The Domain Name System (DNS) is the phone book of the Internet. It maintains a directory of domain names and translates them to Internet Protocol (IP) addresses. As a result, nearly everything that happens on the Internet starts with a DNS request.
Unfortunately, these providers are usually slow, insecure and lack robust privacy controls, meaning anyone can see the sites being accessed, even if the content is encrypted. Worse still, some providers sell data about user Internet activity and/or use it to target ads.
An easy solution is to use a public DNS provider, for example Cisco OpenDNS (18.104.22.168 / 22.214.171.124) or Google Public DNS (126.96.36.199 / 188.8.131.52). These providers are generally faster, more secure and likely more trustworthy than an ISP.
I have been a long-time user of OpenDNS (pre-dating the Cisco acquisition in 2015), however it is worth acknowledging that both Cisco and Google are not completely unbiased, for example, 80% of Google’s revenue comes from advertising (although I’m not suggesting this impacts their public DNS).
Introducing Cloudflare DNS
Today, Cloudflare and APNIC have launched a new public DNS service, with a focus on speed, security, and privacy.
DNSPerf is an independent service for DNS performance analytics. As you can see from the image below, Cloudflare DNS is currently rated the fastest in the world, with a query speed of just 14.24ms.
The average ISP query speed is 65ms+.
Even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. This limitation also increases the risk of a “Man-In-The-Middle” attack, inadvertently directing traffic to a phishing, malware or surveillance site.
As a result, Cloudflare DNS supports HTTPS. Therefore, compatible operating systems, browsers, mobile applications, and network equipment (e.g. home router) can use the DNS over HTTPS endpoint instead of sending DNS requests in plaintext.
- Cloudflare will never sell your data or use it to target ads. Period.
- All debug logs, which we keep just long enough to ensure no one is using the service to cause harm, of are purged within 24 hours.
- Cloudflare will not retain any personal data / personally identifiable information, including information about the client IP and client port.
- Cloudflare will retain only limited transaction data for legitimate operational and research purposes, but in no case will such transaction data be retained by Cloudflare for more than 24 hours.
- Cloudflare will only retain or use what is being asked, not who is asking it.
Cloudflare has also partnered with KPMG to independently audit their systems annually to validate their privacy controls.
Setup Cloudflare DNS
Setting up CloudFlare DNS is easy. Simply, update the DNS configuration on your device (e.g. Laptop, Smartphone, Router) with the following IPv4 or IPv6 addresses.
- 2606:4700:4700:: 1111
- 2606:4700:4700:: 1001
Once complete, your DNS requests will be sent to Cloudflare DNS. To enable DNS over HTTPS, refer to the Cloudflare DNS documentation.
Cloudflare and APNIC state they were motivated to create a public DNS by their shared mission to “help build a better Internet”. This is certainly an admirable cause, although it is fair to state that Cloudflare could be accused of being biased (supporting their own network). As a result, it is great to see they are willing to be independently audited.
Although Cloudflare DNS was officially launched today, I did have some early access and can confirm it is working as designed. As a result, Cloudflare DNS is now my primary DNS provider.