Google DNS is a free domain name system DNS service offered to internet users worldwide by google.The DNS protocol is an important part of the web's infrastructure, it will serves as the internet phone book.each and every time if you visit a website your computer performs a DNS lookups.
Complex pages in a website performs a multiple DNS lookups before start loading.
Benefits you get while using google DNS:
Whenever a client or user needs to query a DNS resolver over the network, the latency introduced can be significant, depending on the proximity and number of name servers the resolver has to query (more than 2 is rare, but it can happen).
There are Two components to DNS latency:-
- Latency between the client (user) and DNS resolving server. In most of the cases this is largely due to the usual round-trip time (RTT) constraints in networked systems: geographical distance between client and server machines; network congestion; packet loss and long retransmit delays (one second on average); overloaded servers, denial-of-service attacks and so on.
- Latency between resolving servers and other name servers. This source of latency is caused primarily by the following factors:
- Cache misses. If a response cannot be served from a resolver's cache, but requires recursively querying other name servers, the added network latency is considerable, especially if the authoritative servers are geographically remote.
- Underprovisioning. If DNS resolvers are overloaded, they must queue DNS resolution requests and responses, and may begin dropping and retransmitting packets.
- Malicious traffic. Even if a DNS service is overprovisioned, DoS traffic can place undue load on the servers. Similarly, Kaminsky-style attacks can involve flooding resolvers with queries that are guaranteed to bypass the cache and require outgoing requests for resolution.
Mitigations or how to resolve:-
In Google Public DNS, they have implemented several ways to speeding up DNS lookup times.
- Provisioning serving clusters adequately.
- Load-balancing for shared caching.
- Distributing serving clusters for wide geographical coverage.
Since the DNS is an open, distributed design of the Domain Name System, and its use of the User Datagram Protocol (UDP), DNS is vulnerable to various forms of attack. Public or "open" recursive DNS resolvers are especially at risk, since they do not restrict incoming packets to a set of allowable source IP addresses.
We are mostly concerned with two common types of attacks:
- Spoofing attacks leading to DNS cache poisoning. Various types of DNS spoofing and forgery exploits abound, which aim to redirect users from legitimate sites to malicious websites. These include so-called Kaminsky attacks, in which attackers take authoritative control of an entire DNS zone.
- Denial-of-service (DoS) attacks. Attackers may launch DDoS attacks against the resolvers themselves, or hijack resolvers to launch DoS attacks on other systems. Attacks that use DNS servers to launch DoS attacks on other systems by exploiting large DNS record/response size are known as amplification attacks.
Mitigations or how to resolve:-
The solution for the above in a standard system for DNS vulnerabilities is DNSSEC.
Apart from this,
- Securing your code against buffer overflows, particularly the code responsible for parsing and serializing DNS messages.
- Over provisioning machine resources to protect against direct DoS attacks on the resolvers themselves. Since IP addresses are important for attackers to forge, it's impossible to block queries based on IP address or subnet; the only effective way to handle such attacks is to simply absorb the load.
- Implementing basic validity-checking of response packets and of name server credibility, to protect against simple cache poisoning.
- Adding entropy to request messages :-To reduce the probability of more sophisticated spoofing/cache poisoning attacks such as Kaminsky attacks. There are many recommended techniques for adding entropy, including randomizing source ports; randomizing the choice of name servers (destination IP addresses); randomizing case in name requests; and appending nonce prefixes to name requests.
- Removing duplicate queries, to combat the probability of "birthday attacks".
- Rate-limiting requests, to prevent DoS and amplification attacks.
- Monitoring the service for the client IPs using the most bandwidth and experiencing the highest response-to-request size ratio.
The above is he benefits of using google DNS at your side,i thinks definitely it will help you.
In order to analyze your word press domain page speed click here to know about that.