For free the new DNS 1.1.1.1 server from CloudFlare with more privacy and security

Not so long ago, F-Secure together with the Global Cyber ​​Alliance, IBM and Packet Clearing House provided a free DNS service - Quad9 . The company F-Secure, famous for its traditional antivirus software, modern security services (SaaS) for companies and VPN software - F-Secure Freedome, has managed to create a service that aims to protect individual users and companies from URLs that contain malware. The company CloudFlare is now joining a group of DNS service providers ( here is more about CF ), which is known from the global network of CDN servers, anti-DDoS protection, firewall for web applications (web application firewall), Universal SSL certificates and blocking Nazi websites .

The new DNS 1.1.1.1 server from CloudFlare

The DNS service allowing for exchanging addresses known to Internet users to addresses understandable for devices forming a computer network operates under the addresses for IPv4: 1.1.1.1 and 1.0.0.1 and for IPv6: 2 606:4700:4700::1111 and 2606:4700:4700::1001 , which were parked on CloudFlafre servers and borrowed from a partner, APNIC Labs.

DNS servers 1.1.1.1 have been called "faster" by several users after several dozen hours. Faster than DNS from Google, Cisco (OpenDNS), Comodo and local Internet providers such as Netia, Orange or UPS .

The new DNS 1.1.1.1 server from CloudFlare

DNS 1.1.1.1 server. CloudFlare is designed to provide increased privacy as opposed to known and popular DNS service providers. Logs from each user's activity are to be stored for only 24 hours, after which they will be erased. CloudFlare committed to conduct the audit once every 12 months, using the services of an external company KPMG.

"We're committing to the fact that we're even missing from the logs within 24 hours. personal identifiable information that would be there. "

The DNS 1.1.1.1 server supports DNS-over-TLS and DNS-over-HTTPS by default (systems and browsers by default) - protocols that need to process a DNS request and establish an encrypted connection to protect information (IP address and URL visited). For example, if in March 2014 the Turkish government blocked the domain twitter.com from local ISPs, it was enough to change the DNS addresses of the router / device, e.g. 8.8.8.8, to bypass restrictions. In this case, Google continued to inspect user URLs visited because DNS requests were not encrypted.

It is worth remembering that a similar situation occurs when using the VPN service. VPN servers, although they allow you to bypass imposed restrictions, do not serve to protect your privacy.

This link provides more information on how the DNS server works.

To change the DNS addresses for all devices in the local network, you should do it in the router configuration. The change of DNS addresses for one device should be performed in the IPv4 or IPv6 network connection configuration.

With the following command running in PowerShell, you can test DNS server response time (the better this is):

measure-command {resolve-dnsname avlab.pl -server 8.8.8.8}). milliseconds

measure-command {resolve-dnsname avlab.pl -server 1.1.1.1}). milliseconds 

More interesting materials:



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.