Page 1 of 2

New secure DNS provider

Posted: 08 Apr 2018, 14:25
by viking60
The Domain name system /DNS) is the phone book of the Internet.
It translates ams15s22-in-x0e.1e100.net to Google and it does so openly without encryption in most cases,

So no matter how safe your Internet traffic is your provider can easily read, store and share your Internet history with anyone.

Now most Internet providers say that they do not do that and in any case they are exceptionally trustworthy.... :liar:

So I have used DNScrypt for some time to prevent those trustworthy guys from reading my every internet surfing.

You will remember that lots of Facebook data landed in Cambridge - and the DNS would have been a great help there.

The problem is that some of the providers say that they do not store anything but we have no way of knowing if that is the case.

In comes Cloudflare with a new set of DNS that secures that you can use their name-servers and that nothing will be stored and logged.

Cloudflare has a history of promoting privacy but in principle this does not set them off from all the other providers that claim not to store anything.

But they have gone a step further and have engaged the Auditor KPMG to control and supervise that this is actually the case - that is as secure as it gets
Frankly, we don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.

. :B

So drop Googles 8.8.8.8 and 8.8.4.4 and replace them with 1.1.1.1 and 1.0.0.1

In Linux you can enter the namservers directly in /etc/resolv.conf or enter the namservers in the Networkmanager,
:A
https://1.1.1.1/

This is easier than implementing Dnscrypt - a project that is experiencing some problems these days...

Re: New secure DNS provider

Posted: 08 Apr 2018, 15:20
by R_Head
Nice !!! :s

Re: New secure DNS provider

Posted: 09 Apr 2018, 12:54
by viking60
Yes they seem OK but it is not perfect.
Cloudflare will store data permanently including:
Aggregate List of All Domain Names Requested, and timestamp of first time requested

However they will remove your IP from these data and anonymize them.
All information collected by Cloudflare, no matter whether such information is part of Cloudflare’s temporary or permanent logs, will be cleansed of any personally identifiable data (including IP addresses). Additionally information that is stored as part of Cloudflare’s permanent logs will be further anonymized.


The good (and new) thing is that this will be audited so we are not simply left to trust them.

The main reason for concern is that Cloudflare is a US company and can be instructed and gagged as we have seen in several cases.
There is nothing Cloudflare can do about that and that makes them somewhat insecure despite all the good intentions.

The sad thing is that the US agencies have made it impossible to trust US Tech companies.

The Auditor -KPMG- is an international network that cannot be said to be under US control though.
In any case it is in the DNA of every Audit company to follow and audit according to each nations laws. If there are any laws that allow the US government to steal our private surfing data and to gag anybody with knowledge - then KPMG will be gagged too.

Re: New secure DNS provider

Posted: 13 Apr 2018, 08:56
by viking60
If you use Dnsmasq then you can add the DNS by adding:

Code: Select all

server=1.1.1.1
server=1.0.0.1

to /etc/dnsmasq.conf
Remember to restart the service:

Code: Select all

sudo systemctl restart dnsmasq


You can check that it works on https://dnsleaktest.com/

(Cloudflare with dnsmasq as cache is really fast)

Re: New secure DNS provider

Posted: 14 Apr 2018, 10:54
by Blackcrack
done :) Thy :smug

Re: New secure DNS provider

Posted: 15 Apr 2018, 10:33
by viking60
:s

Re: New secure DNS provider

Posted: 23 Sep 2018, 08:38
by kennethhall
Very useful infor...Nice :s

Re: New secure DNS provider

Posted: 25 Nov 2018, 18:31
by dedanna1029
WOW. Cloudflare has a phone app, too! NICE! I wonder if it might help with battery drain at all. We'll see.

Re: New secure DNS provider

Posted: 10 Jan 2019, 15:47
by zubiapeter
I think that's a constructive step towards the security of domains.

Re: New secure DNS provider

Posted: 11 Feb 2019, 19:35
by dedanna1029
Results of the test from my phone. Since I'm not savvy on a lot of this, I need some 'splainin', please. I use Opera for the browser on my phone (not Mini), so I'm wondering if this is how it should be. This is while 1.1.1.1 is running. If it's not as it should be, please tell me what I need to do. Thanks!

Image

Image

Re: New secure DNS provider

Posted: 13 Mar 2019, 16:10
by viking60
I wonder if Opera comes with its own free VPN :think:
Can you test in another browser?

Re: New secure DNS provider

Posted: 13 Mar 2019, 18:32
by Blackcrack
Cloudflare DNSv4-Server: 1.1.1.1
Cloudflare DNSv4-Server: 1.0.0.1
For IPv4: 1.1.1.1, 1.0.0.1
IP6 Address: 2606:4700:4700:0:0:0:0:1111
IP6 Address: 2606:4700:4700:0:0:0:0:1001