Google Public DNS is a free, global Domain Name System
resolution service, that you can use as an alternative to your current
Why is Google working on a DNS service?
We believe that a faster and safer DNS infrastructure could
significantly improve the web browsing experience. Google Public DNS
has made many improvements in the areas of speed, security, and
validity of results. We've shared these improvements in our documentation,
to contribute to an ongoing conversation within the web community.
Can I use Google Public DNS to host my
domain name or website?
No. Google Public DNS is not an authoritative nameserver or
hosting service. If you are looking for a high-volume, programmable,
authoritative name server using Google's infrastructure, try
Google's Cloud DNS.
Does Google Public DNS offer the
ability to block or filter
out unwanted sites?
No. Google Public DNS is purely a DNS resolution and
caching server; it does not perform any blocking or filtering of any
kind, except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users
from security threats. But we believe that blocking functionality is usually best performed by the client. If you are interested in enabling such functionality, you
should consider installing a client-side application or browser add-on
for this purpose.
Are Googlers using Google Public DNS?
Yes. Googlers have been using Google Public DNS since a couple of
months before the launch. Also, we have been using it to power our
wi-fi networks for visitors as well as our free public
wi-fi network in Mountain View, California.
Are there any cross-product
dependencies with Google Public DNS?
Google Public DNS is an independent service.
Do I need a Google Account to use
Google Public DNS?
How is Google Public DNS different
from my ISP's DNS service or other open DNS resolvers? How can I tell
if it is better?
Open resolvers and your ISP all offer DNS resolution
invite you to try Google Public DNS as your primary or secondary DNS
resolver along with any other alternate DNS services. There are many
things to consider when identifying a DNS resolver that works for you,
such as speed, reliability, security, and validity of responses. Unlike
Google Public DNS, some ISPs and open resolvers block, filter, or
redirect DNS responses for commercial purposes.
How does Google Public DNS handle
If you issue a query for a domain name that does not exist,
Google Public DNS always returns an NXDOMAIN record, as per the DNS
protocol standards. The browser should show this response as a DNS
If, instead, you receive any response other than an error message (for
example, you are redirected to another page), this could be the result
of the following:
A client-side application such as a browser plug-in is
displaying an alternate page for a non-existent domain.
Some ISPs may intercept and replace all NXDOMAIN
responses that lead to their own servers. If you are concerned that
your ISP is intercepting Google Public DNS requests or responses, you
should contact your ISP.
Will Google Public DNS be used to serve ads
in the future?
No. We are committed to preserving the integrity of the DNS
protocol. Google Public DNS will never return the address of an ad
server for a non-existent domain.
Use and support
I am using another DNS service now.
Can I also use Google Public DNS?
Yes. You can set Google Public DNS to be your primary or
DNS resolver, along with your current DNS resolver. Please remember
that operating systems treat DNS resolvers differently: some will only
use your primary DNS resolver and use the secondary in case the primary
one fails, while others will round-robin among each of the resolvers.
Is Google Public DNS suitable for all
types of Internet-enabled devices?
Yes. Google Public DNS can be used on any standards-compliant network
device. If you find any situation where Google Public DNS does not
work well, please let us know.
Can I run Google Public DNS on my office
Some offices have private networks that allow you to access
that you can't access outside of work. Using Google Public DNS might
limit your access to these private domains. Please check your IT
department's policy before using Google Public DNS on your office
In which countries is Google Public
It is available to Internet users around the world, though
your experience may vary greatly based on your specific location.
Does Google Public DNS work with all ISPs?
Google Public DNS should work with most ISPs, assuming you
have access to change your network DNS settings.
Do I need to use both Google Public DNS IP
No. You can use Google as your primary service by just
using one of the IP addresses. However, be sure not
to specify one address as both primary and secondary servers.
Does it matter in what order I specify
the IP addresses?
No, the order does not matter. Either IP can be your primary or
secondary name server.
What is the SLA for the service?
We are not providing an SLA for this
service at this
I'm running an ISP. Can I redirect all my
users to Google Public DNS?
Yes, but at this time, Google Public DNS is a service without an SLA.
If you do want to use Google Public DNS, please create a ticket on the
Tracker to discuss with us first.
How can I get support from the Google
Public DNS team?
We recommend that you join our Google Groups
to get useful updates from the team and ask any questions you
If you are encountering a problem and would like to report
it, please see Reporting
issues for procedures.
Where are your servers currently
Google Public DNS servers are available worldwide.
Here are the subnets from which Google Public DNS sends requests
to authoritative nameservers, and their associated IATA airport codes:
This list is subject to additions, modifications, and even
reductions as we continue to deploy and support our service.
How does Google Public DNS know which
data center to send me to?
Google Public DNS uses anycast routing to direct all
packets to the
closest DNS server. For more information on anycast routing, see the Wikipedia
Is Google Public DNS based on open source
software, such as
No. Google Public DNS is Google's own implementation of the
Does Google Public DNS comply with the
DNS standards set forth by the IETF?
Are there plans to release Google
Public DNS code as open source software?
At this time, there are no plans to open source Google
but we have detailed all the steps we have taken to increase speed,
security, and standards compliance.
Does Google Public DNS support IPv6?
