Cloudflare has announced the launch of a new consumer DNS service at 1.1.1.1 which is focused on privacy and speed. A DNS resolver figures out the IP address for the domain name you've entered in your address bar.
The insecurity of the DNS infrastructure struck the team at Cloudflare as a bug at the core of the Internet, so we set out to do something about it. Given we run one of the largest, most interconnected global networks — and have a lot of experience with DNS — we were well positioned to launch a consumer DNS service. We began testing and found that a resolver, running across our global network, outperformed any of the other consumer DNS services available (including Google's 8.8.8.8).
Cloudflare has committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours. "While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours." The company has also committed to retaining KPMG to audit its code and practices annually and to publish a public report confirming it's keeping its word.
To get a catchy IP address for its DNS server, Cloudflare contacted APNIC, the Regional Internet Registry for the Asia Pacific region. APNIC held the IP addresses 1.1.1.1 and 1.0.0.1.
While the addresses were valid, so many people had entered them into various random systems that they were continuously overwhelmed by a flood of garbage traffic. APNIC wanted to study this garbage traffic but any time they'd tried to announce the IPs, the flood would overwhelm any conventional network. We talked to the APNIC team about how we wanted to create a privacy-first, extremely fast DNS system. They thought it was a laudable goal. We offered Cloudflare's network to receive and study the garbage traffic in exchange for being able to offer a DNS resolver on the memorable IPs.
While DNS is inherently unencrypted, there are a couple of modern approaches including DNS-over-TLS and DNS-over-HTTPS. Cloudflare supports both of these.
We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We're hoping that with an independent DNS-over-HTTPS service now available, we'll see more experiments from browsers, operating systems, routers, and apps to support the protocol.
Currently, the 1.1.1.1 DNS service is averaging around 14ms globally and even less for Cloudflare customers. That compares to around 20ms for OpenDNS and 34ms for Google.
Learn more at the link below...
Read More
The insecurity of the DNS infrastructure struck the team at Cloudflare as a bug at the core of the Internet, so we set out to do something about it. Given we run one of the largest, most interconnected global networks — and have a lot of experience with DNS — we were well positioned to launch a consumer DNS service. We began testing and found that a resolver, running across our global network, outperformed any of the other consumer DNS services available (including Google's 8.8.8.8).
Cloudflare has committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours. "While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours." The company has also committed to retaining KPMG to audit its code and practices annually and to publish a public report confirming it's keeping its word.
To get a catchy IP address for its DNS server, Cloudflare contacted APNIC, the Regional Internet Registry for the Asia Pacific region. APNIC held the IP addresses 1.1.1.1 and 1.0.0.1.
While the addresses were valid, so many people had entered them into various random systems that they were continuously overwhelmed by a flood of garbage traffic. APNIC wanted to study this garbage traffic but any time they'd tried to announce the IPs, the flood would overwhelm any conventional network. We talked to the APNIC team about how we wanted to create a privacy-first, extremely fast DNS system. They thought it was a laudable goal. We offered Cloudflare's network to receive and study the garbage traffic in exchange for being able to offer a DNS resolver on the memorable IPs.
While DNS is inherently unencrypted, there are a couple of modern approaches including DNS-over-TLS and DNS-over-HTTPS. Cloudflare supports both of these.
We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We're hoping that with an independent DNS-over-HTTPS service now available, we'll see more experiments from browsers, operating systems, routers, and apps to support the protocol.
Currently, the 1.1.1.1 DNS service is averaging around 14ms globally and even less for Cloudflare customers. That compares to around 20ms for OpenDNS and 34ms for Google.
Learn more at the link below...
Read More