Skip to main content

Cloudflare DNS review

Have your cake and eat it too

Cloudflare
(Image: © Cloudflare)

Our Verdict

One of the best public DNS services that scores highly for its independently-audited sensible privacy policy and wonderful performance.

For

  • Focus on privacy
  • Free

Against

  • No manual blocking

The public DNS servers from the well-recognized web-infrastructure company Cloudflare was their first consumer product when it was launched on April Fools Day in 2018. Its reverse proxy and global CDN services make Cloudflare one of the largest web infrastructure providers, which by their own admission put them in the right spot to launch a consumer DNS service. 

Features

Back when it announced the service, Cloudflare praised Google’s Public DNS service, but added that it felt it could do even better, especially with regards to both speed and privacy.

Like its peers, Cloudflare’s is a recursive DNS service as well. As expected, instead of using a centralized cache, the service uses a distributed one for better latency. It’s served by Cloudflare’s Global Anycast Network and is available publicly for everyone to use. 

Cloudflare claims the service has access to the addresses of more than 7 million domain names on the same servers it runs on. Furthermore it’ll answer queries for Cloudflare customers even faster since the resolver and the recursor are now on the same network. This also allows Cloudflare to offer immediate updates without having to wait for TTLs to expire.

Cloudflare 1

(Image credit: Cloudflare )

While IPv6-only networks aren’t the norm yet, if yours is one you can use Cloudflare’s DNS without any issues. That’s because it supports DNS64, which allows it to create IPv6 addresses from IPv4 hosts. Cloudflare also extends its DNS service to resolve addresses over the Tor anonymity network.  

Cloudflare’s DNS service is also an app. You can use the app to switch to Cloudflare’s DNS resolver with a single tap, and it also offers a few other benefits. There’s WARP, a VPN-like feature built using the WireGuard VPN protocol. When enabled it’ll automatically encrypt all your unsecured connections. While you can’t use WARP to bypass geoblocks, it does offer other benefits.

In addition to the main DNS address (1.1.1.1), Cloudflare also has a couple of others that you can use instead to block malware (1.1.1.2) and adult content (1.1.1.3) as well. 

Cloudflare 2

(Image credit: Cloudflare )

Privacy and Security

Cloudflare’s very vocal about its privacy advantages. The company promises to never use your browsing data for targeting ads. In fact, it claims it never writes your IP addresses to disk, and while the service does log some data to prevent abuse and to debug issues, they’re all zapped within 24 hours.

To back their privacy claims, the company has retained the services of auditing firm KPMG to vet their service every year and make their findings public.

The service also makes use of several standards such as DNS Query Name minimization to improve privacy. Furthermore, Cloudflare’s DNS service supports two of the most common DNS security mechanisms, namely DNS-over-TLS and DNS-over-HTTPS.

Cloudflare 3

(Image credit: Cloudflare )

Use and Performance

As already mentioned, Cloudflare’s DNS service has very memorable addresses. The primary address is 1.1.1.1 and the secondary is 1.0.0.1. These addresses will not block any content by design. However if you wish to block malicious content, you can instead use the 1.1.1.2 and 1.0.0.2 addresses. Going further, if you want to even block adult content in addition to malware, you should use the 1.1.1.3 and 1.0.0.3 addresses. 

The easiest place to add these addresses is your router, though as always it’s also a good idea to add these to the settings of the networking gear in all your devices. This ensures these devices continue to use Cloudflare’s DNS even when connected to an untrusted network like in a hotel or a cafe.

You can also use the service via its app that’s currently available for Android and iOS devices. Like we’ve mentioned previously, the highlight of the app is the VPN-like service called WARP. The service uses a freemium model; you can use the standard service for free or pay for WARP+, for a speedier and more reliable connection. The app is currently in beta testing for Windows and MacOS.

Cloudflare 4

(Image credit: Cloudflare )

In terms of performance, as per DNSperf.com, Cloudflare’s DNS service led its peers in all but two regions in August 2020. So while it outperforms the competition in Europe, North America, South America and Oceania, it slips behind Google’s Public DNS in Asia, and is behind DNSFilter in Africa. 

In terms of absolute numbers, the worldwide average query speed of the number 1 ranked Cloudflare DNS in August 2020 is 13.89ms as compared to 22.2ms for the runner up Google Public DNS. The gap gets bigger in Europe where Cloudflare leads with 8.38ms while OpenDNS clocks in at 18.06ms. 

You can also use the DNS Performance Test script to query the popular public DNS services from your location. You can run the bash script without installation in Windows using the WSL compatibility layer. The results of the script will be more relevant to you as compared to the global averages reported by DNSperf.com.

Cloudflare 5

(Image credit: Cloudflare )

Final Verdict

Not only does Cloudflare’s DNS resolver doesn’t cost you anything, the icing on the top is its focus on privacy underlined by the annual third-party audits. You can use the service as a vanilla resolver or with blocks for malicious and adult content that are very smartly offered on separate IP addresses. 

The service’s ad-free app also makes switching to it fairly straightforward and offers the VPN-like service as an optional add-on. 

Cloudflare’s DNS service also performs well in most corners of the world, which leads us to conclude that unless you want to exercise more control over your DNS resolver, Cloudflare’s is surely one of the best freely available options.