Cloudflare Launches New DNS Service
Cloudflare, the company that offers protection against DDoS attacks, is now offering a new consumer DNS service. According to the company, the new service will be “the Internet’s fastest, privacy-first consumer DNS service.”
DNS services provided by ISPs are often slow, and the the public nature of DNS makes it difficult for them to provide privacy for users. Cloudflare has the goal of ensuring privacy and speed at the same time. According to the announcement, the new service will "wipe all logs of DNS queries within 24 hours."
"Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads," says the Cloudflare DNS page.
To ensure privacy, Cloudflare promises "We will never log your IP address (the way other companies identify you). And we’re not just saying that. We’ve retained KPMG to audit our systems annually to ensure that we're doing what we say."
DNS is a 35-year-old protocol that was not designed with security or privacy in mind; it’s also showing its age. "What's needed is a move to a new, modern protocol. There are a couple of different approaches. One is DNS-over-TLS. That takes the existing DNS protocol and adds transport layer encryption. Another is DNS-over-HTTPS. It includes security but also all the modern enhancements like supporting other transport layers (e.g., QUIC) and new technologies like server HTTP/2 Server Push. Both DNS-over-TLS and DNS-over-HTTPS are open standards. And, at launch, we've ensured 1.1.1.1 supports both," wrote Cloudflare in the blog.
To get started with the new service just open https://1.1.1.1/ from your web browser and follow the instructions.