Cloudflare Launches 1.1.1.1 Consumer DNS Service With a Focus On Privacy

BrianFagioli writes: Today, Cloudflare announces a new consumer DNS service with a focus on privacy. Called '1.1.1.1.' it quite literally uses that easy-to-remeber IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.

The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

This DNS stops ISPs from knowing sites you visit?

[JoeyRox]

From the article:

"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you've connected to, and your mobile network provider have a list of every site you've visited while using them," says Cloudflare.

How does this stop ISPs from knowing which sites you visit? Once Cloudfare's DNS serves up the IP address (instead of your ISP's DNS), you still need to send/receive traffic from that IP address, which the ISP can easily monitor. The only way to prevent this is to use a VPN, while making sure to use your VPN's DNS as well.

Re:Tried it, it's fast - TPB.org

[charliemerritt03]

The Pirate bay was not censored for me. Fast.

Re: Too bad Cisco uses this for a virtual IP in so

[guruevi]

I think you're confusing it with 10.x.x.x. Although I've seen others type 1 or 100 due to typos, no self respecting network admin would do that though.

Re: Too bad Cisco uses this for a virtual IP in so

[Tim+the+Gecko]

I think you're confusing it with 10.x.x.x.

I don't think they are. For example: https://supportforums.cisco.co...

Pretty fast

[TFlan91]

Just ran a benchmark of the service, here are my results:

  Final benchmark results, sorted by nameserver performance:
  (average cached name retrieval speed, fastest to slowest)

        1. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.020 | 0.023 | 0.029 | 0.002 | 98.0 |
    - Uncached Name | 0.022 | 0.090 | 0.287 | 0.075 | 100.0 |
    - DotCom Lookup | 0.049 | 0.055 | 0.066 | 0.003 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                    CLOUDFLARENET - Cloudflare, Inc., US

        1. 1. 1. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.021 | 0.023 | 0.030 | 0.002 | 95.9 |
    - Uncached Name | 0.022 | 0.096 | 0.325 | 0.082 | 100.0 |
    - DotCom Lookup | 0.048 | 0.073 | 0.166 | 0.043 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                MEGAPATH2-US - MegaPath Networks Inc., US

        8. 8. 4. 4 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.048 | 0.052 | 0.057 | 0.002 | 100.0 |
    + Uncached Name | 0.060 | 0.104 | 0.344 | 0.073 | 100.0 |
    + DotCom Lookup | 0.063 | 0.070 | 0.158 | 0.014 | 100.0 |
                          google-public-dns-b.google.com
                                  GOOGLE - Google LLC, US

        8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.049 | 0.053 | 0.060 | 0.002 | 98.0 |
    + Uncached Name | 0.057 | 0.106 | 0.367 | 0.077 | 100.0 |
    + DotCom Lookup | 0.063 | 0.073 | 0.156 | 0.020 | 100.0 |
                          google-public-dns-a.google.com
                                  GOOGLE - Google LLC, US

Re:How much for low numbered IPs?

[Megane]

A zero host address in the local subnet in IPv4 means a reference to the local network. No matter your subnet length, 1.0.0.0 will always have a zero host address. 0/8 is reserved for "Local Identification". So 1.0.0.1 is the lowest valid IPv4 address.

So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2 and can they put a DNS server on it?

Re:Why trust CF?

[cascadingstylesheet]

And, no IPv6 endpoint seems like a big missing component when "competitors" have it.

it doesn't?

Re: Too bad Cisco uses this for a virtual IP in

[nasch]

Did you try the alternate 1.0.0.1?

Other easy to remember public DNS Servers

[Xenolith0]

Other easy to remember public DNS Servers

• Google (Unfiltered)
  • 8.8.4.4
  • 8.8.8.8
• Global Cyber Alliance (Filters malicious content)
  • 9.9.9.9
• Cloudflare
  • 1.0.0.1
  • 1.1.1.1
• Level 3 Communications
  • 4.2.2.1
  • 4.2.2.2
  • 4.2.2.3
  • 4.2.2.4
  • 4.2.2.5
  • 4.2.2.6

Re:Meh

[grub]

So set up Cloudflare's DNS as your forwarders. I just did that.

Re:Too bad Cisco uses this for a virtual IP in som

Too bad Cisco uses this for a virtual IP in some o
Like their wireless lan controllers.

It is a shame so many "networking companies" can so badly fuckup basics of networking like that.

Remember when Linksys hard coded a bunch of public MIT server addresses as "internal" because they didn't know the most commonly used private-reserved IP block was 192.168.*.* and thought all IPs under 192.* were?

Or when Juniper hard coded 128.* as a blackhole range?

Back on the current topic, 1.0.0.0/8 was reserved for packet radio networks from 1981 until only 2010.
I can only imagine Cisco isn't alone in incorrectly utilizing it for their own purposes.

A prior company I worked for used the 14.* block internally as well, although partially in their defense the company and its internal networks predated RFC1918 by a couple of years, and the 14/8 was similarly reserved as 1/8 for unroutable traffic before any blocks of addresses were specifically allocated as such.

Re:How much for low numbered IPs?

[sims+2]

1.1.1.1 valid cloudflare
2.2.2.2 invalid owned by Orange S.A. according to RIPE
3.3.3.3 invalid owned by Amazon
4.4.4.4 invalid owned by Level 3 Communications, Inc
5.5.5.5 invaild owned by TelefÃnica Germany
6.6.6.6 invalid owned by Headquarters, USAISC
7.7.7.7 invalid owned by DoD Network Information Center
8.8.8.8 valid google
9.9.9.9 valid quad9

Re:How much for low numbered IPs?

[jeremyp]

6.6.6. the network of the Beast

Re:Does not compute

[pots]

Courts can't compel Cloudflare to collect information, they can only compel them to turn over the information which they already have. Cloudflare says:

While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would.

In the end you're still probably better off using the DNS that your VPN provides, but this seems like a good alternative to 8.8.8.8.

Re:Tried it, it's fast

[Dast]

We also apparently didn't read the fucking man page for dig, did we? Here, let me help.

man dig

NAME
              dig - DNS lookup utility

SYNOPSIS
              dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

              dig [-h]

              dig [global-queryopt...] [query...]