What's new

Cloudflare Announces DNS That Won't Track You

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thiggins

Mr. Easy
Staff member
spraypainted-1.1.1.1.jpg
Cloudflare has launched what it bills as the "fastest, privacy-first consumer DNS".

The company thought introducing its first consumer product on April Fools Day would guarantee them a lot of coverage, and it has. But the service is legit, up and running and ready to rock.

DNS lookups, which translate domain names to IP addresses, are performed for every internet transaction. The default DNS provider is whatever network you're connecting to, whether it's your ISP at home, your company or free Wi-Fi at your favorite coffee shop.

While your internet connection may be encrypted, DNS requests are not. So whoever is providing your DNS knows every site you've visited and U.S. providers are free to provide that information to whoever they want, thanks to the U.S. Senate.

Cloudflare's 1.1.1.1 DNS is free, claims to be the fastest and is committed to privacy. Cloudflare promises to not write DNS logs to disk and to wipe any logs after 24 hours. It also has retained KPMG to annually audit the process and publish a public report.

Changing your DNS is best done in your router, which will take care of all devices using your network. But for devices that visit other networks, you'd best get into the device's network settings and change it there. Cloudflare's 1.1.1.1 site has instructions for iOS, Android, MacOS, Windows, Linux and routers. All except Android, which only lets you change DNS for a static IP address (gee, I wonder why...) make the process easy.

More info in Cloudflare's blog post announcement and the accompanying post providing the details on Cloudflare's 1.1.1.1 DNS resolver service.
 
While I'm generally not a fan of these third party DNS servers for personal use (as they are less than optimal for CDN-distributed content), Cloudflare has a chance of being at least as performing as Google's DNS since they already have a fairly large network infrastructure for their existing services.
 
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
 
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?
Although that can tell you part of DNS service performance, it's not all, take a look at the following thread:
https://www.snbforums.com/threads/choosing-dns-servers-for-asus-ac68u.32616/

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
You can use both DNS servers at the same time(router, and Cloudflare's) in a way. Your router cannot resolve DNS query on its own, so it needs to ask other DNS servers, which in most case by default, are your ISP's DNS servers, to solve DNS query. If you want to use this 1.1.1.1, change your WAN DNS server setting in your router to affect the whole house. In this case, instead of using your ISP's DNS servers, your router will forward DNS query to 1.1.1.1
 
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?

DNSBench for measuring performance.
https://www.grc.com/dns/benchmark.htm
 
So tangentially, how do I really find out what DNS service is fastest for me? Do I just ping the different big providers (8.8.8.8, 1.1.1.1, 9.9.9.9, etc) and go with the lowest latency?

And it's still generally preferable to use my own router as a DNS server for my LAN at home, right? More faster and private?
Use this:
https://www.grc.com/dns/benchmark.htm
Add 1.1.1.1 to the list, by clicking the “add/remove” button and after running the benchmark you will get a comparison between your DNS and many others plus the 1.1.1.1 that you added. It’s actually fairly decent comparing with the Comcast DNS, obviously not as fast it though. It’s the second fastest in my area.
 
Search, download, and run "namebench" for the best way to find the fastest dns servers for your IP.
 
Use this:
https://www.grc.com/dns/benchmark.htm
Add 1.1.1.1 to the list, by clicking the “add/remove” button and after running the benchmark you will get a comparison between your DNS and many others plus the 1.1.1.1 that you added. It’s actually fairly decent comparing with the Comcast DNS, obviously not as fast it though. It’s the second fastest in my area.


Running the GRC check in my location, the fastest resolvers (in order) are, Cloudflare, Quad9, then Google, & OpenDNS as a very slow last.
So I’m thinking geographical location/internet infrastructure will be key to the results seen.
 
Running the GRC check in my location, the fastest resolvers (in order) are, Cloudflare, Quad9, then Google, & OpenDNS as a very slow last.
So I’m thinking geographical location/internet infrastructure will be key to the results seen.

