TidBITS Talk

Cloudflare's free DNS

Classic

List

Threaded

65 messages Options

1234

Rodney

Cloudflare's free DNS

Has anyone looked at this?

https://blog.cloudflare.com/announcing-1111/

I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.

I did try to go to https://1.1.1.1 to learn more, as recommended in the article, but both Safari and Chrome were unhappy about this.

Supposedly, the Cloudflare DNS service is faster than Google and OpenDNS. I wonder how long that’ll be true if the number of users increases. The service was just launched yesterday.

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Paul Chernoff

Re: Cloudflare's free DNS

No problems with going to this web site with Safari 11.1.

We are a Cloud
f
lare customer for our website. They are legit.

From the 1.1.1.1 web site
:

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.

We think that’s gross. If you do too, now there’s an alternative: 1.1.1.1

Who’s behind this?

1.1.1.1 is a partnership between Cloudflare and APNIC.

Cloudflare runs one of the world’s largest, fastest networks. APNIC is a non-profit organization managing IP address allocation for the Asia Pacific and Oceania regions.

Cloudflare had the network. APNIC had the IP address (1.1.1.1). Both of us were motivated by a mission to help build a better Internet. You can read more about each organization’s motivations on our respective posts: Cloudflare Blog / APNIC Blog.

Cloudflare's business is the Internet. The privacy portion is aimed at countries which censor the Internet.

PAUL CHERNOFF

Director of Information Technology

Washingtonian Media

W. 202.862.3504

[hidden email]

1828 L Street, NW, Suite 200, Washington, DC 20036

Washingtonian | Washingtonian Welcome Guide

Washingtonian Bride & Groom | Washingtonian Events | Washingtonian Custom Media

We are a WBENC Certified WBE/WOSB.

On Mon, Apr 2, 2018 at 8:48 AM, Rodney <[hidden email]> wrote:

Has anyone looked at this?

https://blog.cloudflare.com/announcing-1111/

I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.

I did try to go to https://1.1.1.1 to learn more, as recommended in the article, but both Safari and Chrome were unhappy about this.

Supposedly, the Cloudflare DNS service is faster than Google and OpenDNS. I wonder how long that’ll be true if the number of users increases. The service was just launched yesterday.

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Fritz Mills

Re: Cloudflare's free DNS

In reply to this post by Rodney

On Apr 2, 2018, at 7:48 AM, Rodney <[hidden email]> wrote:

Has anyone looked at this?

https://blog.cloudflare.com/announcing-1111/

I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.

I did try to go to https://1.1.1.1 to learn more, as recommended in the article, but both Safari and Chrome were unhappy about this.

Supposedly, the Cloudflare DNS service is faster than Google and OpenDNS. I wonder how long that’ll be true if the number of users increases. The service was just launched yesterday.

Softonic offers a free download of Namebench, a utility that compares thousands of DNS servers and determines which are the fastest for your location.

https://namebench.en.softonic.com/mac

Rodney

Re: Cloudflare's free DNS

In reply to this post by Paul Chernoff

On Apr 2, 2018, at 16:13, Paul Chernoff <[hidden email]> wrote:

No problems with going to this web site with Safari 11.1.

The article I linked to said, "Visit https://1.1.1.1/ from any device to get started with the Internet's fastest, privacy-first DNS service.” When I try, both Safari and Chrome complained loudly about the site. Safari says it isn’t secure, and Chrome wants a certificate before letting me access it. I haven’t tried any Windows browsers.

They are legit.

I’m aware that they’re legit. However, Google and Facebook are also “legit”. I have minor issues with the former and major issues with the latter. There ain’t no such thing as a free lunch. I’d like to see how Cloudflare monetizes their “free” service before going with them. This seems to be a moot point since I can’t even access their web site. My ISP may be causing me grief. I don’t know.

Franconi Enrico

Re: Cloudflare's free DNS

On 2 Apr 2018, at 17:57, Rodney <[hidden email]> wrote:

The article I linked to said, "Visit https://1.1.1.1/ from any device to get started with the Internet's fastest, privacy-first DNS service.” When I try, both Safari and Chrome complained loudly about the site. Safari says it isn’t secure, and Chrome wants a certificate before letting me access it.

