Cloudflare launches fast and privacy-focused DNS at 1.1.1.1 - gHacks Tech News

Cloudflare launches fast and privacy-focused DNS at 1.1.1.1

Cloudflare announced the launch of its new public DNS service 1.1.1.1 on April 1, 2018. The company promised in the announcement that 1.1.1.1 would offer faster speeds and better privacy than other public DNS systems provided by companies such as Google, Yandex or Cisco. Let us find out if the promises hold up to a closer inspection of the service.

Note: The company decided to launch the new service on April 1, 2018. That's a red flag usually as tech companies make all sorts of April Fools jokes on the day. It appears, however, that 1.1.1.1 is real and not a joke.

DNS plays an important part on the Internet. Computers use IP addresses for communication but that would be terrible for humans who have a hard time remembering numbers. Would you prefer to visit startpage.com or 216.218.239.42?

DNS is the system that translates domain names to IP addresses so that computers know what to do. Most computer users probably use the DNS service that comes with the Internet connection; it is used by default but usually not the fastest nor most private.

Several ISPs started to monetize DNS by displaying custom error pages when a site can't be accessed.

Privacy and censorship are two additional areas that Internet users need to consider when it comes to DNS. Requests that you make on a device use the configured DNS provider which means that the provider knows exactly what you do on the Internet.

This is true even if you connect to HTTPS sites only, and may even be true for some VPN services that don't protect against DNS leaks. Internet Service Providers in the United States may sell customer data and the two viable options that customers have is to change the DNS provider or use a VPN service that uses its own DNS system.

DNS censorship is quite common as it is easy to implement. It is not strong as it can be bypassed easily. Basically, what happens is that Internet Service Providers change the IP address a domain name resolves to. This redirects users to a different web page, for instance an error page, a warning page, or a government domain, instead of the desired domain.

Cloudflare's 1.1.1.1 public DNS

cloudflare public dns

First, the basics: Cloudflare's public DNS has the IP addresses 1.1.1.1 and 1.0.0.1. How you add those to your system depends largely on the operating system you use.

Windows users may do the following:

  1. Use the keyboard shortcut Windows-R to open the run box.
  2. Type netcpl.cpl to open the Network and Sharing Center (note that this may not be available in the newest builds of Windows 10)
    1. If it is not available, right-click on the network icon in the System Tray and select Open Network and Internet settings.
    2. On the page that opens, click on "change adapter options".
  3. Right-click on the active connection and select properties from the menu.
  4. Double-click on "Internet Protocol Version 4 (TCP/IPv4)
  5. Switch to "Use the following DNS server addresses".
  6. Enter 1.1.1.1 under preferred DNS server.
  7. Enter 1.0.0.1 under alternate DNs server.

Tip: You can open 1.1.1.1 in your browser. The website offers setup instructions for Windows, Linux, and Mac devices, for iPhone and Android, and for routers.

A quick performance test using Gibson's DNS Benchmark program for Windows confirmed that Cloudflare's DNS servers are fast; not the fastest, but very fast when compared to other providers.

dns benchmark cloudflare

Your mileage may vary as it may depend on your location. I suggest you run benchmarks if speed is your primary consideration when it comes to DNS. You may use Namebench or the aforementioned DNS Benchmark for that.

And privacy?

Cloudflare promises that it never writes the IP address of the querying system to disk and that the company wipes all logs within 24 hours.

The company hired KPMG, an auditing firm, to audit the source code and practices annually and release the report to the public.

Cloudflare DNS supports DNS-over-TLS and DNS-over-HTTPS. Both technologies are open and attempt to limit or eliminate DNS lookups over unencrypted connections.

We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We're hoping that with an independent DNS-over-HTTPS service now available, we'll see more experiments from browsers, operating systems, routers, and apps to support the protocol.

Closing Words

Cloudflare operates one of the largest infrastructures and the company's DNS service benefits from that infrastructure as it is one of the fastest available services.

The no-IP logging and 24-hour log deleting policy, and implementation of DNS-over-TLS and DNS-over-HTTPS, are welcome additions.

Cloudflare is not without controversy and there will certainly be users who won't use the company's DNS servers.

Now You: which DNS provider do you use, and why?

