Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google

In 2009 Google launched its Public DNS service, which has since become the largest DNS service in existence. A common problem with public resolvers is that Content Delivery Networks (CDNs) struggle to map end user origin. The EDNS Client Subnet (ECS) extension allows resolvers to reveal part of a client’s IP to authoritative name servers, helping CDNs pinpoint client origin. A side effect of ECS is that authoritative name server operators learn where in its network the public resolver handles queries. We leverage this side effect to study Google Public DNS (GPDNS). We perform a longitudinal analysis over data covering 2.5 years and 3.7 billion queries. Our study focuses on three aspects. First, we show that while GPDNS has PoPs in many countries, traffic is frequently routed out of country. This can reduce performance, and expose DNS requests to state level surveillance. We also show that end users are often served by a suboptimal PoP. Second, we show that end users switch to GPDNS en masse when their ISP resolver is unresponsive, and do not switch back. Finally, we also find that many e-mail providers configure GPDNS as resolver on their servers, causing serious privacy concerns due to information leakage.