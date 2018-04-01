Cloudflare Launches 1.1.1.1 Consumer DNS Service With a Focus On Privacy (betanews.com) 118
BrianFagioli writes: Today, Cloudflare announces a new consumer DNS service with a focus on privacy. Called '1.1.1.1.' it quite literally uses that easy-to-remeber IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.
The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.
Looks good so far.
. . . apparently, we haven't had enough time to Slashdot it yet . . .
1) Slashdotting hasn't been a thing for like a decade now.
2) This is fucking cloudflare. You know, one of the companies SPECIFICALLY IN BUSINESS TO HELP WEBSITES AVOID THINGS LIKE SLASHDOTTING.
Like their wireless lan controllers.
Dell IPMI
So the old maxim that the Internet routes around the damage is true!
Did you try the alternate 1.0.0.1?
He's the chap who works behind the counter at Walmart
I think you're confusing it with 10.x.x.x. Although I've seen others type 1 or 100 due to typos, no self respecting network admin would do that though.
I think you're confusing it with 10.x.x.x.
I don't think they are. For example: https://supportforums.cisco.co... [cisco.com]
That is intentional. Cloudflare has their own commercial DNS service and do not want businesses to piggyback of their services
Hopefully it's bettern than NortonDNS which I stopped using for performance reasons.
Maybe Cisco should stop doing things to break the way IP works. There are reserved IP ranges just for that purpose.
Cloudflare is an American company which was funded as and began its life as a "honey-pot", where the owners realized that the only way to extend its reach was to grow and style it as a genuine business.
As an American company they also have to respond to and carry out orders from the NSA and CIA if there is a court order present (which there always is -- they have their own "courts").
There is a lot of power in being able to tell who is looking at what website, and being able to possibly redirect them elsewhere when needed. If you think for a second that your browsing is private and that this service will not be used for shady purposes, then you are kidding yourself.
I'm wrapping my cablemodem with tinfoil as we speak.
insult me in Latin, et tu brute?
While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.
In the end you're still probably better off using the DNS that your VPN provides, but this seems like a good alternative to 8.8.8.8.
If I was a terrorist wanting to blow up a subway or something I'd worry about it. I seriously doubt the NSA is really worried about thepiratebay. When they get to that level we will be fucked.
A zero host address in the local subnet in IPv4 means a reference to the local network. No matter your subnet length, 1.0.0.0 will always have a zero host address. 0/8 is reserved for "Local Identification". So 1.0.0.1 is the lowest valid IPv4 address.
So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2 and can they put a DNS server on it?
So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2
OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.
OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.
One one one one
Four four four four
Eight eight eight eight
You're forgetting 9.9.9.9 which is https://www.quad9.net/ [quad9.net] and also a DNS server.
6.6.6. the network of the Beast
I looked it up. France telecom.
Whois has 2.2.0.0/16 assigned to France Telecom Orange and 2.2.2.2 isn't pingable at the moment.
1.1.1.1 valid cloudflare
2.2.2.2 invalid owned by Orange S.A. according to RIPE
3.3.3.3 invalid owned by Amazon
4.4.4.4 invalid owned by Level 3 Communications, Inc
5.5.5.5 invaild owned by TelefÃnica Germany
6.6.6.6 invalid owned by Headquarters, USAISC
7.7.7.7 invalid owned by DoD Network Information Center
8.8.8.8 valid google
9.9.9.9 valid quad9
This is the lowest IP number on the internet.
And yet it doesn't seem any more favorable than my own IP address. It doesn't have ocean views, doesn't get discounts at the local restaurant, and the chicks don't really give a damn. Also thanks to the service run on it you never need to give a damn what your IP address is.
So what makes it so valuable in you eyes?
This DNS stops ISPs from knowing sites you visit? (Score:5, Informative)
"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.
How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.
On the surface, yes. But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options) https://developers.cloudflare.... [cloudflare.com]
What alternate options does Cloudfare provide that don't require a VPN? I didn't see them mentioned in the link you provided. Is it an https tunnel through their servers?
many sites per ip...
That's only usually true for small shared-hosting sites or multiple services from a single entity.
what happened to this place?
The Dunning-Kruger is still strong though!
How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.
While their attempt at privacy is comendable, I'll stick with my current setup:
* GlobalCyberAlliance's 9.9.9.9 as primay for added protection against nasties (not for me specificaly, but for the less tech savvy users in the houses).
* Google's 8.8.4.4 as alternate.
* And OpenDNS' at 208.67.222.222 for modems that support a thrid option.
Some people may preffer some other order, and there is nothing wrong with that . Perhaps priviledging OpenDNS' for the family friendly filtering, or Google's for raw speed and
Their priorities make the service an interesting alternative to Quad9: https://www.globalcyberallianc... [globalcyberalliance.org]
Are they also going to offer DNS over TLS?