Related articles

Summary
Cloudflare launches fast and privacy-focused DNS at 1.1.1.1
Article Name
Cloudflare launches fast and privacy-focused DNS at 1.1.1.1
Description
Cloudflare announced the launch of its new public DNS service 1.1.1.1 on April 1, 2018. The company promised in the announcement that 1.1.1.1 would offer faster speeds and better privacy than other public DNS systems provided by companies such as Google, Yandex or Cisco. Let us find out if the promises hold up to a closer inspection of the service.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Sophie said on April 2, 2018 at 9:23 am
    Reply

    I had, for a long time, been using my VPN providers’ DNS. I was perfectly happy with speed, and found nothing restricted or any issues at all with them.

    Recently though, I decided to look into it a bit more, because I sought a DNS that had malware, phishing and other bad lookups blocked. I sent an email to my VPN to ask them in their DNS blocked any of these things. The answer was no, and that that facility was only available from their VPN client, by flicking a switch in there…something that I did not want to do.

    So I swiched to Quad9 – 9.9.9.9, and read up all about them, and felt pretty happy with that. Until I found that they blocked my free Web host, that I use for certain files. There was no way I could whitelist that, and I felt that their blocking of that free web-host was unnecessary.

    So I’ve just switched to Comodo secure, and so far, all seems good. I would rather have stuck with Quad9, as I had the impression they take security very seriously. But I don’t want to create a new account with another free web host, so at the moment, I’m just leaving things with Comodo.

    1. VPNquestion said on April 2, 2018 at 2:12 pm
      Reply

      Sophie,
      what VPN provider did you use ? Wondering about getting one too, but there are hardly any real reviews or ratings out. Seems everybody tries to sell Nordvpn & Expressvpn and I don’t believe all the wonderful reviews when compairing prices. New deal, new deal and so on. 3 yrs for $99. How can a decent VPN provider offer so cheap prices ?

      1. Sophie said on April 2, 2018 at 5:19 pm
        Reply

        @VPNquestion – I use PIA (Private Internet Access). I’m aware of all the arguments about “who can you trust”, and that they’re based in the USA which is seen as a no-no.

        But personally, they continue to be the one for me, despite some concerns that others may or have expressed.

        By the way, having paid for the service for nearly 2 years now, I would also like to add that the uptime I have experienced is approx 100% I’m not sure its ever not worked! Occasionally, a server does not seem right, and I’ve switched, and all sorted again. Great uptime in other words. Hope that helps!

      2. VPNquestion said on April 2, 2018 at 10:22 pm
        Reply

        Sophie,
        thanks for your reply. It is greatly appreciated.

      3. Heydrich said on April 3, 2018 at 8:40 am
        Reply

        After extensive research, I decided to use both, Private Internet Access and Nord VPN, at times on my router and/or VPN software (i.e., tap and OpenVPN application) on the computer.

        After six years of heavy P2P and general internet use, on Windows and Mint operating systems, my own experience is positive, few minor issues aside.

      4. Don Gateley said on April 4, 2018 at 2:46 am
        Reply

        I agree about Private Internet Access (PIA) for a VPN. Been using it without incident for about four years. Maybe longer. Maybe shorter. :-)

        It’s configuration is minimal which is good and bad. It’s good because it makes using PIA really simple. Possibly makes it bad because of missing features but I don’t know what could be added. Ah, I remember a bad. When I started using it, the feature that stops all flow if the VPN drops (rather than falling back to clear with no announcement which is what Windows does) could leave things in a bad state that survives a reboot and requires manually changing the real port’s DNS server. A bit esoteric for most people. Now I use the feature in qBittorrent that does the same thing and don’t mess with that feature of the VPN itself. It’s been a while since I messed with that feature, though, and it might work fine now.

    2. scorpiogreen said on April 5, 2018 at 9:21 am
      Reply

      I too use PIA and they insist that I use PIA’s own DNS, but when I tried to use it, it slowed down my browsing considerably. Pages would hang for up to 10 seconds or so before loading. I suspect that their own DNS servers are so crowded with traffic that it is causing the problem.

      So I’ve been using OpenDNS on PIA for years, for both the NIC card adapter settings and the TAP driver adapter that PIA uses. It’s adequate but if something else has faster lookup times, I’m willing to use it.