This is extremely bizzarre. I don't get any warning for this website neither from Safari nor from Chrome.

--e.

Rodney

Re: Cloudflare's free DNS

On Apr 2, 2018, at 18:04, Franconi Enrico <[hidden email]> wrote:

This is extremely bizzarre. I don't get any warning for this website neither from Safari nor from Chrome.

When I try from my iPhone, I get, “Safari cannot open the page because the network connection was lost.”

When I try from Safari on my iMac I get, “This connection is not private. Someone may be impersonating ‘1.1.1.1’ to steal your personal or financial information. You should close this page."

Rodney

Re: Cloudflare's free DNS

> On Apr 2, 2018, at 18:13, Rodney <[hidden email]> wrote:

> When I try from Safari on my iMac I get, “This connection is not private. Someone may be impersonating ‘1.1.1.1’ to steal your personal or financial information. You should close this page.”

The error I get on Windows 7 from Internet Explorer is:

There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Mr. Seth Anderson

Re: Cloudflare's free DNS

In reply to this post by Rodney

On Apr 2, 2018, at 11:13 AM, Rodney <[hidden email]> wrote:

When I try from my iPhone, I get, “Safari cannot open the page because the network connection was lost.”

When I try from Safari on my iMac I get, “This connection is not private. Someone may be impersonating ‘1.1.1.1’ to steal your personal or financial information. You should close this page."

I don’t get any error messages either. What are your current DNS settings (I have been using Google’s 8.8.8.8 settings for a while)? Maybe it is your ISP blocking it (some sort of net neutrality related issue) ?

-Seth Anderson

often found at

http://www.b12partners.net/wp/

Fearghas McKay

Re: Cloudflare's free DNS

In reply to this post by Rodney

> On 2 Apr 2018, at 11:57, Rodney <[hidden email]> wrote:
>
> I’d like to see how Cloudflare monetizes their “free” service before going with them. This seems to be a moot point since I can’t even access their web site. My ISP may be causing me grief. I don’t know.

Their stated position is that it helps their web serving business if people have better DNS - http://blog.cloudflare.com/1111

See http://archive.is/psEJ9 for the post discussion why what etc.

f

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Rodney

Re: Cloudflare's free DNS

In reply to this post by Mr. Seth Anderson

On Apr 2, 2018, at 18:34, Mr. Seth Anderson <[hidden email]> wrote:

I don’t get any error messages either. What are your current DNS settings (I have been using Google’s 8.8.8.8 settings for a while)?

I can’t change the DNS settings on the modem/router my ISP provides, but I did try changing them on my iMac and in a Windows 7 VM running on my iMac, and neither worked.

Maybe it is your ISP blocking it (some sort of net neutrality related issue) ?

We supposedly have net neutrality around here, but it does appear that my ISP or my local router is doing something strange. I disabled Wi-Fi on my iPhone, and I could then access the site without a problem (same ISP).

TidBITS Talk mailing list

Re: Cloudflare's free DNS

In reply to this post by Rodney

When I try it, I get a warning saying from yahoo mail saying:

Warning! It appears that you are about to access a website that has non-standard web address format Such sites may contain harmful entities such as viruses. We recommend you use extreme caution.

I click on ok and the site comes up fine in Chrome which is my default browser. When I open Safari and copy in the link, it opens fine.

This has all be done on my iMac using the latest updates to High Sierra, 10.13.4.

Betty Fellows

Platinum Plus Results

Phone:<a href="tel:650-364-4134" style="color:#545454;text-decoration: none; font-size: 12px;"> 650-364-4134 || Email:[hidden email]

From: Rodney <[hidden email]>
To: TidBITS Talk <[hidden email]>
Sent: Monday, April 2, 2018 9:24 AM
Subject: Re: Cloudflare's free DNS

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email]
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Richard Rettke-2

Re: Cloudflare's free DNS

In reply to this post by Franconi Enrico

On 2 Apr 2018, at 11:04, Franconi Enrico [hidden email] wrote:

The article I linked to said, "Visit https://1.1.1.1/ from any device to get started with the Internet's fastest, privacy-first DNS service.” When I try, both Safari and Chrome complained loudly about the site. Safari says it isn’t secure, and Chrome wants a certificate before letting me access it.

