Cloudflare is extending its 220.127.116.11 DNS service with new mobile capabilities it announced on Nov. 11.
The 18.104.22.168 DNS service was first launched on April 1, providing a freely available service to help secure and accelerate DNS lookups. The initial service launch required users to make a change on their own desktop or mobile settings to enable the service. Now Cloudflare is looking to make it easier for mobile users to benefit from the 22.214.171.124 DNS service with a new mobile app.
“We didn’t expect many people to be able to change their DNS manually,” Matthew Prince, CEO of Cloudflare, told eWEEK. “With the app removing that limitation, we expect the increase to be dramatic.”
Most internet traffic from end users first generally looks up the IP address location of a given web domain via DNS. The 126.96.36.199 service promises users a faster DNS lookup than what they might be getting from their local ISP. Cloudflare has also added multiple security capabilities to help make DNS lookups more secure.
The 188.8.131.52 service competes against multiple similar efforts, including Google Public DNS service, Cisco’s OpenDNS and the IBM-backed Quad9 (184.108.40.206).
Prince commented that since the launch of 220.127.116.11 in April, he has been surprised by how many users the service has had, though he declined to provide any specific numbers. In the initial launch, a limited number of routing issues with the 18.104.22.168 address caused it not to work everywhere. According to Prince, the 22.214.171.124 address had been misused for a long time.
“We are proud of the work we’ve done to help the internet community clean it up,” he said. “Most of the issues were there because certain equipment manufacturers or networks use the 126.96.36.199 address for their own purposes, but this is resolved in most cases.”
For the mobile app in particular, Prince said it figures out the IP address that is reachable, which could be one of 188.8.131.52, 184.108.40.206, 2606:4700:4700::1111 and 2606:4700:4700::1001.
“So, even when 220.127.116.11 address is blocked, the mobile app will still work if one of the other IP addresses are reachable,” he said.
A primary element of the 18.104.22.168 service is that it can help to improve privacy. DNS queries can easily be read by ISPs and network operators, which could be a potential privacy risk for end users.
Cloudflare backs an effort known as Encrypted Server Name Indication (ESNI) that aims to help solve part of the DNS privacy challenge. Modern browsers send a piece of metadata in the browser header called Server Name Indication (SNI) that can reveal every site that a user visits, even when the user visits encrypted sites. Cloudflare announced its support for ESNI in September, providing a browser-based mechanism that can be used to secure SNI information.
“ESNI is half of what you need to keep a user’s internet browsing private,” Prince said. “This is the other half.”
The 22.214.171.124 service supports DNS over TLS as well as DNS over HTTPS, which are two methods for sending DNS queries over an encrypted tunnel. Prince explained that DNS runs at a lower level than ESNI, increasing the privacy of all the connections done on your device, including the web requests. He added that it’s up to the web browser if it wants to connect with TLS and if it does use ESNI.
It’s important to note that the 126.96.36.199 service is not a virtual private network) and does not provides an additional layer of encryption for web traffic. The mobile app can be used alongside a VPN app on iOS. However, Prince noted that the APIs provided by Android unfortunately don’t allow it yet.
“Using a personal VPN can increase your security if you don’t use the app, don’t have ESNI or are visiting a site not on Cloudflare,” he said. “Our mission, however, is to make them unnecessary.”
The 188.8.131.52 service also does not provide malware filtering, unlike some of its rivals in the DNS service space, including Quad9 and Cisco.
“We do not believe most consumers want a filtered or blocked DNS,” Prince said. “Our first priority is to provide the fastest and most private service.”
Cloudflare has made the 184.108.40.206 service available to anyone, without cost. Prince said Cloudflare has the benefit of a homogeneous infrastructure all around the world, making supporting a service like 220.127.116.11 very affordable for his company.
“We make it faster each and every month,” he said. “In fact, because of how caching works, each and every new 18.104.22.168 user makes it just a bit faster for all of their fellow users around the world.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.