Cloudflare Announces DNS That Won't Track You

thiggins

Mr. Easy
Staff member
spraypainted-1.1.1.1.jpg
Cloudflare has launched what it bills as the "fastest, privacy-first consumer DNS".

The company thought introducing its first consumer product on April Fools Day would guarantee them a lot of coverage, and it has. But the service is legit, up and running and ready to rock.

DNS lookups, which translate domain names to IP addresses, are performed for every internet transaction. The default DNS provider is whatever network you're connecting to, whether it's your ISP at home, your company or free Wi-Fi at your favorite coffee shop.

While your internet connection may be encrypted, DNS requests are not. So whoever is providing your DNS knows every site you've visited and U.S. providers are free to provide that information to whoever they want, thanks to the U.S. Senate.

Cloudflare's 1.1.1.1 DNS is free, claims to be the fastest and is committed to privacy. Cloudflare promises to not write DNS logs to disk and to wipe any logs after 24 hours. It also has retained KPMG to annually audit the process and publish a public report.

Changing your DNS is best done in your router, which will take care of all devices using your network. But for devices that visit other networks, you'd best get into the device's network settings and change it there. Cloudflare's 1.1.1.1 site has instructions for iOS, Android, MacOS, Windows, Linux and routers. All except Android, which only lets you change DNS for a static IP address (gee, I wonder why...) make the process easy.

More info in Cloudflare's blog post announcement and the accompanying post providing the details on Cloudflare's 1.1.1.1 DNS resolver service.
 

RMerlin

Asuswrt-Merlin dev
While I'm generally not a fan of these third party DNS servers for personal use (as they are less than optimal for CDN-distributed content), Cloudflare has a chance of being at least as performing as Google's DNS since they already have a fairly large network infrastructure for their existing services.
 

Easy Rhino

Senior Member
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
 

Wutikorn

Senior Member
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?
Although that can tell you part of DNS service performance, it's not all, take a look at the following thread:
https://www.snbforums.com/threads/choosing-dns-servers-for-asus-ac68u.32616/

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
You can use both DNS servers at the same time(router, and Cloudflare's) in a way. Your router cannot resolve DNS query on its own, so it needs to ask other DNS servers, which in most case by default, are your ISP's DNS servers, to solve DNS query. If you want to use this 1.1.1.1, change your WAN DNS server setting in your router to affect the whole house. In this case, instead of using your ISP's DNS servers, your router will forward DNS query to 1.1.1.1
 

Threska49

Regular Contributor
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?

DNSBench for measuring performance.
https://www.grc.com/dns/benchmark.htm
 

avtella

Very Senior Member
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
Use this:
https://www.grc.com/dns/benchmark.htm
Add 1.1.1.1 to the list, by clicking the “add/remove” button and after running the benchmark you will get a comparison between your DNS and many others plus the 1.1.1.1 that you added. It’s actually fairly decent comparing with the Comcast DNS, obviously not as fast it though. It’s the second fastest in my area.
 

CrystalLattice

Senior Member
Search, download, and run "namebench" for the best way to find the fastest dns servers for your IP.
 

Treadler

Very Senior Member
Use this:
https://www.grc.com/dns/benchmark.htm
Add 1.1.1.1 to the list, by clicking the “add/remove” button and after running the benchmark you will get a comparison between your DNS and many others plus the 1.1.1.1 that you added. It’s actually fairly decent comparing with the Comcast DNS, obviously not as fast it though. It’s the second fastest in my area.


Running the GRC check in my location, the fastest resolvers (in order) are, Cloudflare, Quad9, then Google, & OpenDNS as a very slow last.
So I’m thinking geographical location/internet infrastructure will be key to the results seen.
 

XelNika

New Around Here
Running the GRC check in my location, the fastest resolvers (in order) are, Cloudflare, Quad9, then Google, & OpenDNS as a very slow last.
So I’m thinking geographical location/internet infrastructure will be key to the results seen.

