Cloudflare Launches Privacy-Focused 1.1.1.1 DNS Service

Cloudflare DNS server locations. (Image credit: Cloudflare)

Cloudflare, a well known internet performance and security company, announced its own privacy-focused, fast, and secure Domain Name System (DNS) resolver with the easy to remember address of 1.1.1.1.

What Is A DNS Resolver

A DNS resolver is a server that stores a central database of website names and links them to their respective IP addresses. Without DNS servers, we’d only be able to connect to websites using the IP address of the websites’ servers. Therefore, DNS resolvers make using the web much easier for humans.

However, DNS resolvers have much power, too, in the sense that they could either censor certain websites or they could track what websites users visit. For instance, the Turkish government is known for ordering its ISPs to stop resolving the domain names of particular websites or services. Then, for the vast majority of internet users in Turkey, those sites will be as good as censored.

However, some Turkish users realized how the censorship was being done, and started using other DNS resolvers to visit the censored websites. They even promoted Google’s own DNS resolver, hosted at 8.8.8.8, because of how easy it was to remember.

A “Privacy-First” DNS Resolver

Cloudflare is now launching its competing DNS server, hosted at 1.1.1.1, but according to the company, the service is implemented and operated based on “privacy-first” principles.

Cloudflare said that most DNS servers by default not secure, not encrypted, and they certainly aren’t too privacy-focused. As we’ve seen recently, ISPs have started tracking users’ browsing habits, similarly to Google and Facebook, because all the data goes through their cables. Encrypted data transferred over HTTPS is protected, but if you use the default DNS resolver provided by your ISP, then the ISP will be able to see the requests you make to specific websites.

Cloudflare claimed that its 1.1.1.1 DNS resolver supports encrypted DNS and DNS over HTTPS, and that its data logs are deleted after 24 hours. No user data or IP address is stored.

Matthew Prince, co-founder and CEO of Cloudflare, said:

We think it’s creepy that user data is sold to advertisers and used to target consumers without their knowledge or consent. Frankly, we don’t want to know what people do on the Internet—it’s none of our business—and we’ve designed 1.1.1.1 to ensure that we, along with ISPs around the world, can’t.

Cloudflare also claimed that the 1.1.1.1 DNS resolver is already one of the fastest on the internet. The company plans to eventually lower the latency between any user requesting a website in their browser and its DNS servers to under 10 miliseconds.

APNIC is a non-profit organization that helps Cloudflare operate this service for the Asia-Pacific region. It also provided Clouflare with the easy to remember 1.1.1.1 and 1.0.0.1 IP addresses. Geoff Huston, Chief Scientist at APNIC, said:

At APNIC Labs, we’re aware that the DNS is not always private, fast, or secure, and we’re always looking for ways to improve how it works. We’re working with Cloudflare to refine this basic Internet function so that users have a much more private and faster experience.

How To Set-Up Cloudflare’s 1.1.1.1 DNS Resolver

If you’ve ever changed your DNS servers on your computer before, then you also know how to set-up Cloudflare’s DNS resolver, because it’s no different. If you’ve never done that, then you all you need to do is look up the network settings on your PC, Mac, iPhone, or Android device, find the DNS server setting, and add the 1.1.1.1 address in there.

For the alternate server, Clouflare also provides the 1.0.0.1 address, in case there’s any downtime for the primary one. Cloudflare also chose two IPv6 addresses that only use numbers, again for the sake of simplicity: 2606:4700:4700::1111 and 2606:4700:4700::1001.

The company provides more information on how to set-up its DNS servers at https://1.1.1.1/.

Cloudflare also assured us that the launch of this service is no April Fools prank. The reason for why it chose to launch the service today, on a Sunday, on 4/1/2018 is that the data contains 4/1, which can be read as four 1’s, just like its DNS server address: 1.1.1.1.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • toadhammer
    Something discussing actual support for DNS over HTTPS would be a welcome addition to this article. Various servers have been around for a couple years now and it's still in draft/test status...
    Reply
  • theyeti87
    Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole?
    Reply
  • bit_user
    I'm not sure how much privacy this really adds. Google's 8.8.8.8 has been around long enough that I imagine a fair number of ISPs are already doing reverse-lookups.
    Reply
  • TJ Hooker
    20850634 said:
    Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole?
    You still need a DNS provider if you're using pihole. The default used by pihole is Google DNS.
    Reply
  • theyeti87
    20851310 said:
    20850634 said:
    Are there any advantages/disadvantages to using Cloudflare DNS as opposed to Pihole?
    You still need a DNS provider if you're using pihole. The default used by pihole is Google DNS.

    A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole?
    Reply
  • TJ Hooker
    20852263 said:
    A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole?
    Well, according to Cloudflare it's more private due to using encrypted DNS and deleting all logs after 24 hours. I can't say how this compares to other DNS e.g. Google. I would think that it would be more private than Google if you are logged in to Google on your computer, because then it'd probably be pretty easy for Google to link all DNS requests from your IP back to your Google account. Same could be said about using your ISP's DNS, which they could link back to your account. I'm not saying other DNS (e.g. Cloudflare) couldn't link your IP back to you somehow, but probably not as easy.
    Reply
  • theyeti87
    20856419 said:
    20852263 said:
    A revised question would be, is there a benefit in using Cloudflare DNS over the 6 different options I have within the pihole?
    Well, according to Cloudflare it's more private due to using encrypted DNS and deleting all logs after 24 hours. I can't say how this compares to other DNS e.g. Google. I would think that it would be more private than Google if you are logged in to Google on your computer, because then it'd probably be pretty easy for Google to link all DNS requests from your IP back to your Google account. Same could be said about using your ISP's DNS, which they could link back to your account. I'm not saying other DNS (e.g. Cloudflare) couldn't link your IP back to you somehow, but probably not as easy.

    Thanks for the info. I'm not using Google for DNS, but rather Comodo Secure DNS.
    Reply