Cloudflare Launches 1.1.1.1 Consumer DNS Service With a Focus On Privacy

BrianFagioli writes: Today, Cloudflare announces a new consumer DNS service with a focus on privacy. Called '1.1.1.1.' it quite literally uses that easy-to-remeber IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.

The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

Tried it, it's fast

[Unknown User]

Looks good so far. The Piratebay is not censored (but is usually in my country), for example.

Re:Tried it, it's fast - TPB.org

[charlie merritt]

The Pirate bay was not censored for me. Fast.

Re:Tried it, it's fast

[PolygamousRanchKid]

Looks good so far.

. . . apparently, we haven't had enough time to Slashdot it yet . . .

Re:Tried it, it's fast

[apoc.famine]

1) Slashdotting hasn't been a thing for like a decade now.
2) This is fucking cloudflare. You know, one of the companies SPECIFICALLY IN BUSINESS TO HELP WEBSITES AVOID THINGS LIKE SLASHDOTTING.

If /. could take them down, that would rather sink their business model.

Re:

[rtb61]

Slashdot not longer swamps the internet, it just programs it, entirely different thing, all done via the bio processing units.

Re: Tried it, it's fast

[Brockmire]

This post hurt my brain. P.s. you don't know what the fuck you're talking about. We're talking DNS requests, "file not found" has nothing to do with DNS.

Re: Cloudflare and VPN

[Brockmire]

Maybe Cloudflare avoids him, too. Fuck, a lot of people know fuck all about VPN'S and think they do.

Re:

[desdinova 216]

in soviet russia cloudflare avoids you?

Re:

[jrumney]

The performance may not be great for busy sites like youtube.

If I look up m.youtube.com, @8.8.8.8 returns me a different address every time I run the query, spreading the load across multiple servers. @1.1.1.1 returns the same address every time, so that server is going to end up overloaded. Both are directing me to a local server, which is good (but this may be handled by the routing tables rather than DNS).

Re:

[denbesten]

More likely is that 1.1.1.1 is returning the same IP address for you, but a different IP address for the next person.

Re:

[jrumney]

How does it know I'm the same person? I tried from two different locations with IP addresses on two different ISPs, it is always returning the same IP from both locations. From a third location on an AWS instance though, it returns the same list of 5 IP addresses that 4.2.2.4 returns from all 3 locations.

Re:Tried it, it's fast

[Dast]

We also apparently didn't read the fucking man page for dig, did we? Here, let me help.

man dig

NAME
              dig - DNS lookup utility

SYNOPSIS
              dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

              dig [-h]

              dig [global-queryopt...] [query...]

Too bad Cisco uses this for a virtual IP in some o

[Anonymous Coward]

Like their wireless lan controllers.

Re: Too bad Cisco uses this for a virtual IP in so

[Anonymous Coward]

Who is Ian?

Re:

[LynnwoodRooster]

Are you serious? I mean, we're on /. - the home for geeks and nerds - and you ask who the FUCK is Sir Ian McKellen [wikipedia.org]? Only the greatest wizard of all time, Gandalf! And if you thought - for one second - about Harry Potter when I said wizard, we're going to banish you to theverge.com or some other godforesaken corner of the Internet!

Re:

[LynnwoodRooster]

Yes - the Red Wizard!

Re: Too bad Cisco uses this for a virtual IP in s

[K. S. Kyosuke]

Dell IPMI

So the old maxim that the Internet routes around the damage is true!

Re: Too bad Cisco uses this for a virtual IP in

[nasch]

Did you try the alternate 1.0.0.1?

Re: Too bad Cisco uses this for a virtual IP in s

[NFN_NLN]

> Dell IPMI defaults the network address to this ip when it doesn't get a response from the dhcp server.

Already addressed in RFC3927 for quite some time. Have Dell update their firmware.

"169.254.0.0/16 - This is the "link local" block. As described in [RFC3927], it is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server cannot be found."

Re: Too bad Cisco uses this for a virtual IP in so

[guruevi]

I think you're confusing it with 10.x.x.x. Although I've seen others type 1 or 100 due to typos, no self respecting network admin would do that though.