Yes. Google Public DNS listens for incoming requests on IPv6
clients with IPv6 connectivity, responds to all requests for IPv6
addresses, returns AAAA records if they exist, and
talks to IPv6-only authoritative nameservers. See Using
Public DNS for Google Public DNS IPv6 host addresses and
Note that you may not receive IPv6 results for Google
properties. To optimize the user experience,
Google only serves AAAA records to clients behind ISPs with good IPv6
connectivity. This policy is completely
independent from Google Public DNS, and is enforced by Google's
nameservers. For more information, please see the Google over IPv6 page.
Does Google Public DNS support the
Yes. Google Public DNS is a validating, security-aware resolver.
All responses from DNSSEC signed zones are validated unless clients
explicitly set the CD flag in DNS requests to disable the validation.
How can I find out if I am using DNSSEC?
You can do a simple test by visiting www.dnssec-failed.org. This
site has been specifically configured to return a DNS error due to
a broken authentication chain. If you don't receive an error, you are not using DNSSEC.
For web-based queries, you can also test DNSSEC support
by installing a browser plug-in, such as DNSSEC Validator, available
How does Google Public DNS handle
lookups which fail DNSSEC validation?
If Google Public DNS cannot validate a response (due to misconfiguration,
missing or incorrect RRSIG records, etc.), it will return an
error response (SERVFAIL) instead. However, if the
impact is significant (e.g. a very popular domain
is failing validation), we may temporarily disable validation on the zone
until the problem is fixed.
How can I find out why a given domain
fails DNSSEC validation?
Verisign Labs' DNS
Analyzer and Sandia National Laboratories' DNSViz are two DNSSEC
visualization tools that show the DNSSEC authentication chain for any
domain. They show where breakages occur and are useful for looking up
the source of DNSSEC failures.
Google Public DNS is caching an outdated record.
Is there a way I can get Google Public DNS to refresh its cache?
Yes! You can use the Flush Cache
tool to refresh Google Public DNS's cache for a particular domain.
Does Google Public DNS secure the so-called "last-hop" by
encrypting communication with clients?
I looked online and it seems that there
are a lot of
issues with open resolvers such as DDoS attacks, large-scale spoofing
etc. Why did you make Google Public DNS an open resolver?
There are many articles online about some of the threats
resolvers face. We made a conscious decision to be open and we have
taken what we believe to be adequate precautions. See the security benefits
page for information on the precautions we have taken to help protect
our users from spoofing and cache poisoning, and to mitigate DNS-based
Are there tools that I can use to test
the performance of Google Public DNS against that of other DNS
There are many freely available tools that you can use to
measure Google Public DNS' response time. We recommend
Regardless of the tool you use, you should
run the tool against a large number of domains — more than
5000 — to ensure statistically significant results. Although
the tests take longer to run, using a minimum of 5000 domains ensures
that variability due to network latency (packet loss and
retransmits) is minimized, and that Google Public DNS's large
name cache is thoroughly exercised.
To set the number of domains in Namebench, use the Number
of tests GUI option or the -t
command line flag; see the Namebench
documentation for more information.
When I run ping
or traceroute against the Google Public DNS
resolvers, the response latency is higher
than that of other services. Does this mean Google Public DNS is always
No. In addition to the ping time, you
also need to consider the average time to resolve a name. For example,
if your ISP has a ping time of 20 ms, but a mean name resolution time
of 500 ms, the overall average response time is 520 ms. If Google
has a ping time of 300 ms, but resolves many names in 1 ms, the overall
average response time is 301 ms. To get a better comparison, we
recommend that you test the name resolutions of a large set of domains.
I've read claims that Google Public DNS can slow down
certain multimedia applications or websites. Are these true?
Many sites that provide downloadable or streaming multimedia host
their content with DNS-based third-party content distribution networks
(CDNs), such as Akamai. When a DNS resolver queries an authoritative
nameserver for a CDN's IP address, the nameserver returns an address
which is closest (in network distance) to the resolver, not the
user. In some cases, for ISP-based resolvers as well as public
resolvers such as Google Public DNS, the resolver may not be in close
proximity to the users. In such cases, the browsing experience could be
slowed down somewhat. Google Public DNS is no different from other DNS
providers in this respect.
To help reduce the distance between DNS servers and users, Google
Public DNS has deployed its servers all over the world. In particular,
users in Europe should be directed to CDN content servers in Europe,
users in Asia should be directed to CDN servers in Asia, and users in
the eastern, central and western U.S. should be directed to CDN servers
in those respective regions. We have also published this information
(see Where are your servers currently located?
for details) to help CDNs provide good DNS results for multimedia
In addition, Google Public DNS engineers have proposed a technical solution
EDNS Client Subnet.
This proposal allows resolvers to pass in part of the client's IP address
(the first 24/64 bits or less for IPv4/IPv6 respectively) as the source IP
in the DNS message, so that nameservers can return optimized results based
on the user's location rather than that of the resolver. To date, we have
deployed an implementation of the proposal for many large CDNs (including
Akamai) and Google properties. The majority of geo-sensitive domain names
are already covered.
What information does
Google log when I use the Google Public DNS service?
Google Public DNS complies with Google's
Center. With Google Public DNS, we collect IP address (only
temporarily) and ISP and location information (in permanent logs) for
the purpose of making our service faster, better and more secure.
Specifically, we use this data to conduct debugging and to analyze
abuse phenomena. After 24 hours, we erase any IP
information. For more information, read the Google Public DNS privacy page.
Is any of the information collected
stored with my Google account?