Cloudflare launches fast and privacy-focused DNS at 1.1.1.1
Cloudflare announced the launch of its new public DNS service 1.1.1.1 on April 1, 2018. The company promised in the announcement that 1.1.1.1 would offer faster speeds and better privacy than other public DNS systems provided by companies such as Google, Yandex or Cisco. Let us find out if the promises hold up to a closer inspection of the service.
Note: The company decided to launch the new service on April 1, 2018. That's a red flag usually as tech companies make all sorts of April Fools jokes on the day. It appears, however, that 1.1.1.1 is real and not a joke.
DNS plays an important part on the Internet. Computers use IP addresses for communication but that would be terrible for humans who have a hard time remembering numbers. Would you prefer to visit startpage.com or 216.218.239.42?
DNS is the system that translates domain names to IP addresses so that computers know what to do. Most computer users probably use the DNS service that comes with the Internet connection; it is used by default but usually not the fastest nor most private.
Several ISPs started to monetize DNS by displaying custom error pages when a site can't be accessed.
Privacy and censorship are two additional areas that Internet users need to consider when it comes to DNS. Requests that you make on a device use the configured DNS provider which means that the provider knows exactly what you do on the Internet.
This is true even if you connect to HTTPS sites only, and may even be true for some VPN services that don't protect against DNS leaks. Internet Service Providers in the United States may sell customer data and the two viable options that customers have is to change the DNS provider or use a VPN service that uses its own DNS system.
DNS censorship is quite common as it is easy to implement. It is not strong as it can be bypassed easily. Basically, what happens is that Internet Service Providers change the IP address a domain name resolves to. This redirects users to a different web page, for instance an error page, a warning page, or a government domain, instead of the desired domain.
Cloudflare's 1.1.1.1 public DNS
First, the basics: Cloudflare's public DNS has the IP addresses 1.1.1.1 and 1.0.0.1. How you add those to your system depends largely on the operating system you use.
Windows users may do the following:
- Use the keyboard shortcut Windows-R to open the run box.
- Type netcpl.cpl to open the Network and Sharing Center (note that this may not be available in the newest builds of Windows 10)
- If it is not available, right-click on the network icon in the System Tray and select Open Network and Internet settings.
- On the page that opens, click on "change adapter options".
- Right-click on the active connection and select properties from the menu.
- Double-click on "Internet Protocol Version 4 (TCP/IPv4)
- Switch to "Use the following DNS server addresses".
- Enter 1.1.1.1 under preferred DNS server.
- Enter 1.0.0.1 under alternate DNs server.
Tip: You can open 1.1.1.1 in your browser. The website offers setup instructions for Windows, Linux, and Mac devices, for iPhone and Android, and for routers.
A quick performance test using Gibson's DNS Benchmark program for Windows confirmed that Cloudflare's DNS servers are fast; not the fastest, but very fast when compared to other providers.
Your mileage may vary as it may depend on your location. I suggest you run benchmarks if speed is your primary consideration when it comes to DNS. You may use Namebench or the aforementioned DNS Benchmark for that.
And privacy?
Cloudflare promises that it never writes the IP address of the querying system to disk and that the company wipes all logs within 24 hours.
The company hired KPMG, an auditing firm, to audit the source code and practices annually and release the report to the public.
Cloudflare DNS supports DNS-over-TLS and DNS-over-HTTPS. Both technologies are open and attempt to limit or eliminate DNS lookups over unencrypted connections.
We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We're hoping that with an independent DNS-over-HTTPS service now available, we'll see more experiments from browsers, operating systems, routers, and apps to support the protocol.
Closing Words
Cloudflare operates one of the largest infrastructures and the company's DNS service benefits from that infrastructure as it is one of the fastest available services.
The no-IP logging and 24-hour log deleting policy, and implementation of DNS-over-TLS and DNS-over-HTTPS, are welcome additions.
Cloudflare is not without controversy and there will certainly be users who won't use the company's DNS servers.
Now You: which DNS provider do you use, and why?
