What Is A DNS Resolver
A DNS resolver is a server that stores a central database of website names and links them to their respective IP addresses. Without DNS servers, we’d only be able to connect to websites using the IP address of the websites’ servers. Therefore, DNS resolvers make using the web much easier for humans.
However, DNS resolvers have much power, too, in the sense that they could either censor certain websites or they could track what websites users visit. For instance, the Turkish government is known for ordering its ISPs to stop resolving the domain names of particular websites or services. Then, for the vast majority of internet users in Turkey, those sites will be as good as censored.
However, some Turkish users realized how the censorship was being done, and started using other DNS resolvers to visit the censored websites. They even promoted Google’s own DNS resolver, hosted at 8.8.8.8, because of how easy it was to remember.
A “Privacy-First” DNS Resolver
Cloudflare is now launching its competing DNS server, hosted at 1.1.1.1, but according to the company, the service is implemented and operated based on “privacy-first” principles.
Cloudflare said that most DNS servers by default not secure, not encrypted, and they certainly aren’t too privacy-focused. As we’ve seen recently, ISPs have started tracking users’ browsing habits, similarly to Google and Facebook, because all the data goes through their cables. Encrypted data transferred over HTTPS is protected, but if you use the default DNS resolver provided by your ISP, then the ISP will be able to see the requests you make to specific websites.
Cloudflare claimed that its 1.1.1.1 DNS resolver supports encrypted DNS and DNS over HTTPS, and that its data logs are deleted after 24 hours. No user data or IP address is stored.
Matthew Prince, co-founder and CEO of Cloudflare, said:
We think it’s creepy that user data is sold to advertisers and used to target consumers without their knowledge or consent. Frankly, we don’t want to know what people do on the Internet—it’s none of our business—and we’ve designed 1.1.1.1 to ensure that we, along with ISPs around the world, can’t.
Cloudflare also claimed that the 1.1.1.1 DNS resolver is already one of the fastest on the internet. The company plans to eventually lower the latency between any user requesting a website in their browser and its DNS servers to under 10 miliseconds.
APNIC is a non-profit organization that helps Cloudflare operate this service for the Asia-Pacific region. It also provided Clouflare with the easy to remember 1.1.1.1 and 1.0.0.1 IP addresses. Geoff Huston, Chief Scientist at APNIC, said:
At APNIC Labs, we’re aware that the DNS is not always private, fast, or secure, and we’re always looking for ways to improve how it works. We’re working with Cloudflare to refine this basic Internet function so that users have a much more private and faster experience.
How To Set-Up Cloudflare’s 1.1.1.1 DNS Resolver
For the alternate server, Clouflare also provides the 1.0.0.1 address, in case there’s any downtime for the primary one. Cloudflare also chose two IPv6 addresses that only use numbers, again for the sake of simplicity: 2606:4700:4700::1111 and 2606:4700:4700::1001.
The company provides more information on how to set-up its DNS servers at https://1.1.1.1/.
Cloudflare also assured us that the launch of this service is no April Fools prank. The reason for why it chose to launch the service today, on a Sunday, on 4/1/2018 is that the data contains 4/1, which can be read as four 1’s, just like its DNS server address: 1.1.1.1.