Your results seem appropriate looking at the server locations. Cloudflare has four data centers in Australia against one each for Google (Google's DNS servers are located at their core data centers and PoPs, but not the GGC) and OpenDNS. Unless you're in or around Sydney, Cloudflare should easily outperform the others.
 

sfx2000

Part of the Furniture
Cloudflare has launched what it bills as the "fastest, privacy-first consumer DNS".

APNIC and Cloudflare - there is an agreement in place with Cloudflare to use the 1.1.1.1 for analytics and it's to Cloudflare's benefit as well.

Just saying - it's the same thing that Google's Public DNS does, and folks trust them (and maybe they shouldn't).
 

ironclad

Occasional Visitor

gobble

Occasional Visitor
Interesting! 1.0.0.1 was fastest for me following googles 8.8.8.8. In my router would it make sense to set my primary and secondary in that way, or is there a reason to set 1.0.0.1 as my main and 1.1.1.1 as the secondary to stay in the same company?
 

JemTheWire

Senior Member
Interesting! 1.0.0.1 was fastest for me following googles 8.8.8.8. In my router would it make sense to set my primary and secondary in that way, or is there a reason to set 1.0.0.1 as my main and 1.1.1.1 as the secondary to stay in the same company?

Same for me, by a country mile. I am in the UK.
 

sfx2000

Part of the Furniture
Cloudflare and APNIC are doing some deep research on this, it appears to be a good thing from this article.

1.1.1.1: Cloudflare's new DNS attracting 'gigabits per second' of rubbish

Kinda figured that would happen, as 1.1.1.1 is a redirect for many captive portals - esp. in the hotel industry. Cleaning that up is going to be a long problem to solve.

Prior to Cloudflare, this was within a reserved range of IP's (1.1.1.0/24, along with 1.0.0.0/24) for APNIC research. Folks shouldn't have been using those ranges, but they do, and this is the result.

At least Cloudflare has the infra to put up with a self-inflicted distributed denial of service attack...
 

microchip

Very Senior Member
Kinda figured that would happen, as 1.1.1.1 is a redirect for many captive portals - esp. in the hotel industry. Cleaning that up is going to be a long problem to solve.

Prior to Cloudflare, this was within a reserved range of IP's (1.1.1.0/24, along with 1.0.0.0/24) for APNIC research. Folks shouldn't have been using those ranges, but they do, and this is the result.

At least Cloudflare has the infra to put up with a self-inflicted distributed denial of service attack...

Even the Tomato firmware uses in some places 1.1.1.1 internally. Saw it over at http://www.linksysinfo.org/index.php?threads/tomato-using-1-1-1-1-for-pppoe-connect-on-demand.74102/
 

Gouzmalix

Occasional Visitor
Tested with DNSBench wih a direct connection to the modem. CloudFlare's 1.1.1.1 service is unfortunately slower—at least in my area—than Google/OpenDNS. All things considered, not too bad though.

Code:
    8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.007 | 0.008 | 0.010 | 0.001 | 100.0 |
  - Uncached Name | 0.017 | 0.048 | 0.175 | 0.040 | 100.0 |
  - DotCom Lookup | 0.024 | 0.036 | 0.050 | 0.008 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
             google-public-dns-a.google.com
                 GOOGLE - Google LLC, US

Code:
  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.007 | 0.009 | 0.010 | 0.001 | 100.0 |
  - Uncached Name | 0.008 | 0.088 | 0.407 | 0.102 | 100.0 |
  - DotCom Lookup | 0.010 | 0.075 | 0.218 | 0.047 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
               OPENDNS - OpenDNS, LLC, US

Code:
    1.  1.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.027 | 0.028 | 0.030 | 0.001 | 100.0 |
  - Uncached Name | 0.028 | 0.063 | 0.182 | 0.043 | 100.0 |
  - DotCom Lookup | 0.029 | 0.059 | 0.128 | 0.038 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
            1dot1dot1dot1.cloudflare-dns.com
        MEGAPATH2-US - MegaPath Networks Inc., US
 

JemTheWire

Senior Member
I too found 1.1.1.1 slower, but 1.0.0.1 the fastest available, beating OpenDNS and Google.
 
Similar threads

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top