Related articles
- DNS Angel: enable family protection with a click
- Encrypt your DNS traffic with Simple DNSCrypt for Windows
- How to fix Resolving Host (DNS) issues on Windows
- How To Flush The DNS Cache In Windows
- Quad9 DNS promises better privacy and security
Doesn’t Windows 8 know that www. or http:// are passe ?
Well it is a bit difficulty to distinguish between name.com domains and files for instance.
I know a service made by google that is similar to Google bookmarks.
http://www.google.com/saved
@Ashwin–Thankful you delighted my comment; who knows how many “gamers” would have disagreed!
@Martin
The comments section under this very article (3 comments) is identical to the comments section found under the following article:
https://www.ghacks.net/2023/08/15/netflix-is-testing-game-streaming-on-tvs-and-computers/
Not sure what the issue is, but have seen this issue under some other articles recently but did not report it back then.
Omg a badge!!!
Some tangible reward lmao.
It sucks that redditors are going to love the fuck out of it too.
With the cloud, there is no such thing as unlimited storage or privacy. Stop relying on these tech scums. Purchase your own hardware and develop your own solutions.
This is a certified reddit cringe moment. Hilarious how the article’s author tries to dress it up like it’s anything more than a png for doing the reddit corporation’s moderation work for free (or for bribes from companies and political groups)
Almost al unlmited services have a real limit.
And this comment is written on the dropbox article from August 25, 2023.
First comment > @ilev said on August 4, 2012 at 7:53 pm
For the God’s sake, fix the comments soon please! :[
Yes. Please. Fix the comments.
With Google Chrome, it’s only been 1,500 for some time now.
Anyone who wants to force me in such a way into buying something that I can get elsewhere for free will certainly never see a single dime from my side. I don’t even know how stupid their marketing department is to impose these limits on users instead of offering a valuable product to the paying faction. But they don’t. Even if you pay, you get something that is also available for free elsewhere.
The algorithm has also become less and less savvy in terms of e.g. English/German translations. It used to be that the bot could sort of sense what you were trying to say and put it into different colloquialisms, which was even fun because it was like, “I know what you’re trying to say here, how about…” Now it’s in parts too stupid to translate the simplest sentences correctly, and the suggestions it makes are at times as moronic as those made by Google Translations.
If this is a deep-learning AI that learns from users’ translations and the phrases they choose most often – which, by the way, is a valuable, moneys worthwhile contribution of every free user to this project: They invest their time and texts, thereby providing the necessary data for the AI to do the thing as nicely as they brag about it in the first place – alas, the more unprofessional users discovered the translator, the worse the language of this deep-learning bot has become, the greater the aggregate of linguistically illiterate users has become, and the worse the language of this deep-learning bot has become, as it now learns the drivel of every Tom, Dick and Harry out there, which is why I now get their Mickey Mouse language as suggestions: the inane language of people who can barely spell the alphabet, it seems.
And as a thank you for our time and effort in helping them and their AI learn, they’ve lowered the limit from what was once 5,000 to now 1,500…? A big “fuck off” from here for that! Not a brass farthing from me for this attitude and behaviour, not in a hundred years.
When will you put an end to the mess in the comments?
Ghacks comments have been broken for too long. What article did you see this comment on? Reply below. If we get to 20 different articles we should all stop using the site in protest.
I posted this on [https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/] so please reply if you see it on a different article.
Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to
Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to
Article Title: Reddit enforces user activity tracking on site to push advertising revenue
Article URL: https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/
No surprises here. This is just the beginning really. I cannot see a valid reason as to why anyone would continue to use the platform anymore when there are enough alternatives fill that void.
I’m not sure if there is a point in commenting given that comments seem to appear under random posts now, but I’ll try… this comment is for https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/
My temporary “solution”, if you can call it that, is to use a VPN (Mullvad in my case) to sign up for and access Reddit via a European connection. I’m doing that with pretty much everything now, at least until the rest of the world catches up with GDPR. I don’t think GDPR is a magical privacy solution but it’s at least a first step.