The need for speed (and security): Cloudflare has developed a new DNS service for PCs and phones

Ignorance is bliss

Can someone tell me how to add this to DnsJumper? I am lost! Thanks

Never mind - I figured it out. Duh

Sooper and thorough article here:

https://www.sevenforums.com/news/41...stest-privacy-first-consumer-dns-service.html

 

No idea how to interpret this.

 

Check eastdakota's (CEO & co-founder of CloudFlare) comments here which might give you some insight.

 

It does not matter, where they are stored, they are stored for at least 24 hours, as they said themselves. Instead of using settings to prevent logging, they store them for "improving services".

The way I see it and why I would not use it (for privacy, but it might be good for performance), based on what they said:

1. We do not store logs.
2. We remove logs after 24 hours.
3. We keep some logs, because ... (their privacy policy includes several reasons, not listed on 1.1.1.1 by the way)

 

Not "at least". As you can read some part of information is not stored even for a moment. The other (not immediately deleted) part is stored maximally 24 hours.
And yes, it does matter whether information hits the HDD/SSD/other storage device or it is stored in volatile memory such as DDRAM.

I understand Cloudflare stance. They have really big amount of information to transfer and sometimes process. Their services are used as DDOS protection. They need tools to distinguish between malicious traffic and non-malicious traffic.

If you are really paranoid don't use Cloudflare - I understand that. I also understand Cloudflare decision - it seems a quite good trade-off between clients wish of privacy and their need to effectively protect their services.

 

Me too, they have their own network to protect, but they should not advertise it as a privacy focused DNS, because it is not. That stored info could be accessed, stolen, etc, by anyone.

 

By anyone who compromises their DNS service. Even that successful intruder would have limited information about requests - only 24 hours of them (or less) and no IP addresses.

 

Norton ConnectSafe privacy policy.

You may compare that with Quad9's privacy policy.

https://quad9.net/privacy/

 

I agree. If data is not written to disk, intruder has to compromise their services and servers to get to it. But this could happen to any DNS service provider so non of them is truly "private" if we take this into account.

 

At least it's good they do not record IP and have 3rd party audit for wiping of other logs. IMO other competitor should follow this.
Yes, w/out IP, correlation will be hard even in case of compromise.

Thx, I'll look it.

 

Ok, so it seems TairikuOkami is right.

It should be called log as long as it is stored certain time period (24h) even after you stopped using the service. I don't say there's no difference btwn HDD & RAM, but it's common misconception that RAM is safe place to store sensitive info, prominent example is cold-boot attack ofc.

 

Fixing reachability to 1.1.1.1, GLOBALLY!
https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-globally/

 

The way it could be made more secure is to create an app to intercept dns requests and make the same request to multiple dns servers and if the responses dont all match....

 

Website such as https://whoer.net or https://ipleak.net don't show the DNS used when using these DNS servers.




Does this happen to anyone else?

 

@yeL Mine is also not showing DNS just like your experience.

 

So what does https://www.grc.com/dns/dns.htm show?

 

@mirmir

 

Thanks

Interesting. So none of these sites can tell what DNS server you're using.

That's a good thing, I think.

 

Searching for all DNS nameservers used by your system:

No nameservers were found

 

I've been using this service for the last few days but today I had several sites not loading and Firefox telling me the page couldn't be found. Changed back to my ISP's DNS and the same sites loaded straight away.

 

I changed back to Quad9.

 

That's good news. I gather that they were using 1.1.1.1 internally in some broadband routers. Cisco has done the same. Nobody was using it publicly, so hey. But now they are.

 

No it isn't, it's a very bad thing. Many services use your DNS IP to decide what content server to connect you to. For example, YouTube. You may experience speed slowdowns on many sites.

That being said, the website linked by @yeL and @WildByDesign is rubbish. Use https://www.dnsleaktest.com/ instead, which correctly gives results.