New DNS over HTTPS service: Cloudflare

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › New DNS over HTTPS service: Cloudflare

freitasm

BDFL - Memuneh
67879 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#232130 31-Mar-2018 11:21

Saw a headline pointing to a Google cache for the (now empty) page at https://1.1.1.1/

The Google cache has now been removed. The headline was about this being a new DNS service by Cloudflare.

These links are referral codes

1 | 2

BDFL - Memuneh
67879 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#1986304 31-Mar-2018 11:30

Wired has published an article about this service now: Cloudflare's New Encryption Service Adds Privacy Protection for Web Browsing.

These links are referral codes

freitasm

BDFL - Memuneh
67879 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#1986306 31-Mar-2018 11:32

And here is the HackerNews discussion on this new Cloudflare service.

These links are referral codes

vulcannz

436 posts

Ultimate Geek
Inactive user

#1986588 31-Mar-2018 22:05

Are people really that worried about their DNS traffic?

freitasm

BDFL - Memuneh
67879 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#1986589 31-Mar-2018 22:06

Some people maybe, as it can be used to identify some very private things.

These links are referral codes

vulcannz

436 posts

Ultimate Geek
Inactive user

#1986600 31-Mar-2018 22:35

freitasm:

Some people maybe, as it can be used to identify some very private things.

Just DNS queries, so sites you may be visiting. Which for the most part can be found fairly easily if someone is across your upstream traffic anyway.

michaelmurfy

/dev/null
9458 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1986626 1-Apr-2018 00:09

Irony on the date:

We’ve built 1.1.1.1 to be the Internet’s fastest DNS directory. Don’t take our word for it. The independent DNS monitor DNSPerf ranks 1.1.1.1 the fastest DNS service in the world. As of April 1, 2018, we’re 53% faster than second place, which means we're at least 53% faster than whatever you're using today.

Anyway - I have tested this claim - response times are actually 40% faster (average) than using 2degrees DNS servers for me. This however won't be the same with Spark / BigPipe and potentially Vodafone* due to the fact they don't peer with Cloudflare in Auckland and instead go over to Sydney.

I've switched my DNS servers over to Cloudflare for now - I know it isn't launched but it is indeed resolving DNS. I do like their claims, I do trust them more with their claims than other providers (I know somebody who works for Cloudflare) and personally was using quad9 before due to their no-logging policy.

In the past, I used to use dnscrypt with success. For anyone interested I am currently using this on Linux combined with my local DNS server with Cloudflare's DNS over HTTPS service.

Even though the date is off this actually currently works (and very well with ISP's that peer) - there is a cached page Here.

*Not actually 100% sure if Vodafone peer via APE to Cloudflare yet.

vulcannz

436 posts

Ultimate Geek
Inactive user

#1986665 1-Apr-2018 08:26

I would've expected it to be slower given the HTTPS protocol is going to be far less efficient than UDP.

See here: https://www.dnsv6lab.net/2016/03/05/A-performance-test-of-DNS-over-different-transport-protocol/

Does cloudfare keep an HTTPS tunnel open or something?

freitasm

BDFL - Memuneh
67879 posts

Uber Geek

Administrator

Trusted

Geekzone

Lifetime subscriber

#1987025 2-Apr-2018 08:59

And 1.1.1.1 is live now - Cloudflare blog here.

vulcannz:

I would've expected it to be slower given the HTTPS protocol is going to be far less efficient than UDP.

See here: https://www.dnsv6lab.net/2016/03/05/A-performance-test-of-DNS-over-different-transport-protocol/

Does cloudfare keep an HTTPS tunnel open or something?

By default your system will use the old DNS lookup - unless you have a HTTP client. Developers (OS, browsers) can add this as a feature. Documentation here.

These links are referral codes

vulcannz

436 posts

Ultimate Geek
Inactive user

#1987103 2-Apr-2018 10:30

freitasm:

And 1.1.1.1 is live now - Cloudflare blog here.

vulcannz:

I would've expected it to be slower given the HTTPS protocol is going to be far less efficient than UDP.

See here: https://www.dnsv6lab.net/2016/03/05/A-performance-test-of-DNS-over-different-transport-protocol/

Does cloudfare keep an HTTPS tunnel open or something?

By default your system will use the old DNS lookup - unless you have a HTTP client. Developers (OS, browsers) can add this as a feature. Documentation here.

I understand that, but the UDP based process of each DNS lookup is simply going to be faster than establishing an HTTPS connection (UDP vs TCP, no secure handshake/security negotiation) . So I would expect the only way for it to be faster is if it is opening a persistent HTTPS session to the HTTPS/DNS server.

michaelmurfy

/dev/null
9458 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1987459 3-Apr-2018 10:07

An interesting read: https://medium.com/@nykolas.z/dns-resolvers-performance-compared-cloudflare-x-google-x-quad9-x-opendns-149e803734e5

Cloudflare performs very well compared to the other players. Just note, if you're on Spark, Skinny, BigPipe or Vodafone it is best to use your providers DNS due to their anti-peering policies.