Stay Safe - Cloudflare DNS 1.1.1.1, should you use it?
Hey Steemians! On 1st Apr, Cloudflare announced their DNS service which is running on the IP address 1.1.1.1. As the news was released on April's Fool Day, I initially thought it was just a joke. However, I was proven wrong and Cloudflare is indeed providing their own DNS service.
What is DNS?
DNS is Domain Name System in short. The internet is made up of IP addresses that are made of numbers that are meant for machines. As such, DNS was developed to basically assign a human-friendly name to IP addresses. Steemit.com is an example of a domain name. When you do a nslookup, you will find that the underlying IP address is actually 34.231.209.55. But you will not use 34.231.209.55 on your browser when you want to visit Steemit, instead you will use Steemit.com. What Cloudflare is offering for free now is a DNS service which will help you translate from domain name to IP address.
DNS is an integral part of our web experience. In fact, many people do not know the concept of IP addresses and all they know is domain name. If you are a Singaporean, you might still recall in late 2016, both Starhub and Singtel had their own problems with their DNS service and led to many users losing internet connectivity.
How is Cloudflare DNS service different?
First of all, Cloudflare is a company best known for their DDoS mitigation service. They claim to have mitigated up to 800Gbps+ of DDoS attack for one of their customers. Anti-DDoS being Cloudflare's core business, we can expect their DNS service to be also very resilient against DDoS attack. Hence, it is less likely that they will encounter the downtime which Starhub had in 2016.
Next, Cloudflare DNS is supposedly faster than usual DNS services provided by ISPs (Internet Service Providers).
Cloudflare claims its resolver will take 14.8 milliseconds to answer a DNS query, which according to Cloudflare beats the 70-millisecond average among ISPs and the 34.73-millisecond response time from Google's public DNS services.
In addition, Cloudflare is offering better privacy. When you use the DNS service from your ISP, they have records of which sites you are visiting. Even if you are using HTTPS, which is supposed to be encrypted web traffic, a normal DNS query is not encrypted. Cloudflare DNS service, on the other hand, promises not to use the DNS query logs at all and will only keep them for 24 hours. They are even getting an external auditor to check and audit this claim.
While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we're doing what we said we would.
Finally, Cloudflare DNS also supports DNS over HTTPS and DNS over TLS for better privacy. If you are keen to use Cloudflare DNS service, this article offers a comprehensive guide for the DNS configuration for different devices.
So far so good
I have been using the service for a few days. It is so far so good. I do not feel the speed difference though as it is very difficult to notice a ~50ms of improvement. Having more options for DNS service is a good thing and having one which emphasizes on privacy and security is even better.
I think most consumers will welcome such initiatives by companies. However, I am personally looking forward more to the vision of a decentralized internet. Projects like Substratum, SkyCoin and MaidSafe are spearheading the field of decentralized internet. This is only made possible by the use of blockchain, P2P networking and incentivizing participants through cryptocurrencies.
Thanks for reading! As usual let me know your thoughts on Cloudflare DNS and whether you are also using it.
I've been using it for the claim of better privacy and security. But has not yet verified if this helps to prevent government surveillance over the network.
Well.. we will never be certain as this is a centralised service provided by Cloudflare. At least they are going to do some audits to back those claims.
Substratum is a great coin - definitely a longtermer in my opinion. Although I am not fully updated on this project but I still hold the coin.
I think MaidSafe too but I cannot remember right now haha.
DNS really sounds interesting - thanks for the post bro. Unfortunately I am way too tired atm to properly "discuss".
Btw. I am not a professional in this field either (IP addresses and that stuff). At least after reading your post I know more about it.
Haha.. Yea, I am a long term hodler of Substratum. Rest more bro, and I am happy my article helped!
Perfect. Yes, I definitely should, I am still way too tired. Thanks again.
Cheers!
Great and informative Article.
I think cloudflare is doing a good job at this. But as you said, it would be even better if we don’t need these kinds of centralization anymore.
I just discovered your Blog and looking forward to read more well written articles like that !
Thanks for reading! I am also following your blog as I found you are one of the bloggers on Steemit that post on security topics regularly.
Hmm.. It is good to have choices to use the Internet privately. I haven't tried the Cloudfare DNS yet. Upvoted!
Yea. Moreover, it is free and relatively easy to configure. So why not? Haha..
Thank you for the article, and related articles. Now I know a bit more about DNS and IPs. And that there is another option call Cloudflare. :-)
I met Matthew Prince a few years back when he came to Singapore to bid for a project. Nice guy.
DDoS wasn't taken too seriously back then, so we didn't signed up for his service.
Now I think cloudflare had earned themselves a good reputation and is well established in the internet security business.