      I’ve also heard about DNS Jumper – – https://www.sordum.org/7952/dns-jumper-v2-1/ – – that takes away the need to manually change them through your Network Connections – Adapter Settings and makes switching easier. They just recently added Cloudflare’s 1.1.1.1 to their change list as well a couple of days ago.

      I never trust Comodo but I guess that’s just me. The name means adware as far as I’m concerned.

    3. Steve said on April 24, 2018 at 1:41 pm
      Reply

      For various reasons I’ve blocked Cloudflare, would suggest you check tenta.com, they do have android/ios browser, however, they are offering DNS servers without charge. No logging, DNSSEC, TLS.

  2. RossN said on April 2, 2018 at 9:33 am
    Reply

    I used to use OpenDNS.
    Currently just using the default, so my ISP.

    Question: Is it a reasonable idea to mix DNS hosts? Say first address at Cloudfare and alternate at Google?

    1. Sophie said on April 2, 2018 at 5:21 pm
      Reply

      OpenDNS don’t have malware filtering, unless you pay for their premium service. And because I don’t ever update my Windows 10 install, I decided fairly recently that a DNS service with careful and decent malware filtering built-in, became more of a priority for me.

      1. leland said on April 2, 2018 at 10:19 pm
        Reply

        OpenDNS does indeed have malware/botnet and phishing protection on free accounts. I have been using a free account since they opened up for business. Now that said maybe new accounts had that removed. I don’t have time to test this. I did have to sign into my account and enable the protection under the security section. It used to be enabled by default so you might need to poke around the web settings for your account. The nice thing is they also include a whitelist and blacklist for individual domains in case they are blocked by one of their filters.

        I have also experimented with AdGuard DNS which gives you adblocking at the DNS level. Most routers can be set to use it which is nice. It also blocks malware quite nicely.

        Another I tried for a bit was Alternate DNS which had adblocking but it blocked some local ip addresses that it should not have. I had to remove it within a week or so. Their support was not helpful.

    2. Sophie said on April 2, 2018 at 5:23 pm
      Reply

      Easy to switch around to your hearts content, with DnsJumper, as Martin has covered before. It’s simple, and great, especially when used with DNSBench.

      1. Rush said on April 3, 2018 at 4:26 pm
        Reply

        @Sophie

        I also have been using DnsJumper for a while now, along with DNS server: OpenDNS Home.

        In addition, I love the options to choose, a custom DNS and / or which network adapter you want to use, and the ability to flush DNS.

        Great program.

    3. KeZa_BE said on April 4, 2018 at 5:56 pm
      Reply

      You can use OpenDNS with DNS Crypt an than you have a better one then Cloudflare because it protects you from malware sites etc…

  3. Sophie said on April 2, 2018 at 9:37 am
    Reply

    Aren’t Cloudflare responsible for those incredibly annoying ‘validation’ blocks that insist you tick every car in the pictures, or every bus or street lamp???

    While I understand why that system may have needed to be created, that alone would put me off the ‘Cloudflare’ name.

    1. Tancred said on April 2, 2018 at 12:09 pm
      Reply

      That is from a company called reCaptcha, which was bought by Google.

      1. Sophie said on April 2, 2018 at 5:20 pm
        Reply

        Ahh….what a surprise (not) that it had to be Google behind all that!! They are springing up more and more.

      2. Duckeenie said on April 2, 2018 at 9:26 pm
        Reply

        The things are put in place to thwart DDos attacks. As inconvenient as those captchas are, it’s nowhere near as annoying as not being able to access a site because it’s down. Blame the real bad guys, they’re the reason we can’t have nice things.

  4. Darren said on April 2, 2018 at 10:00 am
    Reply

    Been using Quad-9. It and this new offering are definitely superior to comcast, etc, but I always wonder, how does a company like Cloudflare benefit from offering public DNS like this? Even not logging IP addresses and such this still must give them real-time insight on what’s going on. Not that I’m suspicious, just curious. 1.1.1.1 is prime IP real estate regardless. Wow.