Re: Too bad Cisco uses this for a virtual IP in so

[Tim the Gecko]

I think you're confusing it with 10.x.x.x.

I don't think they are. For example: https://supportforums.cisco.co... [cisco.com]

Re:

[Billly Gates]

That is intentional. Cloudflare has their own commercial DNS service and do not want businesses to piggyback of their services

Hopefully it's bettern than NortonDNS which I stopped using for performance reasons.

Re:

[Anonymous Coward]

Too bad Cisco uses this for a virtual IP in some o
Like their wireless lan controllers.

It is a shame so many "networking companies" can so badly fuckup basics of networking like that.

Remember when Linksys hard coded a bunch of public MIT server addresses as "internal" because they didn't know the most commonly used private-reserved IP block was 192.168.*.* and thought all IPs under 192.* were?

Or when Juniper hard coded 128.* as a blackhole range?

Back on the current topic, 1.0.0.0/8 was reserved for packet radio networks from 1981 until only 2010.
I can only imagine Cisco isn't alone in incorre

Re:

[pnutjam]

I worked at a company whose core network was 192.0.0.0/24. It took me two years to get everything moved to a real private IP space.

No they dont

[GoRK]

Cisco does not use anything other than RFC1918 reserved blocks. They are actually incredibly diligent about that.

Does not compute

[Anonymous Coward]

Cloudflare is an American company which was funded as and began its life as a "honey-pot", where the owners realized that the only way to extend its reach was to grow and style it as a genuine business.

As an American company they also have to respond to and carry out orders from the NSA and CIA if there is a court order present (which there always is -- they have their own "courts").

There is a lot of power in being able to tell who is looking at what website, and being able to possibly redirect them elsewhere when needed. If you think for a second that your browsing is private and that this service will not be used for shady purposes, then you are kidding yourself.

Re:Does not compute

[OrangeTide]

I'm wrapping my cablemodem with tinfoil as we speak.

intellectual alert

[OrangeTide]

insult me in Latin, et tu brute?

Re: Does not compute

[Brockmire]

Whoosh, right?

Re:Does not compute

[pots]

Courts can't compel Cloudflare to collect information, they can only compel them to turn over the information which they already have. Cloudflare says:

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.

In the end you're still probably better off using the DNS that your VPN provides, but this seems like a good alternative to 8.8.8.8.

Re:

[Frosty Piss]

I'm trying desperately not to whip out my roll of tinfoil. But...

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours.

Don't you suppose they would say that? Do you really think they would say...

We collect TONS of logs just like everyone else, but please trust us, we're not giving them up yo anyone...

Good grief, you think they just walked into that IP address? Got to be some WEIGHT to get that IP and be "allowed" to use it for commercial purposes.

If this isn't a Honey Pot for the Three Letter Agencies *now*, it certainly will be shortly.

Re: Does not compute

[Brockmire]

Don't let the summary get in the way of answering your basic fucking question. (Cloudflare allowed APNIC to use Cloudflare infrastructure for testing and learning about all the fuckers misusing 1.1.1.1). A back scratch deal.

Re:

[Thorizdin]

That's inaccurate, at least in the larger scale of things. While it's true that there is no federal law compelling them to log and so they can't be forced to hand over what they don't have. A CALEA (and several other types) of warrant will compel them to start logging and hand off a copy of all traffic (in unencrypted form) to and from a specific IP or set of IP addresses.

Re:

[eth1]

Courts can't compel Cloudflare to collect information, they can only compel them to turn over the information which they already have. Cloudflare says:

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.

In the end you're still probably better off using the DNS that your VPN provides, but this seems like a good alternative to 8.8.8.8.

In other words, they are already collecting that information, so the court doesn't need to compel them to. The court only needs to compel them to not destroy evidence they've already collected (stop deleting logs after 24hr), which is something they do all the time.

Re:

[Agripa]

Courts can't compel Cloudflare to collect information, they can only compel them to turn over the information which they already have. Cloudflare says:

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.

