Cloudflare recently announced the availability of 184.108.40.206, a publicly available, privacy-first domain name server (DNS). I have been using OpenDNS on my routers for years and been quite happy with it. But Cloudflare’s guarantees for logging and support for DNS over TLS and DNS over HTTPS are definitely things I’d like to see supported, so perhaps I’ll give them a try.
Their most significant claim (and the biggest reason to switch) is that
it’s much faster than other domain name servers. I live in Northern
Virginia, so my normal internet browsing is ridiculously low-latency. When
you live tens of miles from one of the largest data center hotspots in the
U.S., you can expect quick response times. If I
ping github.com for
example, I get a response in about 5ms. OpenDNS is about ~7-8ms on average
response times. So I figured I would measure 220.127.116.11:
64 bytes from 18.104.22.168: icmp_seq=5997 ttl=58 time=4.470 ms 64 bytes from 22.214.171.124: icmp_seq=5998 ttl=58 time=5.055 ms 64 bytes from 126.96.36.199: icmp_seq=5999 ttl=58 time=5.089 ms 64 bytes from 188.8.131.52: icmp_seq=6000 ttl=58 time=5.987 ms ^C --- 184.108.40.206 ping statistics --- 6001 packets transmitted, 6001 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 2.496/6.336/313.273/9.857 ms
6.3ms on average is pretty darn good. This measurement was taken ~9-10pm on
a Sunday night, so you might imagine added latency due to streaming video.
I left this
ping running for 1 hour and 40 minutes, and kept on using my
computer like I normally do. There were some odd spikes to 175ms, and even
one to 313ms (!), but overall the performance was stellar. 6.3ms plus or
minus 9.9ms isn’t so bad. (In a much shorter test, OpenDNS’s
220.127.116.11 was 7.7ms plus or minus 11ms, so it is indeed faster).
Reading through some of the comments on the above blog post, you’ll see that some folks are having issues connecting. ISPs (even Comcast in Nashville, apparently) are blocking traffic to 18.104.22.168 (and sometimes the alternative address 22.214.171.124), which is a bummer. YMMV, so before switching over, be sure to test that you can connect. They also have IPv6 addresses:
$ host 1dot1dot1dot1.cloudflare-dns.com 1dot1dot1dot1.cloudflare-dns.com has address 126.96.36.199 1dot1dot1dot1.cloudflare-dns.com has address 188.8.131.52 1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1001 1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1111
This DNS was announced yesterday and while it seems like a great addition to the growing list of DNS alternatives, I think I’ll let others take the leap for a few months before diving in. Shaving 1.1ms on average off my DNS response times likely won’t make a huge difference in my day-to-day browsing. I hope Cloudflare’s new DNS is successful, for the benefit of the whole internet.