What we log
Google Public DNS stores two sets of logs: temporary and permanent. The temporary logs store the full IP address of the machine you're using. We have to do this so that we can spot potentially bad things like DDoS attacks and so we can fix problems, such as particular domains not showing up for specific users.
We delete these temporary logs within 24 to 48 hours.
In the permanent logs, we don't keep personally identifiable information or IP information. We do keep some location information (at the city/metro level) so that we can conduct debugging, analyze abuse phenomena. After keeping this data for two weeks, we randomly sample a small subset for permanent storage.
We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.
Finally, if you're interested in knowing what else we log when you use Google Public DNS, here is the full list of items that are included in our permanent logs:
Request domain name, e.g.
www.google.com
Request type, e.g. A (which stands for IPv4 record), AAAA (IPv6 record), NS, MX, TXT, etc.
Transport protocol on which the request arrived, i.e. TCP, UDP, or HTTPS
Client's AS (autonomous system or ISP), e.g. AS15169
User's geolocation information: i.e. geocode, region ID, city ID, and metro code
Response code sent, e.g. SUCCESS, SERVFAIL, NXDOMAIN, etc.
Whether the request hit our frontend cache
Whether the request hit a cache elsewhere in the system (but not in the frontend)
Absolute arrival time in seconds
Total time taken to process the request end-to-end, in seconds
Name of the Google machine that processed this request, e.g. machine101
Google target IP to which this request was addressed, e.g. one of our anycast IP addresses (no relation to the user's IP)