←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 4 comments | 01 Apr 18 12:14 UTC | HN request time: 0.205s | source
1. herodotus ◴[01 Apr 18 18:39 UTC] No.16729759[source]
This looks good, but I assume that any DNS request I make is still routed through my ISP. Therefore, I assume there is no way to stop my ISP from keeping a log of every URL I visit. Is that correct?
replies(3): >>16730006 #>>16730972 #>>16731079 #
2. ◴[01 Apr 18 19:36 UTC] No.16730006[source]
3. written ◴[01 Apr 18 22:48 UTC] No.16730972[source]
No, DNS only deals with domains, not the whole URLs.
4. _arvin ◴[01 Apr 18 23:13 UTC] No.16731079[source]
ISP will be aware of all traffic to your IP, but consider that most people have their DNS set to use their ISPs, meaning the ISP easily sees this information in logs. Some people use Google DNS or another provider to bypass the ISP's DNS, which is a step better.

Now Cloudflare is providing a very fast and privacy-driven DNS, so to me this is a step up from others (Quad9, OpenDNS being formidable alternatives)

Say you're on a public WIFI and don't want DNS queries from your machine, there's also DNS-over-HTTPS (which Cloudflare and a couple others support) which doesn't use the DNS protocol and would make a POST request to say, https://1.1.1.1/.well-known/dns-query instead.

Also with HTTPS, ISPs won't see the full URL, just that a secure connection was made to that domain.