Doing whathever is humanly possible to piss-off, infuriate, and otherwise hinder nazis IS being committed to freedom.
The same goes for hindering ANY form of extremism. Because extremism in any form; left, right, up, down, religious, atheist, vegan, etc. is the true evil of this world. Extremism is what is adopted by the low-IQ, poorly educated, simple-minded, immature primitives. It is simple enough so that simple minds can wrap their heads around it, and it feeds on frustration, wrath and hate.
Exactly. You must take a stand against freedom of speech in order to protect it.
No.
YOU consider Nazis to be Evil and worthy of extermination (as do I.) In some places, the same sentiment exists towards gays, Christians, Muslims, Jews, insert name of political party here, etc.
The only way to ensure that DNS is not used against legitimate ideas is to ensure it does not allow ANY site to be blocked over content. DNS should never do more than ensure entires are legitimate and not hijacked.
Works faster than level 3, hello Cloudflare.
Not casting aspersions, but I've yet to see a reason why I (or anyone) should trust CF. The "KPMG" 'audit' reason is absolutely not sufficient, too.
The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).
And, no IPv6 endpoint seems like a big missing component when "competitors" have it.
Most Free Linux distributions, most open source software, and Firefox are evidence that free does not mean you are the product.
And, no IPv6 endpoint seems like a big missing component when "competitors" have it.
it doesn't? [cloudflare.com]
The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).
Wikipedia is free.
When a service is free, you're the product
Not always. You have to have something of value from you along with a buyer for you in order for you to be the product. Cloudfare isn't.
Sometimes when a service is free for you, you're lucky to ride on the paying service of others.
Follow the money. Sometimes there is a free lunch.
Just ran a benchmark [grc.com] of the service, here are my results:
Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)
1. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
- Cached Name | 0.020 | 0.023 | 0.029 | 0.002 | 98.0 |
- Uncached Name | 0.022 | 0.090 | 0.287 | 0.075 | 100.0 |
- DotCom Lookup | 0.049 | 0.055 | 0.066 | 0.003 | 100.0 |
1dot1dot1dot1.cloudflare-dns.com
CLOUDFLARENET - Cloudflare, Inc., US
1. 1. 1. 1 | Min | Avg | Max |Std.Dev|Reliab%|
- Cached Name | 0.021 | 0.023 | 0.030 | 0.002 | 95.9 |
- Uncached Name | 0.022 | 0.096 | 0.325 | 0.082 | 100.0 |
- DotCom Lookup | 0.048 | 0.073 | 0.166 | 0.043 | 100.0 |
1dot1dot1dot1.cloudflare-dns.com
MEGAPATH2-US - MegaPath Networks Inc., US
8. 8. 4. 4 | Min | Avg | Max |Std.Dev|Reliab%|
+ Cached Name | 0.048 | 0.052 | 0.057 | 0.002 | 100.0 |
+ Uncached Name | 0.060 | 0.104 | 0.344 | 0.073 | 100.0 |
+ DotCom Lookup | 0.063 | 0.070 | 0.158 | 0.014 | 100.0 |
google-public-dns-b.google.com
GOOGLE - Google LLC, US
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
+ Cached Name | 0.049 | 0.053 | 0.060 | 0.002 | 98.0 |
+ Uncached Name | 0.057 | 0.106 | 0.367 | 0.077 | 100.0 |
+ DotCom Lookup | 0.063 | 0.073 | 0.156 | 0.020 | 100.0 |
google-public-dns-a.google.com
GOOGLE - Google LLC, US
Why? 1/4 of course!
Also 1.1 (Score:1)
1.1.1.1 can be also expressed as 1.1
And by 1.1.1.1 I meant 1.0.0.1, of course, and why does Slashdot still not allow comment editing?
https://www.quad9.net
Other easy to remember public DNS Servers (Score:4, Informative)
Other easy to remember public DNS Servers
With this and all other attempts to provide privacy or security, what chain of trust allows me to believe that this is actually private or secure.
Surely there are many organizations with the resources to flood Slashdot with posts assuring me that this, or any other service, is secure.
Is TOR secure, or a NSA honeypot? How could I possibly know? Without personally having deep technical expertise, how can I trust anything.
An comments about tinfoil hats could be legit, or yet more planted posts.
We need a root source of trust or everything else falls apart.
"We need a root source of trust or everything else falls apart."
You need Jesus. Happy Easter.
We need a root source of trust or everything else falls apart.
Yeah, we could call that the Ministry of Truth.
How could I possibly know? Without personally having deep technical expertise, how can I trust anything.
Personally you'll only be able to prove high school physics and none of history, that is if you're not trapped in the Matrix.
Personally I feel like you're trying to make a reductio ad absurdum argument so say that since you don't know any absolute truth, any loony bin theory could be true. Blind faith is not good, total disbelief of everything you haven't personally verified is also not good. If you disagree here's some fatally poisonous mushrooms, enjoy your D