Cloudflare recently announced the availability of 1.1.1.1, a publicly available, privacy-first domain name server (DNS). I have been using OpenDNS on my routers for years and been quite happy with it. But Cloudflare’s guarantees for logging and support for DNS over TLS and DNS over HTTPS are definitely things I’d like to see supported, so perhaps I’ll give them a try.
Their most significant claim (and the biggest reason to switch) is that
it’s much faster than other domain name servers. I live in Northern
Virginia, so my normal internet browsing is ridiculously low-latency. When
you live tens of miles from one of the largest data center hotspots in the
U.S., you can expect quick response times. If I ping github.com for
example, I get a response in about 5ms. OpenDNS is about ~7-8ms on average
response times. So I figured I would measure 1.1.1.1:
64 bytes from 1.1.1.1: icmp_seq=5997 ttl=58 time=4.470 ms
64 bytes from 1.1.1.1: icmp_seq=5998 ttl=58 time=5.055 ms
64 bytes from 1.1.1.1: icmp_seq=5999 ttl=58 time=5.089 ms
64 bytes from 1.1.1.1: icmp_seq=6000 ttl=58 time=5.987 ms
^C
--- 1.1.1.1 ping statistics ---
6001 packets transmitted, 6001 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.496/6.336/313.273/9.857 ms
6.3ms on average is pretty darn good. This measurement was taken ~9-10pm on
a Sunday night, so you might imagine added latency due to streaming video.
I left this ping running for 1 hour and 40 minutes, and kept on using my
computer like I normally do. There were some odd spikes to 175ms, and even
one to 313ms (!), but overall the performance was stellar. 6.3ms plus or
minus 9.9ms isn’t so bad. (In a much shorter test, OpenDNS’s
208.67.222.222 was 7.7ms plus or minus 11ms, so it is indeed faster).
Reading through some of the comments on the above blog post, you’ll see that some folks are having issues connecting. ISPs (even Comcast in Nashville, apparently) are blocking traffic to 1.1.1.1 (and sometimes the alternative address 1.0.0.1), which is a bummer. YMMV, so before switching over, be sure to test that you can connect. They also have IPv6 addresses:
$ host 1dot1dot1dot1.cloudflare-dns.com
1dot1dot1dot1.cloudflare-dns.com has address 1.0.0.1
1dot1dot1dot1.cloudflare-dns.com has address 1.1.1.1
1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1001
1dot1dot1dot1.cloudflare-dns.com has IPv6 address 2606:4700:4700::1111
This DNS was announced yesterday and while it seems like a great addition to the growing list of DNS alternatives, I think I’ll let others take the leap for a few months before diving in. Shaving 1.1ms on average off my DNS response times likely won’t make a huge difference in my day-to-day browsing. I hope Cloudflare’s new DNS is successful, for the benefit of the whole internet.