What is 1.1.1.1?
1.1.1.1 is a fast and private way to browse the Internet. It is a public DNS resolver, but unlike most DNS resolvers, 1.1.1.1 is not selling user data to advertisers. The implementation of 1.1.1.1 makes it the fastest resolver out there.
What is DNS?
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
What is a DNS resolver?
When a user requests to visit a web application like facebook.com, the user’s computer needs to know what server to connect to so that it can load the application. Computers don’t initially have the necessary information to do this ''name to address'' translation, so they ask a specialized server to do it for them.
This specialized server is called a DNS recursive resolver. The resolver’s job is to find the address for a given name, like 2400:cb00:2048:1::c629:d7a2 for cloudflare.com, and return it to the computer that asked for it.
Computers are configured to talk to specific DNS resolvers, identified by IP address. Usually the configuration is managed by the user’s ISP (like Comcast or AT&T) on home or wireless connections, and by an network administrator on office connections. Users can also manually change which DNS resolver their computers talk to.
Why use 1.1.1.1 instead of an ISP’s resolver?
The main reasons to switch to a third-party DNS resolver are security and performance. ISPs do not always use strong encryption on their DNS or support DNSSEC, which makes their DNS queries vulnerable to data breaches and exposes users to threats like man-in-the-middle attacks. In addition, ISPs often use DNS records to track their users’ activity and behavior. These resolvers don’t always have great speeds and when they get overloaded by heavy usage they become even more sluggish. If there is enough traffic on the network, an ISP’s recursor could stop answering requests altogether. In some cases attackers deliberately overload an ISP’s recursors, resulting in a denial-of-service.
The main reasons to switch to a third-party DNS resolver are security and performance. ISPs do not always use strong encryption on their DNS or support DNSSEC, which makes their DNS queries vulnerable to data breaches and exposes users to threats like man-in-the-middle attacks.
In addition, ISPs often use DNS records to track their users’ activity and behavior. These resolvers don’t always have great speeds and when they get overloaded by heavy usage they become even more sluggish.
If there is enough traffic on the network, an ISP’s recursor could stop answering requests altogether. In some cases attackers deliberately overload an ISP’s recursors, resulting in a denial-of-service.
These downsides and risks of ISP recursors can be mitigated with a secure recursive DNS service like 1.1.1.1. With security features like bleeding-edge encryption and the fastest resolution speeds, 1.1.1.1 provides a better overall user experience.
What makes 1.1.1.1 more secure than other public DNS services?
Some other recursive DNS services may claim that their services are secure because they support DNSSEC. While this is a good security practice, users of these services are ironically not protected from the DNS companies themselves. Many of these companies collect data from their DNS customers to use for commercial purposes. Alternatively, 1.1.1.1 does not mine any user data. Logs are kept for 24 hours for debugging purposes, then they are purged.
Some other recursive DNS services may claim that their services are secure because they support DNSSEC. While this is a good security practice, users of these services are ironically not protected from the DNS companies themselves.
Many of these companies collect data from their DNS customers to use for commercial purposes. Alternatively, 1.1.1.1 does not mine any user data. Logs are kept for 24 hours for debugging purposes, then they are purged.
1.1.1.1 also offers some security features not available from many other public DNS services, such as query name minimization. Query name minimization diminishes privacy leakage by only sending minimal query names to authoritative DNS servers.
What makes 1.1.1.1 the fastest recursive DNS service?
The power of the Cloudflare network gives 1.1.1.1 a natural advantage in terms of delivering speedy DNS queries. Since it has been deployed on Cloudflare’s 1000+ servers worldwide, users anywhere in the world will get a quick response from 1.1.1.1; in addition to this, these servers have access to the over 20 million+ Internet properties on the Cloudflare platform, making queries for those domains lightning-fast.
The best part of 1.1.1.1 is that in addition to being the fastest and most consumer-centered DNS, it's free to use. See how you can setup 1.1.1.1 in 5 minutes.