  5. Sophie said on April 2, 2018 at 10:05 am
    Reply

    Hello Martin – you have something mad going on with your comments :

    At the very least…

    ….Just now it shows a count of “3” just now, yet none show up.
    ….Comments no longer get posted immediately, and can take hours
    ….Some comments just never show up
    ….Sometimes an error screen shows up (it did this morning) after an “age” of trying to post but nothing happening

    I’ve probably forgotten other scenarios!

    Sorry once again for the moan, but I’m not sure things are working quite as you would wish?

    1. Stefan said on April 2, 2018 at 11:54 am
      Reply

      EDIT has been gone to on and off….

    2. Martin Brinkmann said on April 2, 2018 at 2:06 pm
      Reply

      Sophie, sorry that you (and others) experience these issues; we try to troubleshoot the issue.

      1. Sophie said on April 2, 2018 at 5:24 pm
        Reply

        Thanks Martin. Sorry for the moan! Would be great if validation took place by virtue of a validated email account. Perhaps that’s why the commenting system is a little ‘guarded’ at the moment, since its not validated? Thanks in advance for a fix. Problems are fairly recent…or at least, something seems to have downgraded a little.

      2. scorpiogreen said on April 5, 2018 at 9:28 am
        Reply

        Yeah, the EDIT function is gone for me too. It’s now 4/5/18

  6. Malte said on April 2, 2018 at 10:27 am
    Reply

    “Cloudflare is not without controversy and there will certainly be users who won’t use the company’s DNS servers.” Why? Please explain. Happy Easter!

  7. TelV said on April 2, 2018 at 11:32 am
    Reply

    Some interesting background info on Cloudflare: https://github.com/pirate/sites-using-cloudflare

    They also host the content of some dubious organisations: https://www.theguardian.com/world/2018/feb/10/web-giant-cloudflare-storing-extreme-neo-nazi-content-on-uk-soil

    1. dmacleo said on April 2, 2018 at 4:20 pm
      Reply

      so…in your opinion they should only deal with organizations you agree with?
      I have no love at all for the mentioned idiots but free speech trumps peoples feelings.
      also, cloudflare doesn’t actually (really) host anyting. they just provide the pointers.
      should they stifle organizations you agree with if someone complains?
      there is no “right” answer. either speech is free or it isn’t.

      1. Sophie said on April 2, 2018 at 5:25 pm
        Reply

        Free speech all the way! Absolutely agree with your point.

      2. TelV said on April 3, 2018 at 11:28 am
        Reply

        Incitement to violence whereby one group with bigoted ideas targets another just because they don’t agree with their religious views can hardly be construed as freedom of expression. Neo-nazis don’t belong in a civilised society and any business which supports them, even indirectly by hosting their content online should be boycotted by those who believe is a free and democratic society.

        If we allow racism under the banner of ‘freedom of expression’ we risk society descending into anarchy with all the consequences that that entails.

      3. dmacleo said on April 3, 2018 at 2:26 pm
        Reply

        yeah, thought control really works well for all involved.
        stupid.

      4. widdle whambo said on April 6, 2018 at 3:21 pm
        Reply

        Well since my other response was deleted, I too will echo what @dmacleo and Sophia says and say free speech all the way!

      5. TelV said on April 6, 2018 at 5:34 pm
        Reply

        Freedom of speech or expression simply isn’t possible because it’s open to abuse. You quoted the 1st Amendment which you say guarantees freedom of speech under the US Constitution. But the Sedition Act of 1798 contradicts that because it forbids malicious incitement to overthrow the government whether verbal or written. So there you have a restriction which you may not have been aware of.

        Free speech is harmful. If you allow unbridled free speech, you automatically condone hate speech, homophobic slurs, intolerance towards religious groups etc., etc.

        As regards Cloudflare, I think their decision to allow Neo-Nazis a means to spread their abhorrent views is reprehensible, but that’s just my opinion as I said in the beginning.

      6. widdle whambo said on April 7, 2018 at 4:28 am
        Reply

        >but that’s just my opinion as I said in the beginning.

        Yup, everything you’ve said is just your opinion. And I have mine. No apologies, there.

      7. TelV said on April 7, 2018 at 10:50 am
        Reply

        And my opinion is a valid one: let’s be clear about that.

