1.1.1.1

Last updated
1.1.1.1
Developer(s) Cloudflare
Initial releaseApril 1, 2018;6 years ago (2018-04-01) [1]
Stable release
Android: 6.32 [2]
iOS: 6.23 [3]
Linux: Varies per OS [4]
macOS: 2024.3.407 [5]
Windows: 2024.3.409 [6]
Platform Android, iOS, Linux, macOS, Windows
Website 1.1.1.1

1.1.1.1 is a free Domain Name System (DNS) service by the American company Cloudflare in partnership with APNIC. [7] [ needs update ] The service functions as a recursive name server, providing domain name resolution for any host on the Internet. The service was announced on April 1, 2018. [8] On November 11, 2018, Cloudflare announced a mobile application of their 1.1.1.1 service for Android and iOS. [9] On September 25, 2019, Cloudflare released WARP, an upgraded version of their original 1.1.1.1 mobile application. [10]

Contents

Service

The 1.1.1.1 DNS service operates recursive name servers for public use at the twelve IP addresses listed below. [11] These addresses are mapped to the nearest operational server by anycast routing. [12] The DNS service is also available for Tor clients. [13] Users can set up the service by manually changing their DNS resolvers to the IP addresses below. Mobile users on both Android and iPhone have the alternative of downloading the 1.1.1.1 mobile application, which automatically configures the DNS resolvers on the device. [14]

1.1.1.11.1.1.1 for Families
Filters domains No [15] Yes [16]
Passes ECS No
Validates DNSSEC YesYes
Via DoH https://cloudflare-dns.com/dns-query [17] https://security.cloudflare-dns.com/dns-queryhttps://family.cloudflare-dns.com/dns-query
Via DoT 1dot1dot1dot1.cloudflare-dns.com [18] or one.one.one.onesecurity.cloudflare-dns.comfamily.cloudflare-dns.com
Via IPv4 1.1.1.1
1.0.0.1		1.1.1.2
1.0.0.2		1.1.1.3
1.0.0.3
Via IPv6 2606:4700:4700::1111
2606:4700:4700::1001		2606:4700:4700::1112
2606:4700:4700::1002		2606:4700:4700::1113
2606:4700:4700::1003

Technology

1.1.1.1 is a recursive DNS resolver. Cloudflare runs an authoritative DNS resolver with a network of over 20 million Internet properties. With the recursor and the resolver on the same network, some DNS queries can be answered directly.[ third-party source needed ]

With the release of the 1.1.1.1 mobile application in November 2018, Cloudflare added the ability for users to encrypt their DNS queries over HTTPS (DoH) or TLS (DoT). [19] Later on, a VPN tunnel was implemented based on Cloudflare's own BoringTun, a user space implementation of WireGuard written in Rust. [20] [21] [22]

Prior usage of the IP address

Technology websites noted that by using 1.1.1.1 as the IP address for its service, Cloudflare exposed misconfigurations in existing setups that violated Internet standards (such as RFC 1918). 1.1.1.1 was not a reserved IP address, yet was abused by many existing routers (mostly those sold by Cisco Systems) and companies for hosting login pages to private networks, exit pages or other purposes, rendering the proper routing of 1.1.1.1 impossible on those systems. [23] [24] Additionally, 1.1.1.1 is blocked on many networks and by multiple ISPs because the simplicity of the address means that it was previously often used inappropriately for testing purposes and not legitimate use. [23] These previous uses have led to a huge influx of garbage data to Cloudflare's servers. [24]

Cleanup of 1.1.1.1 and 1.0.0.1

The 1.0.0.0/8 IP block was assigned in 2010 to APNIC; [25] before this time it was unassigned space. [26] An unassigned IP space, however is not the same as a reserved IP space for private use (called a reserved IP address). [27] For example, AT&T has said it is working on fixing this issue[ non sequitur ] [28] [ better source needed ] within its CPE hardware.

WARP

In September 2019, Cloudflare released a VPN service called WARP which is built into the 1.1.1.1 app. [29] [30] [14] WARP is based on Cloudflare's own WireGuard implementation written in Rust called BoringTun. [31] It tunnels the connection between device and nearest Cloudflare data center, increasing connection speed, encrypting data and DNS requests. [10] Connection speed gain is achieved by converting TCP to UDP traffic (both IPv4, IPv6 are supported), DNS resolution inside Cloudflare's network, direct access to sites which are using Cloudflare's infrastructure. [32]

As VPN exit points are located inside the nearest data center, WARP will not provide access to geo-restricted content. Additionally, users' real IP addresses will be revealed to Cloudflare's CDN clients, so WARP cannot be considered an anonymity measure.