Columbia [eff.org] Pictures [gibbonslaw.com] Industries v. Bunnell [washington.edu]:

Since information copied in RAM could be the basis of legal liability, the magistrate court in Bunnell reasoned it should also qualify as electronically stored information for the purposes of discovery. Although RAM may be more temporary than other forms of computer memory, the Bunnell Court concluded that RAM should also be included as a type of storage appropriate for production during discovery.

Re:

[pots]

Well that does seem to be applicable. One of those articles does say that, "the Court tempered its holding noting that: [i]ts ruling should not be read to require litigants in all cases to preserve and produce electronically stored information that is temporarily stored only in RAM." but it's hard to believe that that case and this one are qualitatively different.

Re:

[Agripa]

It is not a controlling court decision but it is an example where a court ordered a defendant to alter programming to preserve data which was only stored temporarily in RAM.

Re:

[amiga3D]

If I was a terrorist wanting to blow up a subway or something I'd worry about it. I seriously doubt the NSA is really worried about thepiratebay. When they get to that level we will be fucked.

Re: Does not compute

[GameboyRMH]

https://torrentfreak.com/nsa-a... [torrentfreak.com]

Re:

[desdinova 216]

I don't think it's the NSA who wants that, more likely the MPAA/RIAA

Re:

[SumDog]

They made it impossible for one website to function and led to their censorship, then later backpedaled and claimed it was a mistake:

https://fightthefuture.org/article/the-new-era-of-corporate-censorship/

They're the last company I'd trust to prevent censorship.

This DNS stops ISPs from knowing sites you visit?

[JoeyRox]

From the article:

"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.

How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.

Re:

[hrbrmstr]

On the surface, yes. But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options) https://developers.cloudflare.... [cloudflare.com]

Re:

[JoeyRox]

But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options)

What alternate options does Cloudfare provide that don't require a VPN? I didn't see them mentioned in the link you provided. Is it an https tunnel through their servers?

Re:

[williamyf]

How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.

While their attempt at privacy is comendable, I'll stick with my current setup:

* GlobalCyberAlliance's 9.9.9.9 as primay for added protection against nasties (not for me specificaly, but for the less tech savvy users in the houses).
* Google's 8.8.4.4 as alternate.
* And OpenDNS' at 208.67.222.222 for modems that support a thrid option.

Some people may preffer some other order, and there is nothing wrong with that . Perhaps priviledging OpenDNS' for the family friendly filtering, or Google's for raw speed and

Re:

[IGnatius T Foobar]

It's funny how people are concerned about their ISP snooping on them ... and then they go and visit Facebook.

Re:

[whoever57]

Google name-based virtual hosting.

Your ISP knows which IP addresses you connected to, but a single IP address may host multiple sites.

Re:

[Bert64]

And they can tell what site you accessed based on the HOST header or the SNI parameter when negotiating SSL...

Re:

[bill_mcgonigle]

many sites per ip...

That's only usually true for small shared-hosting sites or multiple services from a single entity.

what happened to this place?

The Dunning-Kruger is still strong though!

Contrast with Quad9

[MSG]

Their priorities make the service an interesting alternative to Quad9: https://www.globalcyberallianc... [globalcyberalliance.org]

Are they also going to offer DNS over TLS?

OpenNIC and DNSCRYPT

[Anonymous Coward]

How is this better than OpenNIC and DNSCrypt? Remember that Cloudfare is the company that has a CEO that "woke up in a bad mood" and decided to ban a domain from their service. Yeah, it was a bunch of Nazis, but it shows that they're not really committed to freedom ... just freedom for points of view that don't irritate them.

Re:

[rtb61]

Which is sign of how that pay for that free DNS service. Obviously Google will datamine the crap out of their, we own your browsing history DNS, service. Cloudflare sells no advertising yet, how the hell will it pay for it, to justify the expenditure. Probable answer it makes the security services they sell much cheaper to provide, it saves more money, than it costs, it provides tighter security and of course the CEO fessed up with zero pressure indicative of acknowledgement that it was a bad idea that will

Re:OpenNIC and DNSCRYPT

[greenwow]

Exactly. You must take a stand against freedom of speech in order to protect it.