        But I guess you believe that disseminating propaganda for white supremacists, Neo-Nazis and even ISIS is a good thing judging by your comments so far. Eradicating ISIS especially is never going to happen while Cloudflare continues to host their extremist content.

        So if you decide to support a Web hosting company which allows such content you’re indirectly responsible for the consequences.

      8. Martin Brinkmann said on April 7, 2018 at 3:15 pm
        Reply

        Please, I don’t want this thread to drift of into political or religious discussions. There are better places to discuss these things.

        Just one thing, Cloudflare is not a hosting provider.

      9. widdle whambo said on April 9, 2018 at 4:07 am
        Reply

        No, I believe in defending the 1st Amendment and people like you have nothing left but to resort to personal attacks when others don’t agree with you.

        And my opinion is also valid one: let’s be clear about that.

        ~

        PS: And yes, you’ve now convinced me now to try out Cloudflare DNS. I appreciate that, thank you.

  8. Words are being written below said on April 2, 2018 at 11:35 am
    Reply

    Martin, can you do a Firefox Nightly tutorial for setting up DNS-over-HTTPS with Cloudflare?

  9. Stefan said on April 2, 2018 at 11:52 am
    Reply

    IPREDATOR DNS servers

    One of the most important parts of a working Internet is an uncensored DNS. We run a pair of public resolvers which provide access to the ICANN root zone.

    Servers for IPv4:
    194.132.32.32 (supports dnscrypt, see below)
    46.246.46.246

    Servers for IPv6:
    2001:67C:1350:DEAD:BEEF::246
    2C0F:F930:DEAD:BEEF::32

    A dedicated set of DNS servers is available for use when connected to the VPN.

    Servers for IPv4:
    194.132.32.23
    46.246.46.46

    Servers for IPv6:
    2C0F:F930:DEAD:BEEF::23
    2001:67C:1350:DEAD:BEEF::46

    https://www.ipredator.se/page/services#service_dns

    1. Sophie said on April 2, 2018 at 5:26 pm
      Reply

      @stefan, thanks. Helpful! Looking it up….

  10. Tancred said on April 2, 2018 at 12:08 pm
    Reply

    I use my ISP’s DNS servers, since they already know where I’m connecting to anyway, I’m minimizing the amount of entities knowing my connection info.

    Why should we trust either Google or Cloudflare with our DNS?

    1. Anonymous said on April 2, 2018 at 4:32 pm
      Reply

      Your ISP can DNS poison you(blocking sites, ads redirecting).
      That’s what my ISP do so I’m using alternative DNS.
      Also protect your privacy more as said above. Your ISP may know the server ip adress but they don’t know what website you’re opening.

      1. John Fenderson said on April 2, 2018 at 7:55 pm
        Reply

        “Your ISP can DNS poison you(blocking sites, ads redirecting).”

        True. And the second my ISP starts doing that, then I’ll switch to a different DNS service.

      2. Tancred said on April 3, 2018 at 11:49 am
        Reply

        >Your ISP may know the server ip adress but they don’t know what website you’re opening.

        What do you mean?

        The ISP is serving me every single bit that I see. They can inspect everything that is unencrypted.

        Anyway, they know every single IP address that I connect to, so if I ask them to resolve a DNS name to that IP address for me as well, they don’t know more than if I use a different DNS service.

        I have not encountered a site blocked by my ISP yet and everyone blocks ads anyway.

    2. Sophie said on April 2, 2018 at 5:28 pm
      Reply

      You wouldn’t trust Google, and other DNS services are likely a lot more trustable….but at some point, you still have to “trust”.

      Better to use a VPN, so that whatever IP the DNS lookup gets, its obfuscated in the first place. Especially with NAT-style IP mixup.

      1. Lama said on April 2, 2018 at 5:33 pm
        Reply

        The VPN then becomes like your ISP. I know it’s going to vary from country to country but I trust my ISP way more, both in terms of competence and seriousness with the handling user data, than all VPNs I ever heard of except ProtonVPN. Which I don’t use, but I may at some point, given laws being passed recently.

    3. Lama said on April 2, 2018 at 5:37 pm
      Reply

      @Tancred

      Cloudflare already knows most of your browsing habits so you’re not really minimizing your exposure that much, it’s not a good reason not to use their DNS service at least. They are here on Ghacks for instance.

