Cloudflare's 1.1.1.1 DNS Passes Privacy Audit, Some Issues Found

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Which one is better for DNS? Lower TTL or Higher TTL?
Thanks for asking, I had to google it and it seems, that zero would be the best option, from the privacy perspective, since TTL = DNS Cache.
All DNS records have a TTL (Time To Live) property, specifying the maximum amount of time other DNS servers and applications may cache the record.

Setting a DNS record's TTL value to zero, means that applications and DNS servers must not cache the record.

When a DNS record is stored in the cache of a DNS server, the record's TTL is continuously reduced as time go by, and when the TTL finally reaches zero the record is removed from the cache.
 

Attachments

  • capture_04102020_124922.jpg
    capture_04102020_124922.jpg
    124.3 KB · Views: 131

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Thanks for asking, I had to google it and it seems, that zero would be the best option, from the privacy perspective, since TTL = DNS Cache.
Ok so from privacy point of view lower TTL is better but in terms of speed higher TTL may have some performance advantage!
In my screenshot the lower 58 TTL was from Cloudflare DNS and the higher 108 is from Google DNS.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
Cloudflare DNS users please read

Cloudflare intercepts into TLS (MITM the connection)


The Great Cloudwall

I don't trust Cloudflare too much, Facebook banned me for posting a screenshot trying to access the results website during my country's presidential elections using a domestic IP vs US VPN. The first one failed and threw random error codes but the second one worked and the votes were erratically changing to benefit the official candidate, that night they blocked Ecuadorian people from knowing the truth.

PD: I don't want this thread to become political but just saying
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
I don't trust Cloudflare too much, Facebook banned me for posting a screenshot trying to access the results website during my country's presidential elections using a domestic IP vs US VPN. The first one failed and threw random error codes but the second one worked and the votes were erratically changing to benefit the official candidate, that night they blocked Ecuadorian people from knowing the truth.

PD: I don't want this thread to become political but just saying
Well just don't use Facebook other than work if it's required.
And any free DNS provider won't give a dam about your privacy other than using it as a marketing gimmick.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Gave DNSJumper a shot. Personally I prefer the GRC DNSbench. I don’t need software to change DNS settings as I don’t do that often and usually use my router as the source for DNS resolution. Anyway, 1.1.1.1 bounces between being the fastest and falling to the middle of the pack for me. I like it, and may give it a shot again. Though with my browsing habits caching generally has me covered.
Revisiting this old post. The GRC DNSbench seems broken in W10 2004. At least that's the only issue I can think of. It gives really high response times for all providers. For now I'll just test with DNSJumper.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Revisiting this old post. The GRC DNSbench seems broken in W10 2004. At least that's the only issue I can think of. It gives really high response times for all providers. For now I'll just test with DNSJumper.
It's probably better to manually just test via the ping command on cmd. I think most DNS testing apps simply check the ping of the DNS server like 1.1.1.1. But sometimes that may not give the accurate result. Getting the real ip address from a site like this and then check the ping of that server via cmd.
In my case, simply pinging 8.8.8.8 gives me the lowest latency but if I check the actual server it's connecting me to then it becomes worse.
But for me this difference only happens for google DNS.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top