I'm running Sierra & Safari 11.1
I have no problem accessing 1.1.1.1 and it is secure with a certificate.

--
Richard Rettke
Laus Deo
Non sibi sed patriae

About Me

Richard Rettke-2

Re: Cloudflare's free DNS

In reply to this post by Rodney

On 2 Apr 2018, at 11:13, Rodney [hidden email] wrote:

When I try from my iPhone, I get, “Safari cannot open the page because the network connection was lost.”

When I try from Safari on my iMac I get, “This connection is not private. Someone may be impersonating ‘1.1.1.1’ to steal your personal or financial information. You should close this page."

I'm running Sierra & Safari 11.1 on an iMac & iOS 11.3 on an iPhone.
I have no problem accessing 1.1.1.1 and it is secure with a certificate on both platforms.

--
Richard Rettke
Laus Deo
Non sibi sed patriae

About Me

Marilyn Matty

Re: Cloudflare's free DNS

In reply to this post by Rodney

On Apr 2, 2018, at 8:48 AM, Rodney <[hidden email]> wrote:

Has anyone looked at this?

https://blog.cloudflare.com/announcing-1111/

I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.

To paraphrase Dire Straits, you don't get your money for nothing and your clicks for free. The only thing I can figure out from their website is that might be bait to sell other services.

But something else in the description is a deal killer for me:

"While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would."

Waiting over a year for the results of an audit? Even if I knew something about Cloudfare, which I don't, I think this is something to be concerned about.

Marilyn

Rodney

Re: Cloudflare's free DNS

On Apr 2, 2018, at 20:42, Marilyn Matty <[hidden email]> wrote:

Waiting over a year for the results of an audit? Even if I knew something about Cloudfare, which I don't, I think this is something to be concerned about.

How long do you wait for an audit from your current service provider?

Marilyn Matty

Re: Cloudflare's free DNS

On Apr 2, 2018, at 2:48 PM, Rodney <[hidden email]> wrote:

On Apr 2, 2018, at 20:42, Marilyn Matty <[hidden email]> wrote:

Waiting over a year for the results of an audit? Even if I knew something about Cloudfare, which I don't, I think this is something to be concerned about.

How long do you wait for an audit from your current service provider?

I don't because I know they are tracking me. My ISP is also my cable TV provider, and like other cable, FIOS and satellite providers, they also track what their customers watch on TV and when they watch it so they can target and sell ads more effectively. The difference is that I know they are constantly auditing security, and I've gotten notices about potential problems in the past.

Marilyn

Rodney

Re: Cloudflare's free DNS

On Apr 2, 2018, at 21:41, Marilyn Matty <[hidden email]> wrote:

The difference is that I know they are constantly auditing security, and I've gotten notices about potential problems in the past.

Well no, you don’t know they are constantly auditing security. You just assume they are constantly auditing security because you’ve gotten notices in the past.

Cloudflare is also, according to their TOS, constantly auditing security. The difference between them and your cable provider is that they promise to bring in an outside auditor once a year to verify that they’re indeed constantly auditing security. That’s once a year more often than your cable provider does this.

Fearghas McKay

Re: Cloudflare's free DNS

In reply to this post by Marilyn Matty

> On 2 Apr 2018, at 14:42, Marilyn Matty <[hidden email]> wrote:
>
>
> Waiting over a year for the results of an audit? Even if I knew something about Cloudfare, which I don't, I think this is something to be concerned about.
>

Would you they waited for 20 minutes and issued a report stating that they were happy with the processes being carried out and everything is ok ?

The aim of the annual report is to show that the commitments being made are being kept on an ongoing basis.

There are two partners in this project - Cloudflare who are providing the infrastructure and service on one side, the IP address space and research analysis comes from APNIC which is the Asia Pacific Network Information Centre, one of the Regional Internet Registries, an equivalent to ARIN for folk who handle IP address space and resources. APNIC is part of the community, their research people are respected worldwide and they have the ability to pull the plug if Cloudflare misbehave. There checks and balances in this program.