Re: OpenNIC and DNSCRYPT

[Anonymous Coward]

No.

YOU consider Nazis to be Evil and worthy of extermination (as do I.) In some places, the same sentiment exists towards gays, Christians, Muslims, Jews, insert name of political party here, etc.
The only way to ensure that DNS is not used against legitimate ideas is to ensure it does not allow ANY site to be blocked over content. DNS should never do more than ensure entires are legitimate and not hijacked.

Re:

[kenai_alpenglow]

Don't you think you're being a little extreme?

Re:

[Bert64]

Attempting to attack nazis, making them angry and drawing attention to them is helping them.
Attempting to ban nazi or other extremist propaganda turns it into the forbidden fruit, which also attracts people.
The only sensible way to combat extremism is to ensure that people are well educated, people will reject it on their own without needing to hide it.

Nice!

[WolfgangVL]

Works faster than level 3, hello Cloudflare.

Why trust CF?

[hrbrmstr]

Not casting aspersions, but I've yet to see a reason why I (or anyone) should trust CF. The "KPMG" 'audit' reason is absolutely not sufficient, too.

The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).

And, no IPv6 endpoint seems like a big missing component when "competitors" have it.

Re:Why trust CF?

[cascadingstylesheet]

And, no IPv6 endpoint seems like a big missing component when "competitors" have it.

it doesn't? [cloudflare.com]

Re:

[Kohath]

The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).

Wikipedia is free.

Re:

[q4Fry]

The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).

Wikipedia is free.

With Wikipedia, you curate the product. Also, Jimmy keeps trying to guilt you into donating.

Re:Why trust CF?

[thegarbz]

When a service is free, you're the product

Not always. You have to have something of value from you along with a buyer for you in order for you to be the product. Cloudfare isn't.

Sometimes when a service is free for you, you're lucky to ride on the paying service of others.

Follow the money. Sometimes there is a free lunch.

Re:

[Hodr]

Playing Devil's advocate, would it be possible to be the "product", for them to be profitable, and for it still to not invade your privacy? I.E. they could track generic usage to find market trends, popular brands, shifts in politics. This data is probably valuable without requiring them to track individuals or invade any particular persons privacy.

Re:

[Bert64]

Software has a fixed cost to produce, they can have infinite additional users for zero extra cost once the software is written.
The costs to provide a service increase as you add users.
It's much harder to provide a free service than free software, especially if it becomes popular.

fuck cloudflare

[Anonymous Coward]

Cloudflare lost all credibility after what they did to the Daily Stormer. Look: I'm sure CF thinks they'll protect your privacy, but that goes out the door someone thinks you're a "Nazi". And you're a Nazi these days if you believe there are fewer than 52 genders.

So fuck Cloudflare.

Re: fuck cloudflare

[GameboyRMH]

I know, awesome feature! Anything can be improved by antagonizing nazi snowflakes!

Re:

[GameboyRMH]

Why? Nazis are the most delicate snowflakes of all, constantly complaining that others' rights of free speech and association are hurting their widdle feelings.

Pretty fast

[TFlan91]

Just ran a benchmark [grc.com] of the service, here are my results:

  Final benchmark results, sorted by nameserver performance:
  (average cached name retrieval speed, fastest to slowest)

        1. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.020 | 0.023 | 0.029 | 0.002 | 98.0 |
    - Uncached Name | 0.022 | 0.090 | 0.287 | 0.075 | 100.0 |
    - DotCom Lookup | 0.049 | 0.055 | 0.066 | 0.003 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                    CLOUDFLARENET - Cloudflare, Inc., US

        1. 1. 1. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.021 | 0.023 | 0.030 | 0.002 | 95.9 |
    - Uncached Name | 0.022 | 0.096 | 0.325 | 0.082 | 100.0 |
    - DotCom Lookup | 0.048 | 0.073 | 0.166 | 0.043 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                MEGAPATH2-US - MegaPath Networks Inc., US

