The need for speed (and security): Cloudflare has developed a new DNS service for PCs and phones

Discussion in 'privacy technology' started by ronjor, Apr 1, 2018.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    by Tom Krazit on April 1, 2018
     
  2. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    This is quite interesting since I know Cloudflare is all about performance and security.
    Link: https://1.1.1.1/ (nice and simple)

    I have difficulty believing this on April Fool's Day but I will have a 3rd coffee and a shower and read this over again and add this to my router's configuration and see how it goes.
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Interesting. I wish it was able to block ads and other garbage like Adguard DNS or Norton. May test it out though.
     
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Well I can confirm that this is absolutely resolving names as a DNS provider does, so this is legitimate. Not only that, but this seems much faster in comparison to OpenDNS which was always the fastest for me since they have a location in Toronto as well. We all know that Cloudflare has CDN's all over the world as well so I am assuming that they may even have more "reach" in comparison to OpenDNS which is super impressive. :thumb:
     
  5. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I do much of this adblocking in my router with OpenWrt , it's adblock addon, and an imported list which is the official one which Adguard DNS uses. This way all of the processing in done on the router side and allows for easy whitelisting for exclusions on a sub-domain level. You could do this locally per machine as well with a local instance of BIND DNS which I used to use a few years ago.

    Blocking seems best done on the browser/application level anyway since that is the best way to clean up artifacts left behind such as empty space where an ad used to be.
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Speed is questionable, since it depends on the location of the servers, but as for better security I fail to see, what security? It is not encrypted and it does not block malware.
     

    Attached Files:

  7. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    849
    Last edited: Apr 1, 2018
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I understand. I do use uBlock Origin in my Chrome browser. But I have been using DNS with ad blocking capabilities for a number of years. I checked out this service and its ok for starters. Level3 DNS is still faster for me so I went back to that. In addition I ran Steve Gibson's DNS spoofability test and it came back as moderate.
     
  9. 142395

    142395 Guest

    So, Cloudflare, IBM, Symantec, Cisco, Google, Yandex,... these "secure" DNS cache servers seem to be all about "choosing from bad apples" privacy-wise. But, to me, Cloudflare positions in worse side even in these bad apples, not because Cloudbleed, but rather fundamental approach of them for TLS and DDoS protection, namely MITM.

    Maybe I have to consider running my own full-recursive DNS server...
     
  10. guest

    guest Guest

    Cloudflare's 1.1.1.1 DNS Service Makes the Internet More Private & Faster
    April 1, 2018
    https://www.bleepingcomputer.com/ne...e-makes-the-internet-more-private-and-faster/
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    DNSSEC is not supported, is it?
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/
     
  13. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
  14. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    473
    Location:
    Neo Tokyo
  15. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I just ran this test and it came back as "Excellent".
     
  18. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Interesting. Did not for me a few days ago. Oh well.
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Here's the result from one server. Note the box under the results. That's the first time I've seen that when testing different DNS providers.
     

    Attached Files:

  20. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Still moderate for me brother.

    Capture.PNG
     
  21. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    If the name can't be resolved does your browser produce the error message or does Cloudflare send you a special page?

    ie. if you go http:// and type a bunch of gibberish before the .com
     
  22. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    No redirection:

    upload_2018-4-3_16-57-2.png
     
  23. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    Excellent. Thanks.
     
  24. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Does Cloudflare DNS are fast when using DNS over HTTPS or DNS over TLS, too? I am testing them and it seems good, old DNSCrypt protocol is faster.
     
  25. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    716
    Location:
    UK
    Would that writing fall in-line with Cloudflare encrypting the DNS?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.