←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 9 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source | bottom
Show context
ajross ◴[01 Apr 18 12:37 UTC] No.16727942[source]
This is the Cloudflare resolver, right? What's the "privacy-first" part about? It's just another third party DNS host. They haven't changed the protocol to be uninspectable and AFAIK haven't made any guarantees about logging or whatnot that would enhance privacy vs. using whatever you are now. This just means you're trusting Cloudflare instead of Comcast or Google or whoever.
replies(8): >>16727953 #>>16727957 #>>16727960 #>>16727965 #>>16727968 #>>16727969 #>>16727975 #>>16727978 #
yjftsjthsd-h ◴[01 Apr 18 12:40 UTC] No.16727968[source]
On the contrary, they've taken 2 big steps that are better than ISPs (not sure about Google):

* no logging

* DNS over HTTPS

replies(2): >>16728011 #>>16728249 #
therealmarv ◴[01 Apr 18 12:51 UTC] No.16728011[source]
Google is one of the first ones using DNS over HTTPS.

BTW if you want to use DNS over HTTPS on Linux/Mac I strongly recommend dnscrypt proxy V2 (golang rewrite) https://github.com/jedisct1/dnscrypt-proxy and put e.g. cloudflare in their config toml file to make use of it.

replies(2): >>16728137 #>>16733185 #
cptskippy ◴[01 Apr 18 13:22 UTC] No.16728137[source]
The whole point of encrypting DNS traffic is to hide it from the likes of Google.
replies(1): >>16728286 #
akquise ◴[01 Apr 18 14:01 UTC] No.16728286[source]
For me personally it is much more important to hide my DNS traffic from my ISP instead of Google, etc., even though I don't live in the US.

I pay them to access the internet, every further information they gather about my internet activity does not mean any benefit for me.

replies(2): >>16728551 #>>16728649 #
1. opencl ◴[01 Apr 18 14:49 UTC] No.16728551[source]
Hiding DNS traffic from your ISP is pointless when you have to give them the IP that gets resolved anyway for them to route your traffic.
replies(1): >>16728671 #
2. markonen ◴[01 Apr 18 15:14 UTC] No.16728671[source]
Not really. Typically the query includes much more information (the site you want to visit) than the response (an IP potentially shared by thousands or millions of sites).
replies(2): >>16728750 #>>16728762 #
3. pfg ◴[01 Apr 18 15:28 UTC] No.16728750[source]
You're still leaking that information due to SNI.
4. xioxox ◴[01 Apr 18 15:30 UTC] No.16728762[source]
Even with https, the name of the site is sent in clear when the connection to the site is established (this is SNI).
replies(1): >>16728892 #
5. markonen ◴[01 Apr 18 15:54 UTC] No.16728892{3}[source]
Back when they chose this design for SNI, I’m sure someone argued that it was fine because DNS had already leaked the hostname anyway :)
replies(2): >>16729048 #>>16731895 #
6. tialaramex ◴[01 Apr 18 16:23 UTC] No.16729048{4}[source]
It's really hard to fix this. https://datatracker.ietf.org/doc/draft-ietf-tls-sni-encrypti... is the state of the art -- note that's a Draft, and really, really not finished, help is doubtless welcome.

If it was easy, it would have been done during the TLS 1.3 process, but after a lot of discussion we're down to basically "Here is what people expect 'SNI encryption' would do for them, here's why all the obvious stuff can't achieve that, and here are some ugly, slow things that could work, now what?"

replies(1): >>16731123 #
7. dfox ◴[01 Apr 18 23:23 UTC] No.16731123{5}[source]
It is hard because of the TLS's pre-PFS legacy and to some extent also because of (very meaningful) intention to reduce roundtrips. The way to do SNI-like stuff is obvious: negotiate unauthenticated encrypted channel (by means of some EDH variant, you need one roundtrip for that) and perform any endpoint authentication steps inside that channel. This is what SSH2 does and AFAIK Microsoft's implementation of encrypted ISO-on-TCP (eg. rdesktop) does something similar.

Edit: in SSH2 the server authentication happens in the first cryptographic message from server (for the obvious efficiency reasons), and thus for doing SNI-style certificate selection there would have to be some plaintext server-ID in first clients message, but the security of the protocol does not require that as long as the in-tunnel authentication is mutual (it is for things like kerberos).

replies(1): >>16733572 #
8. gsich ◴[02 Apr 18 02:39 UTC] No.16731895{4}[source]
A load balancer can chose the correct backend by using the SNI. So there is a use for being unencrypted.
9. tialaramex ◴[02 Apr 18 10:57 UTC] No.16733572{6}[source]
So, it feels like you're saying this is how SSH2 and rdesktop work, and then you caveat that by saying well, no, they actually don't offer this capability at all it turns out.

You are correct that you can do this if you spend one round trip first to set up the channel, and both the proposals for how we might encrypt SNI in that Draft do pay a round trip. Which is why I said they're slow and ugly. And as you noticed, SSH2 and rdesktop do not, in fact, spend an extra round trip to buy this capability they just go without.