Google DNS Server: Public DNS For Internet Service Providers

Google DNS Server eadnskeep
Image source - blog.apnic

Anyone, including Internet Service Providers (ISPs) and big organizations, can use Google Public DNS, but we implement rate limits to each customer to protect our setting. Significant query volumes from a single IPv4 address (or IPv6 /64 network prefix) may be restricted if they pass these limits.

Google Public DNS is free assistance with no SLA. Suppose you use Google Public DNS for significant services or functionality. In that case, you should configure alternative DNS resolvers and be prepared to switch automatically or with fast manual reconfiguration. At the same time, your monitoring identifies any reachability or resolution problems with Google Public DNS.

Also check – How Do We Get the DNS Server Adopted By Our PC?

Before you begin using Google Public DNS

You project for clients to send queries to Google Public directly and not use carrier-grade NAT (CG-NAT) to map clients to IPv4 addresses. 

Find peak DNS queries per second (QPS) rate.

You can measure with NetFlow or sFlow data from your network devices or your resolvers’ statistics or query logs. If you cannot do any of these, estimate the DNS query rate. The peak rates should not calculate instantaneous bursts but average traffic over one or two seconds at the busiest time of day. Google Public DNS allows fast traffic bursts that momentarily exceed the limit.

Find the routable IP addresses that forward DNS queries.

If you use shared resolvers to aggregate DNS queries, count how many external IP addresses the resolvers use. If devices send DNS questions directly to Google Public DNS, count the external IP addresses the devices would use.

Compare per-IP address rate(s) to the default rate limits.

Ideally, it would help if you had specific rates for each IP address, but it is okay to divide the overall QPS rate by the number of IP addresses.

  • per-IP address QPS rate is smaller than 1500 QPS
  • configure Google Public DNS however you like; you do not need to request a rate limit increase.
  • per-IP address QPS rate passes 1500 QPS.

If devices on the networks can question Google Public DNS directly and reduce the per-IP address QPS rate below the limit, you can choose to use that approach without a rate limit increase.

Configure use of Google Public DNS

Using Google Public DNS directly

ISPs can configure network configuration infrastructure like DHCP to return Google Public DNS addresses (8.8.8.8, 8.8.4.4, and IPv6) so that clients on their networks will use Google Public DNS directly. This is the most straightforward and most reliable approach. By having network clients send DNS queries to Google Public DNS, each client is rate limited individually, and non-abusive clients are doubtful to be affected by throttling.

Using Google Public DNS from local resolvers

It is also feasible for ISPs to utilize local resolvers for client queries and possess the local resolvers to forward the questions to Google Public DNS. It may be required for regulatory reasons or operational ISP conditions.

Home routers or other network devices

Most local resolvers operate on ISP-managed routers, firewalls, or DSL/cable modems. For a single customer and possess their IP address, they immediately work like customers using Google Public DNS.

Shared caching resolvers

To decrease DNS queries, especially for ISPs established far from Google resolver locations, ISPs can use caching DNS resolvers that serve many clients. It can reduce the volume of DNS queries addressed to Google Public DNS, but narrowing it to a few IP addresses makes it more likely to be restricted. ISPs with shared resolvers sending queries to Google Public DNS should control DNS query rates and request a rate limit gain if rates exceed their limit, or more than 1% of questions do not get a response.

Ask for a rate limit increase.

ISPs using shared caching resolvers or IPv4 locations with CG-NAT may require higher rate limits to assure consistent service. Before requesting an extension, ISPs with caching resolvers should check their query logs, and those using CG-NAT should check their network traffic logs to confirm more than 1500 QPS sustained for IP addresses in the request. Google Public DNS can be configured to acknowledge REFUSED errors when customers with increased rate limits are throttled. If you want this signal, consider it in your rate limit raise request.

Use alternative resolvers concurrently with Google Public DNS

ISPs can also configure Google Public DNS as various resolver services for their clients or shared caching resolvers. It can increase DNS reliability and reduce single points of failure

Use Google Public DNS as an emergency fallback.

ISPs can configure Google Public DNS as an emergency fallback. Still, if the DNS query volume is high, queries are likely to be throttled when switching over to Google Public DNS if the sustained query volume per client IP exceeds the default rate limits (1500 QPS).

Medium to big ISPs using Google Public DNS for their DNS resolution should establish network peering with Google. Doing this shows a relationship with the Google NOC that can escalate connectivity or reachability issues from the ISP network to Google’s networks, including the Google Public DNS IP addresses.