Cloudflare Launches 1.1.1.1 Consumer DNS Service With a Focus On Privacy

BrianFagioli writes: Today, Cloudflare announces a new consumer DNS service with a focus on privacy. Called '1.1.1.1.' it quite literally uses that easy-to-remeber IP address as the primary DNS server. Why announce on April Fool's Day? Because the IP is four ones and today's date is 4/1 -- clever. The secondary server is 1.0.0.1 -- also easy to remember.

The big question is why? With solid offerings from Google and Comodo, for instance, does the world need another DNS service? The answer is yes, because Cloudflare intends to focus on both speed, and more importantly, privacy.

Tried it, it's fast

[admin7087]

Looks good so far. The Piratebay is not censored (but is usually in my country), for example.

Re:Tried it, it's fast

[apoc.famine]

1) Slashdotting hasn't been a thing for like a decade now.
2) This is fucking cloudflare. You know, one of the companies SPECIFICALLY IN BUSINESS TO HELP WEBSITES AVOID THINGS LIKE SLASHDOTTING.

If /. could take them down, that would rather sink their business model.

Does not compute

Cloudflare is an American company which was funded as and began its life as a "honey-pot", where the owners realized that the only way to extend its reach was to grow and style it as a genuine business.

As an American company they also have to respond to and carry out orders from the NSA and CIA if there is a court order present (which there always is -- they have their own "courts").

There is a lot of power in being able to tell who is looking at what website, and being able to possibly redirect them elsewhere when needed. If you think for a second that your browsing is private and that this service will not be used for shady purposes, then you are kidding yourself.

Re:Does not compute

[OrangeTide]

I'm wrapping my cablemodem with tinfoil as we speak.

Why trust CF?

[hrbrmstr]

Not casting aspersions, but I've yet to see a reason why I (or anyone) should trust CF. The "KPMG" 'audit' reason is absolutely not sufficient, too.

The service is free and lures folks in with "fast". When a service is free, you're the product (see recent FB kerfuffle).

And, no IPv6 endpoint seems like a big missing component when "competitors" have it.

Re: Too bad Cisco uses this for a virtual IP in so

[Tim+the+Gecko]

I think you're confusing it with 10.x.x.x.

I don't think they are. For example: https://supportforums.cisco.co...

Pretty fast

[TFlan91]

Just ran a benchmark of the service, here are my results:

  Final benchmark results, sorted by nameserver performance:
  (average cached name retrieval speed, fastest to slowest)

        1. 0. 0. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.020 | 0.023 | 0.029 | 0.002 | 98.0 |
    - Uncached Name | 0.022 | 0.090 | 0.287 | 0.075 | 100.0 |
    - DotCom Lookup | 0.049 | 0.055 | 0.066 | 0.003 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                    CLOUDFLARENET - Cloudflare, Inc., US

        1. 1. 1. 1 | Min | Avg | Max |Std.Dev|Reliab%|
    - Cached Name | 0.021 | 0.023 | 0.030 | 0.002 | 95.9 |
    - Uncached Name | 0.022 | 0.096 | 0.325 | 0.082 | 100.0 |
    - DotCom Lookup | 0.048 | 0.073 | 0.166 | 0.043 | 100.0 |
                        1dot1dot1dot1.cloudflare-dns.com
                MEGAPATH2-US - MegaPath Networks Inc., US

        8. 8. 4. 4 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.048 | 0.052 | 0.057 | 0.002 | 100.0 |
    + Uncached Name | 0.060 | 0.104 | 0.344 | 0.073 | 100.0 |
    + DotCom Lookup | 0.063 | 0.070 | 0.158 | 0.014 | 100.0 |
                          google-public-dns-b.google.com
                                  GOOGLE - Google LLC, US

        8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
    + Cached Name | 0.049 | 0.053 | 0.060 | 0.002 | 98.0 |
    + Uncached Name | 0.057 | 0.106 | 0.367 | 0.077 | 100.0 |
    + DotCom Lookup | 0.063 | 0.073 | 0.156 | 0.020 | 100.0 |
                          google-public-dns-a.google.com
                                  GOOGLE - Google LLC, US

Re:How much for low numbered IPs?

[Waffle+Iron]

So now we have DNS servers on 1.1.1.1, 4.4.4.4, and 8.8.8.8. Who has 2.2.2.2

OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.

Re:How much for low numbered IPs?

[93+Escort+Wagon]

OK, all these different numerical addresses are starting to get confusing. Someone ought to invent some kind of protocol to automatically map human-readable names onto these obscure numbers.

One one one one
Four four four four
Eight eight eight eight

Re:OpenNIC and DNSCRYPT

[greenwow]

Exactly. You must take a stand against freedom of speech in order to protect it.

Classic lack of "root source of trust" problem

[joe_frisch]

With this and all other attempts to provide privacy or security, what chain of trust allows me to believe that this is actually private or secure.

Surely there are many organizations with the resources to flood Slashdot with posts assuring me that this, or any other service, is secure.

Is TOR secure, or a NSA honeypot? How could I possibly know? Without personally having deep technical expertise, how can I trust anything.

An comments about tinfoil hats could be legit, or yet more planted posts.

We need a root source of trust or everything else falls apart.