Stories
Slash Boxes
Comments

SoylentNews is people

Cloudflare Launches 1.1.1.1 Consumer DNS Service

posted by chromas on Monday April 02 2018, @10:23PM   Printer-friendly
from the send-us-all-your-privates dept.

takyon writes:

On April Fool's Day and Easter Sunday, Cloudflare launched a new "privacy-oriented" domain name system (DNS) service with two IP addresses: 1.1.1.1 and 1.0.0.1. These addresses were offered by the Asia-Pacific Network Information Centre (APNIC) in exchange for allowing APNIC to study the "garbage traffic" often sent to them. The service supports both DNS-over-TLS and DNS-over-HTTPS, and DNSPerf currently ranks 1.1.1.1 as the fastest consumer DNS resolver:

Cloudflare is launching its own consumer DNS service today, on April Fools' Day, that promises to speed up your internet connection and help keep it private. The service is using https://1.1.1.1, and it's not a joke but an actual DNS resolver that anyone can use. Cloudflare claims it will be "the Internet's fastest, privacy-first consumer DNS service." While OpenDNS and Google DNS both exist, Cloudflare is focusing heavily on the privacy aspect of its own DNS service with a promise to wipe all logs of DNS queries within 24 hours.

DNS services are typically provided by internet service providers to resolve a domain name like Google.com into a real IP address that routers and switches understand. It's an essential part of the internet, but DNS servers provided by ISPs are often slow and unreliable. ISPs or any Wi-Fi network you connect to can also use DNS servers to identify all sites that are visited, which presents privacy problems. DNS also played an important role in helping Turkish citizens avoid a Twitter ban.

Also at VentureBeat and Engadget.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Cloudflare Launches 1.1.1.1 Consumer DNS Service | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by zocalo on Tuesday April 03 2018, @11:44AM

    by zocalo (302) on Tuesday April 03 2018, @11:44AM (#661900)
    I run my own resolver complete with DNSSec validation where available on a BSD instance because I also want to run my own local DNSBL and URIBL for spam/domain filtering (resolving an entire domain to 0.0.0.0 is an excellent ad-blocker), but that's probably overkill for 99% of Soylentils, let alone the general population. Simpler alternatives would be to run your own caching-only DNS, pointed at something like Quad9, which is supposedly pretty good as long as you don't have issues with some of the associations mentioned in other posts, or just point your clients directly at their servers. As long as you have a stable DNS that isn't rebooted too often, you're going to have most records you actually use cached anyway, so synthetic performance tests of full recursion to $DNS_provider's servers are pretty meaningless, really. The main thing is to try and get DNSSec validation working so that you'll have some protection against tampering with DNS responses, but be aware that DNSSec use is pretty low, and many of the sites that would actually benefit the most from using it (banks, Pr0n, etc.) actually don't have it deployed yet.
    --
    UNIX? They're not even circumcised! Savages!
    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4