WARP+ and Unlimited

WARP+ routes users' internet traffic into less congested pathways using Cloudflare's own private backbone called Argo, which makes it much faster than basic WARP. WARP+ is a limited data plan, to get more data to use WARP+, users must refer more people to use the service. [10] [30] [33]

WARP+ Unlimited is a paid monthly subscription service to secure more data to use for WARP+ without any data limits. [30] [33]

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">APNIC</span> Regional Internet registry for the Asia Pacific region

APNIC is the regional Internet address registry (RIR) for the Asia-Pacific region. It is one of the world's five RIRs and is part of the Number Resource Organization (NRO).

<span class="mw-page-title-main">Content delivery network</span> Layer in the internet ecosystem addressing bottlenecks

A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects, downloadable objects, applications, live streaming media, on-demand streaming media, and social media sites.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It can, for example, allow private network communications to be sent across a public network, or for one network protocol to be carried over an incompatible network, through a process called encapsulation.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

Round-robin DNS is a technique of load distribution, load balancing, or fault-tolerance provisioning multiple, redundant Internet Protocol service hosts, e.g., Web server, FTP servers, by managing the Domain Name System's (DNS) responses to address requests from client computers according to an appropriate statistical model.

<span class="mw-page-title-main">OpenDNS</span> Domain name system provided by Cisco using closed-source software

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

<span class="mw-page-title-main">IPv4 address exhaustion</span> Depletion of unallocated IPv4 addresses

IPv4 address exhaustion is the depletion of the pool of unallocated IPv4 addresses. Because the original Internet architecture had fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s when the Internet started experiencing dramatic growth. This depletion is one of the reasons for the development and deployment of its successor protocol, IPv6. IPv4 and IPv6 coexist on the Internet.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

The deployment of IPv6, the latest version of the Internet Protocol (IP), has been in progress since the mid-2000s. IPv6 was designed as the successor protocol for IPv4 with an expanded addressing space. IPv4, which has been in use since 1982, is in the final stages of exhausting its unallocated address space, but still carries most Internet traffic.

Google Public DNS is a Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server. Google Public DNS was announced on December 3, 2009, in an effort described as "making the web faster and more secure." As of 2018, it is the largest public DNS service in the world, handling over a trillion queries per day. Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

<span class="mw-page-title-main">Mullvad</span> VPN service based in Sweden

Mullvad is a commercial VPN service based in Sweden. Launched in March 2009, Mullvad operates using the WireGuard and OpenVPN protocols. It also supports Shadowsocks as a bridge protocol for censorship circumvention. Mullvad's VPN client software is released under the GPLv3, a free and open-source software license.

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS. In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States. In May 2020, Chrome switched to DNS over HTTPS by default.

EDNS Client Subnet (ECS) is an option in the Extension Mechanisms for DNS that allows a recursive DNS resolver to specify the subnetwork for the host or client on whose behalf it is making a DNS query. This is generally intended to help speed up the delivery of data from content delivery networks (CDNs), by allowing better use of DNS-based load balancing to select a service address near the client when the client computer is not necessarily near the recursive resolver.

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

<span class="mw-page-title-main">Quad9</span> Global public recursive DNS resolver based in Switzerland

Quad9 is a global public recursive DNS resolver that aims to protect users from malware and phishing. Quad9 is operated by the Quad9 Foundation, a Swiss public-benefit, not-for-profit foundation with the purpose of improving the privacy and cybersecurity of Internet users, headquartered in Zürich. Quad9 is entirely subject to Swiss privacy law, and the Swiss government extends that protection of the law to Quad9's users throughout the world, regardless of citizenship or country of residence.