      There may be other reasons to conclude that it’s wiser to use your ISP’s DNS, gonna depend on the ISP and various factors we’re not considering right now.

      1. Sophie said on April 2, 2018 at 6:49 pm
        Reply

        @Lama – Interesting that you take that point of view. You’re right that it all depends on the ISP. Here in the UK, there is a very censorious climate, and we have a government very much inclined to snooping and gathering. The big ISPs roll over and do all that the govt. ask….so no….in this case at least, I (or we) do not trust the ISP more than the VPN provider.

      2. Lama said on April 2, 2018 at 7:28 pm
        Reply

        Yes but even then, it depends on the VPN. With the ISP you know what to expect and how it’s going to be used, you may have protecting bodies and as a citizen of the same country, you have some rights.

        Meanwhile a VPN can be just any shady untouchable business doing whatever they want outside of your jurisdiction.

        Or, indeed, it could be trustworthy AND competent (this matters a lot), like ProtonVPN. But the VPN market is IMO a jungle filled with incompetent, shady products that may or may not be good at posturing like trustworthy organisations.

        In saying this, I just intend to outline that a VPN is *hard* to pick and it’s easy to make a choice that’s worse than our ISP and the state of our country’s laws, even when they look pretty bad. (As long as it’s not China bad…)

        I honestly have a hard time imagining that there exist more than 3-4 proper VPNs in the entire market.

      3. Anonymous said on April 3, 2018 at 5:53 am
        Reply

        Just as Lama said. Using VPN would not guarantee your privacy, are you sure they’re not selling your data? There’s no way to know. Using VPN is just ‘renting’ their servers.

        If you need more privacy, build your own VPN server. But that’s not really ‘private’ either, your VPN server would need ISP to connect to internet and nowadays ISPs are logging internet traffic.
        In China, VPNs need to be registered and give their logs to government. I wonder what’s the use of VPN in China?

        If you truly want privacy, I suggest just get off the internet or use spies’ special line communication.

      4. scorpiogreen said on April 5, 2018 at 9:41 am
        Reply

        I take it you never had Comcast as an ISP. Comcast has been known to block content. They’ve also been known to push unwanted ads to their customers. I wouldn’t trust them with anything.

  11. Johnny said on April 2, 2018 at 12:09 pm
    Reply

    Are there any IPv6 addresses for cloudflare’s public dns?

    1. It's a me, Mario. said on April 2, 2018 at 2:34 pm
      Reply

      IPv4

      1.1.1.1
      1.0.0.1

      IPv6

      2606:4700:4700::1111
      2606:4700:4700::1001

      1. dmacleo said on April 2, 2018 at 4:23 pm
        Reply

        1.0.0.1. not valid if you read the article, it was available but due to kunk they went with 1.1.1.1
        APNIC’s research group held the IP addresses 1.1.1.1 and 1.0.0.1. While the addresses were valid, so many people had entered them into various random systems that they were continuously overwhelmed by a flood of garbage traffic. APNIC wanted to study this garbage traffic but any time they’d tried to announce the IPs, the flood would overwhelm any conventional network.

        We talked to the APNIC team about how we wanted to create a privacy-first, extremely fast DNS system. They thought it was a laudable goal. We offered Cloudflare’s network to receive and study the garbage traffic in exchange for being able to offer a DNS resolver on the memorable IPs. And, with that, 1.1.1.1 was born.

      2. dmacleo said on April 2, 2018 at 8:46 pm
        Reply

        I apologize, I was wrong.
        1.0.0.1 started resolving correctly here few moments ago and while article does not say use it setup instructions do.
        again, I am sorry.

      3. Tom Hawack said on April 3, 2018 at 11:12 am
        Reply

        From what I’ve read CloudFlare’s first DNS is 1.1.1.1 and was launched 1st of April because the date corresponds to 4/1 in English : or 4 times 1 or 1.1.1.1
        1.0.0.1 is the secondary server, the only one used with DNScrypt-proxy when choosing CloudFlare.

  12. Yuliya said on April 2, 2018 at 12:45 pm
    Reply

    >Cloudflare
    I’d rather pack my entire FireFox profile folder, including history and cookies, and upload it unencrypted to Google Drive. I’d feel safer.

