Cloudflare launches new Public DNS

opethdisciple

opethdisciple

opethdisciple

Soldato
Joined
18 May 2010
Posts
22,849
Location
London
I noticed this today.

CloudFlare article.

It sounds great!! Faster than Google and Open DNS and all the security and privacy tech available.

However... it being posted on April Fools.... is this just a joke?

Doesn't seem to be a joke.

---

Well I tried it and found that YouTube videos where not buffering ahead fast enough to keep videos playing smoothly. Google DNS seemed better.
 
Last edited:
I think the idea is really not to give the likes of Google and Facebook et al any more of our data. Which I think is what CloudFlare are banking on.

The other thing is the source code is open source and they have KPMG auditing them to back up their claims of privacy and security.
 
Last edited:
Possibly the only gotcha is that "Cloudflare is sharing DNS query data with APNIC Labs, a part of Asian registry APNIC, in exchange for the use of its 1.1.1.1 network address."

"The regional internet registry insists it wants to better understand the technical intricacies of DNS, in order to mitigate denial-of-service attacks and to optimize server communication. The research relationship is set to run for at least five years, after which it may be renewed and APNIC will consider permanently allocating the 1.1.1.1 IP address – along with 1.0.0.1 – to Cloudflare"

APNIC goes on to say:

"We will be destroying all 'raw' DNS data as soon as we have performed statistical analysis on the data flow," APNIC Labs said in a blog post on Sunday.

"We will not be compiling any form of profiles of activity that could be used to identify individuals, and we will ensure that any retained processed data is sufficiently generic that it will not be susceptible to efforts to reconstruct individual profiles."

APNIC Labs says that it will also limit access to the data by its researchers and will abide by its non-disclosure policies."

Link.
 
neodude said:
Decided to give DNS over TLS a bash while I'm in a tinkering mood. Seems that DNS over TLS with the CloudFlare servers is broken at the moment in PfSense. Using Quad9 until it's fixed.

On a related note. I currently use an outbound rule that forces any VPN hosts on my network to send their DNS requests via the VPN tunnel to CloudFlare's servers, preventing DNS leaks. Would I be correct in assuming that this is no longer required when using DNS over TLS? And that if I disable it and allow my VPN hosts to use UnBound, while my DNS requests would be leaking, the packets would be encrypted rendering them useless to any snooping ISPs? Or am I understanding it wrong?
Click to expand...

I do believe that if it's browser traffic your referring too that this also needs to be enabled in the browser.

I don't think it's on by default in FireFox. But can be experimentally enabled.
 
Last edited:
To be honest.... So far I haven't been impressed. Google DNS seems faster for me (I'm in London) in the 3 days since I switched to cloudflare.

Or rather it seems quick at some things and slower at others.

My assumption is that the service is still in its infancy being only 3 days so I'm willing to give it a little more time.
 
Last edited:
billysielu said:
They share the data, not really privacy at all. It's just Facebook/CA all over again.
Click to expand...

They are indeed sharing the DNS traffic with APNIC but the source code for the DNS server is open source all the privacy and security promises made by cloudflare are being audited by KPMG and the data given over to APNIC is supposedly striped of anything identifiable or profilable so anonymity is promised.

Of course how can anyone be 100% sure. But that's the same with any other DNS or service io the internet.
 
You must log in or register to reply here.
Back
Top Bottom