Cloudflare launches fast and privacy-focused DNS at 1.1.1.1

Cloudflare announced the launch of its new public DNS service 1.1.1.1 on April 1, 2018. The company promised in the announcement that 1.1.1.1 would offer faster speeds and better privacy than other public DNS systems provided by companies such as Google, Yandex or Cisco. Let us find out if the promises hold up to a closer inspection of the service.

Note: The company decided to launch the new service on April 1, 2018. That's a red flag usually as tech companies make all sorts of April Fools jokes on the day. It appears, however, that 1.1.1.1 is real and not a joke.

DNS plays an important part on the Internet. Computers use IP addresses for communication but that would be terrible for humans who have a hard time remembering numbers. Would you prefer to visit startpage.com or 216.218.239.42?

DNS is the system that translates domain names to IP addresses so that computers know what to do. Most computer users probably use the DNS service that comes with the Internet connection; it is used by default but usually not the fastest nor most private.

Several ISPs started to monetize DNS by displaying custom error pages when a site can't be accessed.

Privacy and censorship are two additional areas that Internet users need to consider when it comes to DNS. Requests that you make on a device use the configured DNS provider which means that the provider knows exactly what you do on the Internet.

This is true even if you connect to HTTPS sites only, and may even be true for some VPN services that don't protect against DNS leaks. Internet Service Providers in the United States may sell customer data and the two viable options that customers have is to change the DNS provider or use a VPN service that uses its own DNS system.

DNS censorship is quite common as it is easy to implement. It is not strong as it can be bypassed easily. Basically, what happens is that Internet Service Providers change the IP address a domain name resolves to. This redirects users to a different web page, for instance an error page, a warning page, or a government domain, instead of the desired domain.

Cloudflare's 1.1.1.1 public DNS

First, the basics: Cloudflare's public DNS has the IP addresses 1.1.1.1 and 1.0.0.1. How you add those to your system depends largely on the operating system you use.

Windows users may do the following:

1. Use the keyboard shortcut Windows-R to open the run box.
2. Type netcpl.cpl to open the Network and Sharing Center (note that this may not be available in the newest builds of Windows 10)
   1. If it is not available, right-click on the network icon in the System Tray and select Open Network and Internet settings.
   2. On the page that opens, click on "change adapter options".
3. Right-click on the active connection and select properties from the menu.
4. Double-click on "Internet Protocol Version 4 (TCP/IPv4)
5. Switch to "Use the following DNS server addresses".
6. Enter 1.1.1.1 under preferred DNS server.
7. Enter 1.0.0.1 under alternate DNs server.

Tip: You can open 1.1.1.1 in your browser. The website offers setup instructions for Windows, Linux, and Mac devices, for iPhone and Android, and for routers.

A quick performance test using Gibson's DNS Benchmark program for Windows confirmed that Cloudflare's DNS servers are fast; not the fastest, but very fast when compared to other providers.

Your mileage may vary as it may depend on your location. I suggest you run benchmarks if speed is your primary consideration when it comes to DNS. You may use Namebench or the aforementioned DNS Benchmark for that.

And privacy?

Cloudflare promises that it never writes the IP address of the querying system to disk and that the company wipes all logs within 24 hours.

The company hired KPMG, an auditing firm, to audit the source code and practices annually and release the report to the public.

Cloudflare DNS supports DNS-over-TLS and DNS-over-HTTPS. Both technologies are open and attempt to limit or eliminate DNS lookups over unencrypted connections.

We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We're hoping that with an independent DNS-over-HTTPS service now available, we'll see more experiments from browsers, operating systems, routers, and apps to support the protocol.

Closing Words

Cloudflare operates one of the largest infrastructures and the company's DNS service benefits from that infrastructure as it is one of the fastest available services.

The no-IP logging and 24-hour log deleting policy, and implementation of DNS-over-TLS and DNS-over-HTTPS, are welcome additions.

Cloudflare is not without controversy and there will certainly be users who won't use the company's DNS servers.

Now You: which DNS provider do you use, and why?