    1. Lama said on April 2, 2018 at 5:28 pm
      Reply

      Why ? Cloudflare provides DDoS protection to a significant part of the web and that means they are a man-in-the-middle for a significant proportion of our web requests, which they are able to see in clear even with HTTPS. They’re doing it right here on Ghacks. It is not clear that they are privacy adversaries to me, what’s clear is that they are in a strategic position where even Google isn’t.

      At this point, making them my DNS would give them more data, but I’m pretty sure they can infer it all already based on the significant sample they have.

       

      On the other hand, Google which is a known and massive adversary to privacy can be avoided, it’s not silently man-in-the-middling the entire web: We can avoid both Google software and Google third-party tracking. We’re only owned on Google properties and software. As opposed to Cloudflare, we know for sure that Google is a privacy adversary and we can mostly evade them.

      1. John Fenderson said on April 2, 2018 at 9:35 pm
        Reply

        “that means they are a man-in-the-middle for a significant proportion of our web requests, which they are able to see in clear even with HTTPS”

        Which is one of my primary problems with Cloudlfare. They are, by definition, an attacker.

  13. Paul(us) said on April 2, 2018 at 1:13 pm
    Reply

    Hello Martin, let me start by wishing you a happy second Easter day.
    What a great article again to lick your fingers from (Are you saying that in English?).

    Anyway, my question is once you have converted your DNS to the Cloudflare settings, is there something special needed to get the settings back to your old DNS values?
    Or you can just tweak the old DNS values over the Cloudflare settings and reboot than the PC when after the reboot everything should work be working as it did before?

    P.S. You mention the accounting firm KPMG.
    And I now that (and not only from the Dutch K part of it (Klynveld, startted at 1917) that the KPMG always has several lawsuits against them and that they regularly have to settle for very large amounts of money, and that the KPMG integrity is always under fire.

    1. Martin Brinkmann said on April 2, 2018 at 1:59 pm
      Reply

      Paulus, that depends on the previous setting. If it was your providers, you can simply delete the entries and it will revert back to the defaults. If you used different IPs, I suggest you write them down so that you can restore them.

      1. TomNJerry said on April 3, 2018 at 3:05 pm
        Reply

        “DNS Resolvers Performance compared: CloudFlare x Google x Quad9 x OpenDNS”
        https://medium.com/@nykolas.z/dns-resolvers-performance-compared-cloudflare-x-google-x-quad9-x-opendns-149e803734e5

        “CloudFlare was the fastest DNS for 72% of all the locations. It had an amazing low average of 4.98 ms across the globe”

    2. Sophie said on April 2, 2018 at 5:29 pm
      Reply

      >>>What a great article again to lick your fingers from (Are you saying that in English?)

      haha! …………NO, you’re not!!!!

  14. Paul(us) said on April 2, 2018 at 6:38 pm
    Reply

    Today other websites also had there thought’s about the Cloudflare subject:
    Howtogeek thinks that’s its more for business
    https://www.howtogeek.com/fyi/cloudflare-launches-a-new-privacy-focused-dns-server-but-should-you-use-it/
    The verge also mentioning the web optimization network deployed its Universal SSL feature
    https://www.theverge.com/2018/4/1/17185732/cloudflare-dns-service-1-1-1-1

  15. John Fenderson said on April 2, 2018 at 7:50 pm
    Reply

    Cloudflare needs to provide some reason why we should trust them any more than anyone else.

    “which DNS provider do you use, and why?”

    I use my ISP’s. My ISP (Comcast) is absolutely terrible in terms of privacy issues, but given that I’m exposed to them in a million other ways regardless, I figure it’s better to keep my exposure to a single company than to also expose myself to other companies.

    I haven’t found an alternative DNS provider that I am confident is any better.

  16. dmacleo said on April 2, 2018 at 8:47 pm
    Reply

    Martin, why can’t subscribed logged in users edit posts now?

    1. Martin Brinkmann said on April 2, 2018 at 8:50 pm
      Reply

      I have turned off the functionality as it is buggy. I’m testing a new comment system right now which supports comment editing among other things. If things go well, I’ll launch it soon. Sorry for the inconvenience that this causes.

