Cloudflare DNS service

Leave a reply
CoudFlare Logo

Cloudflare has launched a DNS server on April 1st, 2018. They promise their DNS will speed up your internet. The Cloudflare DNS service also promises to wipe all DNS queries logs within 24 hours of being created.

The 2 top DNS services today are Google and OpenDNS but this promise of speed and privacy just might win people over to Cloudflare.

CloudFlare DNS speed.

The current CloudFlare DNS speed at the time of this post is 14ms. That is faster than everyone else with OpenDNS behind that at 20.64MS and Google DNS at 34.51MS! So, It looks like the speed promise is true so far.

DNS Privacy Problem

The problem with most DNS services is they often do not respect privacy. Even if you are visiting a website that is encrypted a DNS server still knows you went there and can keep records of every site you ever visit. Then ISPs or DNS companies can sell the data about you so others can use it. Kind of like how Facebook has been in the news lately for selling user data. Google, Time Warner, Comcast, and any other ISP or DNS could, in theory, collect this date and do whatever they want with it. And there is a good chance they are already using it.

So the Cloudflare DNS service that has a goal of privacy-first and guarantees to never sell your data is refreshing. They committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours.

Encrypted DNS traffic.

The DNS protocol is over 35 years old and never was designed with privacy and security in mind so it has no built-in encryption. This means anyone looking at your network data can see the DNS queries. But that may change soon. CloudFlare’s DNS supports DNS-over-TLS and DNS-over-HTTPS. So over time the hope is that software developers will start to adapt encrypted DNS support.

Firefox nightly version 60 already supports this so we should see it in the stable version of Firefox soon. Mozilla even has a special agreement with Cloudflare. I have included a quote from the page below.

Mozilla has partnered with Cloudflare to provide direct DNS resolution from within the Firefox browser using the Cloudflare Resolver for Firefox. What this means is that whenever you click on or type a web address in the Firefox browser your DNS lookup request will be sent over a secure channel to the Cloudflare Resolver for Firefox rather than to an unknown DNS resolver, significantly decreasing the odds of any unwanted spying or man in the middle attacks.

How to use CloudFlare DNS service.

1.1.1.1-fancycolor

The CloudFlare DNS service has an easy to remember address of 1.1.1.1 and 1.0.0.1. There is also a website for the DNS at https://1.1.1.1/. This site has all the info you need to get the DNS up and running on your device. Basically, you would just set 1.1.1.1 and 1.0.0.1 as the DNS in your network config.

DNS over TLS

You can use “1dot1dot1dot1.cloudflare-dns.com” for DNS over TLS if your client does not support IP addresses. One place that comes the mind is the Private DNS option on android phones.

Use CloudFlare DNS to block Malware and Adult Content

Cloud flare also has DNS services for blocking malware and Adult content. They call it 1.1.1.1 for Families.

Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2
DNS over TLS: security.cloudflare-dns.com

Malware and Adult Content
Primary DNS: 1.1.1.3
Secondary DNS: 1.0.0.3
DNS over TLS: family.cloudflare-dns.com

I have used the malware blocking one a lot for my job. At home now that I have a young kid using the internet I have switched my routers to use the Malware and Adult Content DNS addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *