We understand that our users need to know what we do with information we collect when you use our services. If you'd like to read the main policy which Google adheres to, see the Privacy Center.
However, if you're reading this page, you probably want some specific, rapid answers about what happens to your data when you use Google Public DNS. We designed the product to be fast, so let's get to the point quickly on privacy as well.
We built Google Public DNS to make the web faster and to retain as little information about usage as we could, while still being able to detect and fix problems. Google Public DNS does not permanently store personally identifiable information.
What we log
Google Public DNS stores two sets of logs: temporary and permanent. The temporary logs store the full IP address of the machine you're using. We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users.
We delete these temporary logs within 24 to 48 hours.
In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena. After keeping this data for two weeks, we randomly sample a small subset for permanent storage.
We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.
Finally, if you're interested in knowing what else we log when you use Google Public DNS, here is the full list of items that are included in our permanent logs:
- Request domain name, e.g. www.google.com
- Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6 record), NS, MX, TXT, etc.
- Transport protocol on which the request arrived, i.e. TCP or UDP
- Client's AS (autonomous system or ISP), e.g. AS15169
- User's geolocation information: i.e. geocode, region ID, city ID, and metro code
- Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
- Whether the request hit our frontend cache
- Whether the request hit a cache elsewhere in the system (but not in the frontend)
- Absolute arrival time in seconds
- Total time taken to process the request end-to-end, in seconds
- Name of the Google machine that processed this request, e.g. machine101
- Google target IP to which this request was addressed, e.g. one of our anycast IP addresses (no relation to the user's IP)