Cloudflare recently announced the availability of 18.104.22.168, a publicly available, privacy-first domain name server (DNS). I have been using OpenDNS on my routers for years and been quite happy with it. But Cloudflare’s guarantees for logging and support for DNS over TLS and DNS over HTTPS are definitely things I’d like to see supported, so perhaps I’ll give them a try.
Their most significant claim (and the biggest reason to switch) is that
it’s much faster than other domain name servers. I live in Northern
Virginia, so my normal internet browsing is ridiculously low-latency. When
you live tens of miles from one of the largest data center hotspots in the
U.S., you can expect quick response times. If I
ping github.com for
example, I get a response in about 5ms. OpenDNS is about ~7-8ms on average
response times. So I figured I would measure 22.214.171.124:
64 bytes from 126.96.36.199: icmp_seq=5997 ttl=58 time=4.470 ms 64 bytes from 188.8.131.52: icmp_seq=5998 ttl=58 time=5.055 ms 64 bytes from 184.108.40.206: icmp_seq=5999 ttl=58 time=5.089 ms 64 bytes from 220.127.116.11: icmp_seq=6000 ttl=58 time=5.987 ms ^C --- 18.104.22.168 ping statistics --- 6001 packets transmitted, 6001 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 2.496/6.336/313.273/9.857 ms
6.3ms on average is pretty darn good. This measurement was taken ~9-10pm on
a Sunday night, so you might imagine added latency due to streaming video.
I left this
ping running for 1 hour and 40 minutes, and kept on using my
computer like I normally do. There were some odd spikes to 175ms, and even
one to 313ms (!), but overall the performance was stellar. 6.3ms plus or
minus 9.9ms isn’t so bad. (In a much shorter test, OpenDNS’s
22.214.171.124 was 7.7ms plus or minus 11ms, so it is indeed faster).
Reading through some of the comments on the above blog post, you’ll see that some folks are having issues connecting. ISPs (even Comcast in Nashville, apparently) are blocking traffic to 126.96.36.199 (and sometimes the alternative address 188.8.131.52), which is a bummer. YMMV, so before switching over, be sure to test that you can connect. They also have IPv6 addresses:
$ host 1dot1dot1dot1.cloudflare-dns.com 1dot1dot1dot1.cloudflare-dns.com has address 184.108.40.206 1dot1dot1dot1.cloudflare-dns.com has address 220.127.116.11 1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1001 1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1111
This DNS was announced yesterday and while it seems like a great addition to the growing list of DNS alternatives, I think I’ll let others take the leap for a few months before diving in. Shaving 1.1ms on average off my DNS response times likely won’t make a huge difference in my day-to-day browsing. I hope Cloudflare’s new DNS is successful, for the benefit of the whole internet.