      1. dmacleo said on April 3, 2018 at 2:25 pm
        Reply

        ok thanks, I just wondered as I had made a spelling error and wanted to correct and…..could not LOL

  17. happysurf said on April 2, 2018 at 9:03 pm
    Reply

    Great article again, switched to 1.1.1.1 and 1.0.0.1 because are slightly faster then Google ones.
    Thanks Martin.

  18. Apparition said on April 2, 2018 at 10:10 pm
    Reply

    I am sticking with Quad9. According to the DNS benchmark I just ran, in this area of the United States in terms of speed:

    1. Google and Quad9. They were about tied.
    2. Level 3
    3. OpenNIC
    4. Cloudflare

  19. Anonymous said on April 3, 2018 at 6:01 am
    Reply

    I use ConnectSafe DNS by Norton which supposedly blocks malware

  20. reader said on April 3, 2018 at 7:54 am
    Reply

    Use Tor’s DNS server system (red tor manual: DNSPort) for absolute privacy.

    And don’t trust Cloudflare. They recently take down anti-mitm addon.

  21. Tom Hawack said on April 3, 2018 at 11:23 am
    Reply

    I’m a DNSCrypt-proxy user since years now, first with versions 1.8 up to 1.9.5 then with its major 2.x updates. I’ve almost always chose OpenDNS (cisco) as its server because of speed despite no DNSSEC and logging. I’m testing since yesterday DNScrypt-proxy with Cloudflare server (uses 1.0.0.1) which honors DNSSEC, is DoH and stated as not logging. As fast if not faster than cisco. Remains the big question of privacy. I have to take their word for it. This said OpenDNS (cisco) is not a haven of privacy itself, anyway it doesn’t state that it doesn’t log). We’ll see. But a reasonable confidence is required nowadays because wherever you move you call servers.

    1. John Fenderson said on April 3, 2018 at 6:05 pm
      Reply

      I’m revealing my age here, but I remember, waaaay back when, when DNS didn’t exist. Everybody shared a hosts file that associated domain names with IP addresses.

      That clearly wasn’t scalable and needed to be replaced — but it had the rather huge advantage of maximizing privacy, as no external server was involved in domain name lookups.

      I still do something similar today (halfway between the two, anyway): I run a personal DNS proxy server. DNS lookups happen with my ISP’s DNS server, but once a lookup is performed, my proxy caches it forever (or until the cached domain no longer resolves properly). That way, no domain server outside my control knows anything more than someone in my network resolved a particular name at one point in time.

      I consider it a decent compromise between convenience and security.

  22. AAA said on April 3, 2018 at 5:17 pm
    Reply

    I use google dns 8.8.8.8 , 8.8.4.4
    dirctly configure into my router(Airport Exteme), the media steaming on Chromecast and iPad is really fast… the devices also got smoother. Dunno if I have been hacked or what, but I like it! Lol.

    1. John Fenderson said on April 3, 2018 at 6:07 pm
      Reply

      Honestly, I’d trust Cloudflare a whole lot more than Google.

  23. Panama Patrick said on April 3, 2018 at 11:27 pm
    Reply

    Thanks Martin for this article. I live in the Rep. of Panama, Central America and have found that CloudFlare beats all other DNS’s by a wide margin. Second faster is Quad9 but Cloudflare is 4 x faster.

  24. WTFCloudflare said on April 4, 2018 at 1:03 am
    Reply
  25. KeZa_BE said on April 4, 2018 at 6:00 pm
    Reply

    You can use OpenDNS with DNS Crypt an than you have a better one then Cloudflare because it protects you from malware sites etc.. and you have DNS over HTTPS.

  26. James said on April 5, 2018 at 9:13 am
    Reply

    Just switched over to cloudflare!

  27. chesscanoe said on April 5, 2018 at 1:56 pm
    Reply

    Quad9 works very well for me in the Boston area of US, does not go down in the months I have been using it, does not log, and apparently New York City likes it too.
    https://www.quad9.net/quad9-enabled-across-new-york-city-guest-and-public-wifi/

  28. leland said on April 5, 2018 at 11:41 pm
    Reply

    I had switched over a test network to Cloudflare for testing but just experienced an outage. I will continue testing later but need to work for now.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.