Cloudflare Launches Privacy-Focused DNS Service: 1.1.1.1

Cloudflare, a company that provides CDN, DDos mitigation and other services, launched a new free consumer DNS service called 1.1.1.1 yesterday. While released on April 1st, the new DNS service is not a joke - in fact, the release date was intentionally picked because 4.1 (April 1st) matches their new DNS 1.1.1.1 (1+1+1+1 / 1).

In short, a DNS is used to "translate" a human readable domain name, like www.linuxuprising.com to a machine-readable IP address.


Cloudflare DNS speed

According to Cloudflare, the new DNS service, which is available for both IPv4 and IPv6, is faster than other similar services (like Google or OpenDNS) and is aimed at privacy:

We committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours. Cloudflare's business has never been built around tracking users or selling advertising. We don't see personal data as an asset; we see it as a toxic asset. While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours.

1.1.1.1 supports both DNS-over-TLS and DNS-over-HTTPS, two open standard created with the user's privacy and security in mind, which can prevent things like eavesdropping, manipulation of DNS data by man-in-the-middle attacks, as well as circumvent some Internet Service Provider restrictions.

I feel like I should mention that while DNS-over-TLS and DNS-over-HTTPS do offer increased privacy and security, a VPN is still required if you don't want your web activity exposed.

DNS-over-HTTPS will be included in Firefox starting with version 60, which is currently in beta (see here how to install it in Linux Mint or Ubuntu from a PPA).

With most tech companies making promises left and right, you may be wondering if you should trust Cloudflare. I don't have an exact answer to this, but at the end of the day, you can choose to either trust someone who who says they delete the logs after 24 hours and don't write the querying IP addresses to disk, or trust your ISP or Google, who don't make such claims at all.

Furthermore, Cloudflare says they will pay a well-respected audit firm to audit their code once a year and publish a public report to show its users that they are doing what they said they would.

To set up Cloudflare's new DNS (1.1.1.1 and 1.0.0.1), see their new website: 1.1.1.1. As a side note, if you decide to use it, I recommend entering the DNS in your router's settings, and not on your computer, so everyone in your network can take advantage of the new DNS service.