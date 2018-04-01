Slashdot is powered by your submissions, so send in your scoop

 


Cloudflare Launches 1.1.1.1 Consumer DNS Service With a Focus On Privacy (betanews.com) 42

Posted by msmash from the how-about-that dept.
BrianFagioli writes: Today, Cloudflare announces a new consumer DNS service with a focus on privacy. Called '1.1.1.1.' it quite literally uses that easy-to-remeber IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.

The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

  • Tried it, it's fast (Score:3)

    by Unknown User ( 4795349 ) on Sunday April 01, 2018 @01:02PM (#56363235)
    Looks good so far. The Piratebay is not censored (but is usually in my country), for example.

  • Like their wireless lan controllers.

  • Does not compute (Score:1)

    by Anonymous Coward

    Cloudflare is an American company which was funded as and began its life as a "honey-pot", where the owners realized that the only way to extend its reach was to grow and style it as a genuine business.

    As an American company they also have to respond to and carry out orders from the NSA and CIA if there is a court order present (which there always is -- they have their own "courts").

    There is a lot of power in being able to tell who is looking at what website, and being able to possibly redirect them elsewhe

  • This DNS stops ISPs from knowing sites you visit? (Score:4, Informative)

    by JoeyRox ( 2711699 ) on Sunday April 01, 2018 @01:27PM (#56363303)
    From the article:

    "What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.

    How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.

    • On the surface, yes. But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options) https://developers.cloudflare.... [cloudflare.com]

      • But, there are a number of options available for transport privacy that do not require using a VPN (provided you actually trust Cloudflare not to use your data and are savvy enough to setup one of the options)

        What alternate options does Cloudfare provide that don't require a VPN? I didn't see them mentioned in the link you provided. Is it an https tunnel through their servers?

  • Their priorities make the service an interesting alternative to Quad9: https://www.globalcyberallianc... [globalcyberalliance.org]

    Are they also going to offer DNS over TLS?

  • Works faster than level 3, hello Cloudflare.

  • Why trust CF? (Score:3)

    by hrbrmstr ( 324215 ) on Sunday April 01, 2018 @01:41PM (#56363345) Homepage Journal

    Not casting aspersions, but I've yet to see a reason why I (or anyone) should trust CF. The "KPMG" 'audit' reason is absolutely not sufficient, too.

    The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).

    And, no IPv6 endpoint seems like a big missing component when "competitors" have it.

  • Just ran a benchmark [grc.com] of the service, here are my results:


    Final benchmark results, sorted by nameserver performance:
    (average cached name retrieval speed, fastest to slowest)

    1. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.020 | 0.023 | 0.029 | 0.002 | 98.0 |
    - Uncached Name | 0.022 | 0.090 | 0.287 | 0.075 | 100.0 |
    - DotCom Lookup | 0.049 | 0.055 | 0.066 | 0.003 | 100.0 |

  • I just run my own. Not that hard.
  • To note that in most IP parsing libraries (or at least the ones I'm familiar with) 1.1.1.1 can be also expressed as 1.1 (if less than four numbers the last number is interpreted on as many bits are left till 32). So you can now be cool and ping 1.1 or dig google.com @1.1., making the old favourite, 8.8.8.8, quite a mouthful in comparison.
  • They ate our & 's that day.

