Cloudflare’s new DNS service

Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare (the Web Performance & Security Company) is offering a free new DNS service. And it helped me improve the speed of my DNS lookups.

What is DNS?

DNS is short for Domain Name System. It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server.  For example, the IP address for Malwarebytes.com is 104.72.35.176, but rather than typing that into your browser, you just type ‘malwarebytes.com’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system.  Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site. When trying to explain the concept of DNS name resolution I think that finding a phone number for a certain person is a good analogy. There are several ways to find a person’s phone number and the same is true for resolving an IP address that belongs to a domain name.

Which DNS servers am I using now?

If you have to ask yourself that question, there’s a big chance that you are using the DNS service provided by your internet provider. And while some of those are quite good, others are deplorable. Those that have looked into changing their DNS servers have probably ended up using Google’s public DNS or if they were also interested in a web-filter they might have ended up using Cisco’s OpenDNS. IMHO those are the two most popular alternatives for the ones provided by ISPs around the globe, but many more are available.

Why would I change to Cloudflare’s?

We are not saying you should but their claims sound very promising. Even if the differences in speed and privacy are not directly noticeable, you may be convinced by these arguments:

  • Cloudflare’s service is 5 times faster than the average ISP’s (8 milliseconds compared to 70).
  • ISPs do not always use strong encryption on their DNS or support DNSSEC, which makes their DNS queries vulnerable to data breaches and exposes users to threats like man-in-the-middle attacks.
  • Many companies collect data from their DNS customers to use for commercial purposes. Cloudflare promises not to mine any user data. Logs are kept for 24 hours for debugging purposes, then they are purged.
  • Query name minimization diminishes privacy leakage by only sending minimal query names to authoritative DNS servers.

That last one may need some explanation. The less information the DNS servers send to each other to resolve your DNS query, the smaller is the amount of information that would be revealed in case of a leak or breach. This is why servers that use this method only send each other the minimum of information that the receiving server needs.

How to change your DNS servers?

The method to change your DNS servers depends very much on the level at which you want to change them and on the operating system you are using. If you have tried the DNS service and decide that you like it, it might be advisable to change the DNS servers at the router level, so you don’t have to do it for each device separately. To do this successfully your computers and devices need to be set up for DHCP, or they will not even look at the router for DNS information. Lifewire published a guide for the most common routers that might prove to be handy. For mobile devices be aware that they will change DNS servers when they are no longer using your router.

At the device level the OS is the deciding factor on how you can change the DNS servers.

Testing the difference

To check whether it would be a possible speed improvement for you to switch DNS service you can use a free toll called NameBench.

Background information: the NameBench  tool is offered by Google and was launched around the same time that Google started offering their free DNS service.

NameBench can be downloaded from Google Code – there are suitable versions for several operating systems –  and after installation you can specify the DNS servers that you would like it to test.

NameBench GUI

  • Google Public DNS: 8.8.8.8
  • Cloudflare DNS : 1.1.1.1
  • OpenDNS : 208.67.222.123

It does help to set “Your location”, but my laptop travels a lot, so I skipped that. Then “Start Benchmark” and be patient for a while, because it may take a few before the application is done testing (it took almost half an hour on my laptop). The results will have a layout similar to this one:

NameBench report

While your results may be very different from mine, you can tell that it can definitely pay off to do this test if you are looking for a speed improvement.

So, a speed improvement of 13.5 % and a promise of added privacy. What am I going to do? Well, at least I’ll try it for a while to see if it makes a real difference. And note that I already was using an alternative for the DNS service of my provider, which was terrible to begin with.

Summary

For most internet users it is worth looking into which DNS service works best for them. Be it for speed improvement or some of the added benefits that some of these DNS services have to offer, like additional privacy or parental controls. But most will keep on using the ones provided by their ISP provider, because they just can’t be bothered or find it too complicated to change the settings. We do our best to encourage our readers to make informed choices and decide for themselves who they want to trust with the data that can be derived from DNS lookups.

Be safe,

Pieter Arntz



*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Pieter Arntz. Read the original post at: https://blog.malwarebytes.com/101/how-tos/2018/04/cloudflares-new-dns-service/