Your results seem appropriate looking at the server locations. Cloudflare has four data centers in Australia against one each for Google (Google's DNS servers are located at their core data centers and PoPs, but not the GGC) and OpenDNS. Unless you're in or around Sydney, Cloudflare should easily outperform the others.
 
Cloudflare has launched what it bills as the "fastest, privacy-first consumer DNS".

APNIC and Cloudflare - there is an agreement in place with Cloudflare to use the 1.1.1.1 for analytics and it's to Cloudflare's benefit as well.

Just saying - it's the same thing that Google's Public DNS does, and folks trust them (and maybe they shouldn't).
 
Interesting! 1.0.0.1 was fastest for me following googles 8.8.8.8. In my router would it make sense to set my primary and secondary in that way, or is there a reason to set 1.0.0.1 as my main and 1.1.1.1 as the secondary to stay in the same company?
 
Interesting! 1.0.0.1 was fastest for me following googles 8.8.8.8. In my router would it make sense to set my primary and secondary in that way, or is there a reason to set 1.0.0.1 as my main and 1.1.1.1 as the secondary to stay in the same company?

Same for me, by a country mile. I am in the UK.
 
Cloudflare and APNIC are doing some deep research on this, it appears to be a good thing from this article.

1.1.1.1: Cloudflare's new DNS attracting 'gigabits per second' of rubbish

Kinda figured that would happen, as 1.1.1.1 is a redirect for many captive portals - esp. in the hotel industry. Cleaning that up is going to be a long problem to solve.

Prior to Cloudflare, this was within a reserved range of IP's (1.1.1.0/24, along with 1.0.0.0/24) for APNIC research. Folks shouldn't have been using those ranges, but they do, and this is the result.

At least Cloudflare has the infra to put up with a self-inflicted distributed denial of service attack...
 
Kinda figured that would happen, as 1.1.1.1 is a redirect for many captive portals - esp. in the hotel industry. Cleaning that up is going to be a long problem to solve.

Prior to Cloudflare, this was within a reserved range of IP's (1.1.1.0/24, along with 1.0.0.0/24) for APNIC research. Folks shouldn't have been using those ranges, but they do, and this is the result.

At least Cloudflare has the infra to put up with a self-inflicted distributed denial of service attack...

Even the Tomato firmware uses in some places 1.1.1.1 internally. Saw it over at http://www.linksysinfo.org/index.php?threads/tomato-using-1-1-1-1-for-pppoe-connect-on-demand.74102/
 
Tested with DNSBench wih a direct connection to the modem. CloudFlare's 1.1.1.1 service is unfortunately slower—at least in my area—than Google/OpenDNS. All things considered, not too bad though.

Code:
    8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.007 | 0.008 | 0.010 | 0.001 | 100.0 |
  - Uncached Name | 0.017 | 0.048 | 0.175 | 0.040 | 100.0 |
  - DotCom Lookup | 0.024 | 0.036 | 0.050 | 0.008 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
             google-public-dns-a.google.com
                 GOOGLE - Google LLC, US

Code:
  208. 67.222.222 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.007 | 0.009 | 0.010 | 0.001 | 100.0 |
  - Uncached Name | 0.008 | 0.088 | 0.407 | 0.102 | 100.0 |
  - DotCom Lookup | 0.010 | 0.075 | 0.218 | 0.047 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
                  resolver1.opendns.com
               OPENDNS - OpenDNS, LLC, US

Code:
    1.  1.  1.  1 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
  ----------------+-------+-------+-------+-------+-------+
  - Cached Name   | 0.027 | 0.028 | 0.030 | 0.001 | 100.0 |
  - Uncached Name | 0.028 | 0.063 | 0.182 | 0.043 | 100.0 |
  - DotCom Lookup | 0.029 | 0.059 | 0.128 | 0.038 | 100.0 |
  ---<-------->---+-------+-------+-------+-------+-------+
            1dot1dot1dot1.cloudflare-dns.com
        MEGAPATH2-US - MegaPath Networks Inc., US
 
I too found 1.1.1.1 slower, but 1.0.0.1 the fastest available, beating OpenDNS and Google.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top