Cloudflare’s new 220.127.116.11 public service provides faster internet address resolution and the promise of improved privacy for DNS.
Cloudflare is the latest vendor to offer consumers a freely available Domain Name Service that aims to help accelerate and secure internet traffic.
On April 1, Cloudflare announced the debut of its 18.104.22.168 DNS resolver in partnership with APNIC (Asia Pacific Network Information Centre) Labs. With the 22.214.171.124 service, Cloudflare is providing a public DNS resolver that is enabled by Cloudflare’s global anycast network, which is powered by a set of 149 data centers around the world
“The insecurity of the DNS infrastructure struck the team at Cloudflare as a bug at the core of the internet, so we set out to do something about it,” Matthew Prince, CEO of Cloudflare wrote in a blog post. “Given we run one of the largest, most interconnected global networks—and have a lot of experience with DNS—we were well positioned to launch a consumer DNS service.”
A DNS resolver helps to ‘resolve’ or connect IP addresses to domain names. Most consumers get DNS resolution from their internet service provider (ISP) as part of standard connectivity services. The challenge is that not all ISPs are fast and few are globally distributed. The other challenge with regular DNS resolution is that queries sent by end-users to a DNS resolver can potentially be monitored by ISPs and others, which represents a privacy risk.
“DNS inherently is unencrypted so it leaks data to anyone who’s monitoring your network connection,” Prince wrote.
With the 126.96.36.199 service, Cloudflare is integrating support for a pair of security enhancement to standard DNS resolution. The two protocols are DNS-over-TLS (Transport Layer Security) and DNS over HTTPS, which both transmit DNS queries over an encrypted data link.
“The DNS resolver, 188.8.131.52, is also supporting privacy-enabled TLS queries on port 853 (DNS over TLS), so we can keep queries hidden from snooping networks,” Olafur Gudmundsson wrote in a blog post. “Furthermore, by offering the experimental DoH (DNS over HTTPS) protocol, we improve both privacy and a number of future speedups for end users, as browsers and other applications can now mix DNS and HTTPS traffic into one single connection.”
Cloudflare isn’t the first vendor to offer a freely available public DNS service. Google has a public DNS service and Cisco provides DNS acceleration and security via its OpenDNS and Umbrella services. In November 2017, IBM helped to launchthe Quad9 (184.108.40.206) public DNS service which also provides security and acceleration. On March 29, New York City Mayor Bill de Blasio announced a new NYC.Secure initiative which makes use of the Quad9 service to help secure WiFi connectivity for New Yorkers.
Cloudflare claims in its blog posts that the 220.127.116.11 service is potentially faster than Google and OpenDNS. Cloudflare did not specifically identify Quad9 in its announcement. According to multiple reports however, Quad9 is at least as fast as the Cloudflare 18.104.22.168 service.
Regardless of whether 22.214.171.124 is the fastest service for DNS resolution, it’s relatively easy for anyone to try it out. The 126.96.36.199 site provides full instructions and it’s as simple as changing the DNS server entry in the settings section of Windows, macOS, Linux, IOS, Android devices as well as directly on routers.