Video: Net neutrality explained with beer
Cloudflare is an old hand at speeding up corporate internet services with its content delivery network (CDN). The company is also a pro at blocking Distributed Denial of Service (DDoS) attacks. Now, with its new 1.1.1.1 public Domain Name System (DNS) resolver, it can speed up and secure your web browsing, as well.
Also: Cloudflare's new DNS attracting 'gigabits per second' of rubbish
DNS is the Internet's master phone book. It turns human-readable domain names, such as cbsinteractive.com, into Internet Protocol (IP) addresses such as 64.30.228.118. For all practical purposes, every time you go anywhere on the internet, you start by interacting with DNS.
Read also: Cloudflare's free network monitoring mobile SDK open to all developers
This takes time. A complex webpage can require multiple DNS lookups -- one for the text, another for an image, another for an ad on the page, and so on -- before your page loads. Each DNS lookup takes an average of 32 milliseconds (ms). That really slows down many websites. So, when you speed up your DNS lookups, you'll get faster internet performance.
There have been fast DNS services for years to help you. My favorites are Cisco OpenDNS and Google Public DNS. According to Olafur Gudmundsson, Cloudflare's director of engineering, Cloudflare's 1.1.1.1 will be faster than the others because "we are already building data centers all over the globe to reduce the distance (i.e. latency) from users to content. Eventually we want everyone to be within 10 milliseconds of at least one of our locations."
Read also: SpaceX's Starlink takes a big step forward in delivering internet from the sky
In addition, the Cloudflare public DNS resolver uses the open-source Knot Resolver. This has aggressive caching and "negative caching" to improve performance. The first uses a distributed cache to improve the odds that, when you search for a popular site, Knot will already have the IP address ready to deliver to you. The second, based on RFC 8198, caches popular mistakes --wwww instead of www for example -- so minimal time is used in returning an error message.
While 1.1.1.1 is fast, it's biggest improvements comes with protecting your privacy. When the Federal Communications Commission gutted net neutrality, it also opened the door for ISPs to track all your internet searches. ISPs can, and are, selling your browsing data.
What can you do about it? One solution is to use a virtual private network (VPN). Another is to stop using your ISP's DNS service and switch to an independent DNS resolver.
What 1.1.1.1 brings to the table, that the others haven't, is a focus on user privacy.
Read also: Cloudflare emerges triumphant in Blackbird patent lawsuit
To do this, Cloudflare has committed itself to never using DNS browsing data to target ads, The company has also committed to never recording your IP address and wiping all DNS logs within 24 hours. You don't need to take its word for it. Cloudflare has contracted KPMG, the well-respected auditing firm, to annually audit its code and practices and publish a public report confirming it's keeping its word.
Technically, Cloudflare is also protecting your privacy by adding support for DNS-over-TLS and DNS-over-HTTPS. DNS-over-TLS takes the existing, insecure DNS protocol and adds transport layer encryption. DNS-over-HTTPS includes not only securit, it also supports forthcoming internet protocols such as Quick UDP Internet Connections (QUIC) and HTTP/2 Server Push.
So, do you want faster, more secure DNS? Here's how to make 1.1.1.1 work for you.
Router
If you're using a router for your office network DNS settings -- and you probably are -- log in and find your DNS server settings. Once there, note down your existing DNS records and replace them with the following:
That's it. The next time your computers look up a website, they'll use the 1.1.1.1 DNS services.
Windows
With Windows, click on the Start menu, then click on Control Panel, and do the following:
MacOS
For macOS, open System Preferences, and then do the following:
Linux
With Linux, use Network Manager. There, click the IPv4 or IPv6 tab to view your DNS settings, and then do the following steps:
iPhone
From your iPhone's home screen, open the Settings app.
Android
On Android, it's far harder to set up DNS than with other operating systems.
The easiest way, which works across most Android devices, is to install DNS Changer. This works by creating a local VPN work on your device. This VPN only exists within your device and your mobile or Wi-Fi connection. To use it, you place 1.1.1.1 and 1.0.0.1 in as your DNS entries.
Read also: How Cloudflare uses lava lamps to encrypt the Internet
Can your ISP still snoop on you? You bet. But, it'll have to go to some trouble instead of simply grabbing the low-hanging fruit of your DNS searches. Using 1.1.1.1 gives you more privacy protection, but it's not perfect.