How to keep your ISP’s nose out of your browser history with encrypted DNS
"Open" DNS services provide a way of bypassing ISPs' services for reasons of privacy and security—and in some places, evading content filtering, surveillance, and censorship. And on April 1 (not a joke), Cloudflare launched its own new, free high-performance authoritative DNS service designed to enhance users' privacy on the Internet. This new offering also promised a way to hide DNS traffic completely from view—encryption.
Named for its Internet Protocol address, 18.104.22.168 is the result of a partnership with the research group of APNIC, the Asia-Pacific Internet registry. While it's also available as an "open" conventional DNS resolver (and a very fast one at that), Cloudflare is supporting two encrypted DNS protocols.
While executed with some unique Cloudflare flare, 22.214.171.124 isn't the first encrypted DNS service by any means — Quad9, Cisco's OpenDNS, Google's 126.96.36.199 service, and a host of smaller providers support various schemes to encrypt DNS requests entirely. But encryption doesn't necessarily mean that your traffic is invisible; some encrypted DNS services log your requests for various purposes. And most of these services use HTTPS for encryption, which has a heavy overhead.
Cloudflare has promised not to log individuals' DNS traffic and has hired an outside firm to audit that promise. APNIC wants to use traffic data to point to the IP address, which has the unfortunate legacy of being a dumping ground for "garbage" Internet traffic, for research purposes, according to APNIC's Geoff Huston. But APNIC won't have access to the encrypted DNS traffic in this case, either.
For users, taking advantage of encrypted DNS services from Cloudflare or any other privacy-focused DNS services is not as easy as changing a number in network settings. No operating system currently directly supports any of the encrypted DNS services without the addition of some less-than-consumer-friendly software. And not all of the services are created equally in terms of software support and performance.
|How to keep your ISP’s nose out of your browser history with encrypted DNS
Using Cloudflare’s 188.8.131.52, other DNS services still requires some command-line know-how.