- Aug 30, 2012
- 6,598
In a kind of a PR nightmare, but also for the good reason of exercising its geek side, Cloudflare announced today its first consumer product ever, the 1.1.1.1 DNS service. The reason for choosing such a suspicious date for releasing this service comes from the fact that 1.1.1.1 has four numbers one, therefore 4/1 was "the date we needed to launch it", according to Matthew Prince, CEO and co-founder of Cloudflare. So rest assured - it is not a prank!
Focused on speed and privacy, 1.1.1.1 harnesses the power of the huge and widely distributed infrastructure built worldwide by Cloudflare to provide the fastest DNS service to date, according to DNSPerf, and as can be seen from the image below. If that's not enough, Cloudflare consulted with browser manufacturers to understand their needs for a DNS service, with a resounding answer: privacy.
Browser manufacturers suggested Cloudflare should not keep transaction logs for longer than a week. But since the company's business model does not require it to harvest users' data, it has decided to go a step further and not even write the querying IP addresses to disk, wiping all the logs within 24 hours. Such a move blocks Cloudflare from building a detailed profile on each 1.1.1.1 user based on every website visited, as most - if not all of the other DNS services around the world - do. Also, Cloudflare's DNS service supports both DNS-over-TLS and DNS-over-HTTPS protocols, two new approaches with the target of increasing DNS resolving security.
Of course, in a time when people are increasingly suspicious of tech companies, it is good to ask why Cloudflare would build such a service without the chance to monetize it. According to Matthew Prince, it is the company's mission "to help build a better internet", so tackling performance and privacy issues on the heart of the web would be the right approach for this.
Furthermore, the company highlights the fact that if you are a Cloudflare Authoritative DNS customer, using 1.1.1.1 increases the speed of answering queries, since both the resolver and the recursor are now on the same network and running on the same hardware.