Cloudflare Launches Privacy-Focused 1.1.1.1 DNS Service
Cloudflare, a well known internet performance and security company, announced its own privacy-focused, fast, and secure Domain Name System (DNS) resolver with the easy to remember address of 1.1.1.1.
What Is A DNS Resolver
A DNS resolver is a server that stores a central database of website names and links them to their respective IP addresses. Without DNS servers, we’d only be able to connect to websites using the IP address of the websites’ servers. Therefore, DNS resolvers make using the web much easier for humans.
However, DNS resolvers have much power, too, in the sense that they could either censor certain websites or they could track what websites users visit. For instance, the Turkish government is known for ordering its ISPs to stop resolving the domain names of particular websites or services. Then, for the vast majority of internet users in Turkey, those sites will be as good as censored.
However, some Turkish users realized how the censorship was being done, and started using other DNS resolvers to visit the censored websites. They even promoted Google’s own DNS resolver, hosted at 8.8.8.8, because of how easy it was to remember.
A “Privacy-First” DNS Resolver
Cloudflare is now launching its competing DNS server, hosted at 1.1.1.1, but according to the company, the service is implemented and operated based on “privacy-first” principles.
Cloudflare said that most DNS servers by default not secure, not encrypted, and they certainly aren’t too privacy-focused. As we’ve seen recently, ISPs have started tracking users’ browsing habits, similarly to Google and Facebook, because all the data goes through their cables. Encrypted data transferred over HTTPS is protected, but if you use the default DNS resolver provided by your ISP, then the ISP will be able to see the requests you make to specific websites.
Cloudflare claimed that its 1.1.1.1 DNS resolver supports encrypted DNS and DNS over HTTPS, and that its data logs are deleted after 24 hours. No user data or IP address is stored.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Matthew Prince, co-founder and CEO of Cloudflare, said:
We think it’s creepy that user data is sold to advertisers and used to target consumers without their knowledge or consent. Frankly, we don’t want to know what people do on the Internet—it’s none of our business—and we’ve designed 1.1.1.1 to ensure that we, along with ISPs around the world, can’t.
Cloudflare also claimed that the 1.1.1.1 DNS resolver is already one of the fastest on the internet. The company plans to eventually lower the latency between any user requesting a website in their browser and its DNS servers to under 10 miliseconds.
APNIC is a non-profit organization that helps Cloudflare operate this service for the Asia-Pacific region. It also provided Clouflare with the easy to remember 1.1.1.1 and 1.0.0.1 IP addresses. Geoff Huston, Chief Scientist at APNIC, said:
At APNIC Labs, we’re aware that the DNS is not always private, fast, or secure, and we’re always looking for ways to improve how it works. We’re working with Cloudflare to refine this basic Internet function so that users have a much more private and faster experience.
How To Set-Up Cloudflare’s 1.1.1.1 DNS Resolver
If you’ve ever changed your DNS servers on your computer before, then you also know how to set-up Cloudflare’s DNS resolver, because it’s no different. If you’ve never done that, then you all you need to do is look up the network settings on your PC, Mac, iPhone, or Android device, find the DNS server setting, and add the 1.1.1.1 address in there.
For the alternate server, Clouflare also provides the 1.0.0.1 address, in case there’s any downtime for the primary one. Cloudflare also chose two IPv6 addresses that only use numbers, again for the sake of simplicity: 2606:4700:4700::1111 and 2606:4700:4700::1001.
The company provides more information on how to set-up its DNS servers at https://1.1.1.1/.
Cloudflare also assured us that the launch of this service is no April Fools prank. The reason for why it chose to launch the service today, on a Sunday, on 4/1/2018 is that the data contains 4/1, which can be read as four 1’s, just like its DNS server address: 1.1.1.1.
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks
-
toadhammer Something discussing actual support for DNS over HTTPS would be a welcome addition to this article. Various servers have been around for a couple years now and it's still in draft/test status...Reply -
theyeti87 Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole?Reply -
bit_user I'm not sure how much privacy this really adds. Google's 8.8.8.8 has been around long enough that I imagine a fair number of ISPs are already doing reverse-lookups.Reply -
TJ Hooker
You still need a DNS provider if you're using pihole. The default used by pihole is Google DNS.20850634 said:Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole? -
theyeti87 20851310 said:
You still need a DNS provider if you're using pihole. The default used by pihole is Google DNS.20850634 said:Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole?
A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole? -
TJ Hooker
Well, according to Cloudflare it's more private due to using encrypted DNS and deleting all logs after 24 hours. I can't say how this compares to other DNS e.g. Google. I would think that it would be more private than Google if you are logged in to Google on your computer, because then it'd probably be pretty easy for Google to link all DNS requests from your IP back to your Google account. Same could be said about using your ISP's DNS, which they could link back to your account. I'm not saying other DNS (e.g. Cloudflare) couldn't link your IP back to you somehow, but probably not as easy.20852263 said:A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole? -
theyeti87 20856419 said:
Well, according to Cloudflare it's more private due to using encrypted DNS and deleting all logs after 24 hours. I can't say how this compares to other DNS e.g. Google. I would think that it would be more private than Google if you are logged in to Google on your computer, because then it'd probably be pretty easy for Google to link all DNS requests from your IP back to your Google account. Same could be said about using your ISP's DNS, which they could link back to your account. I'm not saying other DNS (e.g. Cloudflare) couldn't link your IP back to you somehow, but probably not as easy.20852263 said:A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole?
Thanks for the info. I'm not using Google for DNS, but rather Comodo Secure DNS.