        8. 8. 4. 4 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.048 | 0.052 | 0.057 | 0.002 | 100.0 |
    + Uncached Name | 0.060 | 0.104 | 0.344 | 0.073 | 100.0 |
    + DotCom Lookup | 0.063 | 0.070 | 0.158 | 0.014 | 100.0 |
                          google-public-dns-b.google.com
                                  GOOGLE - Google LLC, US

        8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.049 | 0.053 | 0.060 | 0.002 | 98.0 |
    + Uncached Name | 0.057 | 0.106 | 0.367 | 0.077 | 100.0 |
    + DotCom Lookup | 0.063 | 0.073 | 0.156 | 0.020 | 100.0 |
                          google-public-dns-a.google.com
                                  GOOGLE - Google LLC, US

The rest of the world would go with an IP of 4

[OzPeter]

Why? 1/4 of course!

Meh

[jawtheshark]

I just run my own. Not that hard.

Re:Meh

[grub]

So set up Cloudflare's DNS as your forwarders. I just did that.

Re:

[arth1]

So set up Cloudflare's DNS as your forwarders. I just did that.

Hell, no. Then you tell Cloudflare - and by extension any American three letter agency - which fully qualified domain names you look up. I may be OK with a root name server seeing my user query what the authoritative DNS is for .de, but not that he or she then goes on to look up www.dkp.de.
So no thanks, no forwarders, at least not ones located in police states.

Also 1.1

[rpetre]

To note that in most IP parsing libraries (or at least the ones I'm familiar with) 1.1.1.1 can be also expressed as 1.1 (if less than four numbers the last number is interpreted on as many bits are left till 32). So you can now be cool and ping 1.1 or dig google.com @1.1., making the old favourite, 8.8.8.8, quite a mouthful in comparison.

Re:Also 1.1

[Rockoon]

and why does Slashdot still not allow comment editing?

Because its a stupid feature that would only benefit careless people such as yourself allowing you to feel no consequences for your carelessness, while potentially hurting everyone else who could then feel real consequences from your constant never ending carelessness.

I've been using Quad9. Seems similar.

[Anonymous Coward]

https://www.quad9.net

Reember the Alao!

[Mister Liberty]

They ate our & 's that day.

Other easy to remember public DNS Servers

[Xenolith0]

Other easy to remember public DNS Servers

• Google (Unfiltered)
  • 8.8.4.4
  • 8.8.8.8
• Global Cyber Alliance (Filters malicious content)
  • 9.9.9.9
• Cloudflare
  • 1.0.0.1
  • 1.1.1.1
• Level 3 Communications
  • 4.2.2.1
  • 4.2.2.2
  • 4.2.2.3
  • 4.2.2.4
  • 4.2.2.5
  • 4.2.2.6

Classic lack of "root source of trust" problem

[joe_frisch]

With this and all other attempts to provide privacy or security, what chain of trust allows me to believe that this is actually private or secure.

Surely there are many organizations with the resources to flood Slashdot with posts assuring me that this, or any other service, is secure.

Is TOR secure, or a NSA honeypot? How could I possibly know? Without personally having deep technical expertise, how can I trust anything.

An comments about tinfoil hats could be legit, or yet more planted posts.

We need a root source of trust or everything else falls apart.

Re:

[Kjella]

We need a root source of trust or everything else falls apart.

Yeah, we could call that the Ministry of Truth.

How could I possibly know? Without personally having deep technical expertise, how can I trust anything.

Personally you'll only be able to prove high school physics and none of history, that is if you're not trapped in the Matrix.

An comments about tinfoil hats could be legit, or yet more planted posts.

Personally I feel like you're trying to make a reductio ad absurdum argument so say that since you don't know any absolute truth, any loony bin theory could be true. Blind faith is not good, total disbelief of everything you haven't personally verified is also not good. If you disagree here's some fatally poisonous mushrooms, enjoy your D

Re:

[joe_frisch]

It may just be my background but science feels a little different: different scientific ideas interlock with each other. It would be difficult to fake a significant branch of science because all the interfaces with other types of science would be off. That seems different from trusting a hosting site, or an implementation of an encryption or communication system which could itself be flawed without other major consequences.

