else configure routers to forward the traffic to their own DNS servers --- then again, I doubt many will care / have the patience to do all that)

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
denbesten
Community Champion

I can completely understand why Google would make such a decision.  By pointing to their own DNS, Google ensures that geolocation behaves the way they want it to, minimizing their costs of service delivery and reducing the number of troubleshooting variables (for them).

 

While I get Vixie's information disclosure concern, forcing a different DNS server offers little defense because immediately after boot, Chromecast starts downloading background pictures which announces your user-agent to Google.

 

More likely is that Vixie wants to control his own DNS because, well, he is an expert in the field.

Brewdawg
Newcomer III

I am in the camp of wanting control over the DNS services that devices and systems use.  A big part of that desire comes from having kids at home that I want to have the option to use a curated or monitored DNS query on their devices so that I can control and limit their access.

denbesten
Community Champion

Your house, your right.  Personally, I use Untangle ($50/yr).  It is classical firewall (sits in line, inspects, routes traffic, NAT, VPN termination, etc).  Kinda janky to configure but does the job and is cheap.