<span class="mw-page-title-main">Mozilla VPN</span> Virtual private network service

Mozilla VPN is an open-source virtual private network web browser extension, desktop application, and mobile application developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geoblocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

References

  1. "Cloudflare launches 1.1.1.1 DNS service that will speed up your internet". The Verge . Vox Media, LLC. April 1, 2018. Retrieved November 11, 2022.
  2. "1.1.1.1 + WARP: Safer Internet". Google Play Store . Cloudflare, Inc. December 22, 2023. Retrieved April 15, 2024.
  3. "1.1.1.1: Faster Internet". Apple App Store . Cloudflare Inc. September 1, 2023. Retrieved September 28, 2023.
  4. "WARP Linux Packages". Cloudflare Desktop Client. Retrieved April 15, 2024.
  5. "WARP macOS Client". App Center. Cloudflare. March 30, 2024. Retrieved April 15, 2024.
  6. "WARP Windows Client". App Center. Cloudflare. March 30, 2024. Retrieved April 15, 2024.
  7. Huston, Geoff (April 2, 2018). "APNIC Labs enters into a research agreement with Cloudflare". APNIC Blog.
  8. Cloudflare launches 1.1.1.1 DNS service that will speed up your internet The Verge, April 1, 2018
  9. Cimpanu, Catalin. "Cloudflare launches Android and iOS apps for its 1.1.1.1 service | ZDNet". ZDNet .
  10. 1 2 3 "WARP is here (sorry it took so long)". The Cloudflare Blog. September 25, 2019. Retrieved November 19, 2022.
  11. Setting Up 1.1.1.1 Archived May 24, 2018, at the Wayback Machine Speed
  12. Introducing DNS Resolver, 1.1.1.1 (not a joke) DNS resolver, 1.1.1.1, is served by Cloudflare’s Global Anycast Network.
  13. "Introducing DNS Resolver for Tor". Cloudflare. June 5, 2018. Retrieved October 1, 2018.
  14. 1 2 "1.1.1.1 — The free app that makes your Internet faster". 1.1.1.1. Archived from the original on August 17, 2013. Retrieved November 22, 2019.
  15. "Does 1.1.1.1 do web content filtering like Cisco's OpenDNS?". Cloudflare Community. November 11, 2018. Retrieved November 1, 2020.
  16. "Introducing 1.1.1.1 for Families". The Cloudflare Blog. April 1, 2020. Retrieved November 1, 2020.
  17. "Making requests". The Cloudflare Blog. Archived from the original on August 27, 2021. Retrieved October 6, 2020.
  18. "DNS over TLS · 1.1.1.1 docs". Cloudflare Docs. Archived from the original on October 4, 2021. Retrieved November 13, 2021.
  19. "Introducing Warp: Fixing Mobile Internet Performance and Security". The Cloudflare Blog. April 1, 2019. Retrieved November 22, 2019.
  20. Krasnov, Vlad (18 December 2018). "BoringTun, a userspace WireGuard implementation in Rust". Cloudflare Blog. Archived from the original on 4 April 2019. Retrieved 29 March 2019.
  21. "CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation". phoronix.com . Retrieved March 29, 2019.
  22. "The Technical Challenges of Building Cloudflare WARP". The Cloudflare Blog. September 25, 2019. Retrieved November 22, 2019.
  23. 1 2 Cherry, Denny (April 5, 2018). "5 reasons Cloudflare's roll-out of 1.1.1.1 has been a disaster". Tech Target . Archived from the original on April 26, 2018. Retrieved April 26, 2018.
  24. 1 2 "1.1.1.1: Cloudflare's new DNS attracting 'gigabits per second' of rubbish". ZDNet . April 4, 2018. Retrieved April 26, 2018.
  25. "1/8 and 27/8 allocated to APNIC". NANOG . January 21, 2010. Retrieved May 3, 2018.
  26. List of assigned /8 IPv4 address blocks
  27. Fixing reachability to 1.1.1.1, GLOBALLY!, by Marty Strong, April 10, 2018
  28. "Tweet by @billplein, 3 April 2018". Archived from the original on February 2, 2019.
  29. Khalid, Amrita (April 2, 2019). "Cloudflare's privacy-focused DNS app adds a free VPN". Engadget. Archived from the original on April 2, 2019. Retrieved April 2, 2019.
  30. 1 2 3 Humphries, Matthew (September 26, 2019). "Cloudflare Finally Launches Warp, But It's Not a Mobile VPN". PCMag . Retrieved November 19, 2022.
  31. "BoringTun, a userspace WireGuard implementation in Rust". The Cloudflare Blog. March 27, 2019. Retrieved March 22, 2023.
  32. "The Technical Challenges of Building Cloudflare WARP". The Cloudflare Blog. September 25, 2019. Retrieved March 22, 2023.
  33. 1 2 "What is the difference between WARP, WARP+, and WARP+ Unlimited?". WARP Client Help Center. Retrieved November 19, 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.