I'm a scientist, so my viewpoint may be very biased on this. If I were a computer s

Re:

[kevmeister]

DNSsec provides a chain n of trust using public keys. The root is never given the secret key, so, it the key validates, it is legitimate. The domain holder generates the key pair and loads the public key upstream.

Unfortunately, DNSsec is generally not implemented end-to-end, severely limiting its value.

Re:

[joe_frisch]

I wish we could trust the government. I'd hope that in a democracy we could and they would provide that - but sadly we can't.

Re:

[joe_frisch]

Actually I've sometimes wondered if that was one of the functions of the medieval church: they served as an agreed-upon source of truth. That agreement was useful to society even if they were not actually truthful .

Re:

[joe_frisch]

What I mean by "root source of trust" is something people agree upon to be true. For instance if there were a trusted organization to verify that this DNS service is what it claims to be (discounting legitimate bugs), and not a front for some organization intent on using it to collect information

DNS Watch

[nmb3000]

How is this better than DNS Watch [dns.watch]? They are a free, not ad-sponsered, privacy-focused DNS provider with goals of neutrality and anti-censorship.

Cloudflare is basically the Big Brother gatekeeper of the Internet at this point, with strong ties to the US. Them claiming "privacy" as something they care about is pretty absurd.

Re:

[thegarbz]

This is the lowest IP number on the internet.

And yet it doesn't seem any more favorable than my own IP address. It doesn't have ocean views, doesn't get discounts at the local restaurant, and the chicks don't really give a damn. Also thanks to the service run on it you never need to give a damn what your IP address is.

So what makes it so valuable in you eyes?

Re:How much for low numbered IPs?

[Megane]

A zero host address in the local subnet in IPv4 means a reference to the local network. No matter your subnet length, 1.0.0.0 will always have a zero host address. 0/8 is reserved for "Local Identification". So 1.0.0.1 is the lowest valid IPv4 address.

So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2 and can they put a DNS server on it?

Re:How much for low numbered IPs?

[Waffle Iron]

So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2

OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.

Re:How much for low numbered IPs?

[93 Escort Wagon]

OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.

One one one one
Four four four four
Eight eight eight eight

Re:

[thegarbz]

You're forgetting 9.9.9.9 which is https://www.quad9.net/ [quad9.net] and also a DNS server.

Re:

[jeremyp]

6.6.6. the network of the Beast

Re:

[pnutjam]

also 1.0.0.1, that's cloudflare's backup DNS.

Re:

[Smallpond]

2.2.2.2 is Orange (France Telecom) according to whois data.

Re:

[IGnatius T Foobar]

On a worldwide corporate network that I maintain, we set up 10.10.10.0/24 as an Anycast space so that we can have 10.10.10.10 answer as the DNS server for every location.

Re: How much for low numbered IPs?

[Brockmire]

That sounds like added hassle for no good reason.

Re:

[SuricouRaven]

I looked it up. France telecom.

Re:

[bruce_the_loon]

Whois has 2.2.0.0/16 assigned to France Telecom Orange and 2.2.2.2 isn't pingable at the moment.

Re:How much for low numbered IPs?

[sims 2]

1.1.1.1 valid cloudflare
2.2.2.2 invalid owned by Orange S.A. according to RIPE
3.3.3.3 invalid owned by Amazon
4.4.4.4 invalid owned by Level 3 Communications, Inc
5.5.5.5 invaild owned by TelefÃnica Germany
6.6.6.6 invalid owned by Headquarters, USAISC
7.7.7.7 invalid owned by DoD Network Information Center
8.8.8.8 valid google
9.9.9.9 valid quad9

Re:

[Anonymous Coward]

Just found out that I own 10.10.10.10, so I'm putting my DNS there to mark my territory.

Re: How much for low numbered IPs?

[Brockmire]

I could add 10.2.3.0 alias to my linux box but Windows 10 said no. That's incorrect on Linux, no?