Geoff Huston APNIC’s Chief Scientist did a blog post about it giving more background - https://blog.apnic.net/2018/04/02/apnic-labs-enters-into-a-research-agreement-with-cloudflare/

Have a read, it clear shows what they are trying to research along with improving better DNS infrastructure for everyone. If you get a chance to watch a video of any of Geoff’s talks they are always interesting, well done and popular. He is in high demand for the quality of his internet research and the quantity of it, he has standing invitations to most Network Operator Group meetings since he always has something to say that is interesting.

HTH

f

PS obvious disclaimer I know a lot of folk at CloudFlare & APNIC.

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Ron Risley

Re: Cloudflare's free DNS

In reply to this post by Rodney

> On Apr 2, 2018, at 05:48, Rodney <[hidden email]> wrote:
>
> I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.
>

I have ambivalence about Cloudflare. Tor is one of the most important privacy tools on the net, and Cloudflare is one of the biggest impediments to using Tor. They block Tor for most of their users.

http://sec.cs.ucl.ac.uk/users/smurdoch/papers/ndss16doyousee.pdf

They've been disingenuous about it. At first, they denied that they block Tor at all. When thousands of Tor users disputed that, they blamed their users for not configuring their systems properly. Eventually, they admitted that Cloudflare "sometimes" blocks Tor, claiming that 94% of traffic from Tor exit nodes is malicious. They have never been able to back up that claim, which credible researcher dispute.

https://resources.distilnetworks.com/all-blog-posts/cloudflare-vs-tor-is-ip-blocking-causing-more-harm-than-good

https://blog.torproject.org/blog/trouble-cloudflare

https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf

Cloudflare claim they're offering this service to create a "more private internet," yet they block one of the most powerful and pervasive privacy tools. I use Tor to protect my patients' confidentiality, and in my experience Cloudflare creates a significant barrier to its effective use.

I question their motives.

--Ron

____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Travis Butler

Re: Cloudflare's free DNS

In reply to this post by Marilyn Matty

On Apr 2, 2018, at 1:42 PM, Marilyn Matty <[hidden email]> wrote:

On Apr 2, 2018, at 8:48 AM, Rodney <[hidden email]> wrote:

Has anyone looked at this?

https://blog.cloudflare.com/announcing-1111/

I have heard of Cloudflare, so I’m not as skeptical as I’d normally be, but I won’t be completely comfortable until I figure out what’s in it for Cloudflare.

To paraphrase Dire Straits, you don't get your money for nothing and your clicks for free. The only thing I can figure out from their website is that might be bait to sell other services.

Cloudflare’s big thing is providing reliable service to customers being targeted by denial-of-service and similar internet attacks. So in that context, I can see where running a free DNS service is a good loss-leader; you’re not just proclaiming a commitment to open internet access by providing an uncensored DNS service, you’re demonstrating that you can run a service that can stand up to sustained hacking attempts.

With any free service, I ask myself 'What are their motives in providing this, and am I OK with them?' This is one of the less problematic examples of a free service that I’ve seen - with their stock-in-trade being reliable and protected internet service, and the free DNS service being a demonstrator of same, the motives are aligned towards providing what they’re claiming.* But it’s still a free service, and subject to one of the other major problems of free services - if the motive for providing them goes away, so does the service. The good thing is that if they do decided to shut it down, you don’t lose much; just switch back to the DNS server you were using.

*(Google introduced their free DNS service claiming the same 'reliable internet benefits everyone including us' motive; but since their business is built on analyzing and profiling customers to improve advertising, the accusation that they’re using DNS requests to track the websites their users are visiting has some plausibility.)

But something else in the description is a deal killer for me:

"While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would."

Waiting over a year for the results of an audit? Even if I knew something about Cloudfare, which I don't, I think this is something to be concerned about.

I’d say being audited *at all* is a major improvement. To the best of my knowledge, none of the alternatives - not Google’s free DNS service, not OpenDNS, not any of the major ISPs' DNS - has a third-party auditor checking up on the way they run their service.

Travis Butler
The Wandering Powerbook
[hidden email]

...Cats are the proof of a higher purpose to the universe.

1234