What's new

Cloud9 DNS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yeah, I thought CF was just about speed, not farming.

I predict this will be a popular thread.
 
https://en.wiktionary.org/wiki/kiboze

Other things to do, yes, but Quad9 is a high priority for us, and heck, I'm just sitting around an airport lounge waiting for my next plane, so I might as well be useful, right?



Sure.



Relative to those two, the answer is the same: privacy and security.

A lot of people look at recursive DNS and think that performance is the thing that matters, because it's the thing that they can measure. Performance is easy to see, because anybody can run dnsperftest to see which gives the quickest average response time from their location. But of the four large ones (OpenDNS/Umbrella being the fourth) all are likely to give you very good performance if you're in North America or Western Europe. Because the other three are commercial, they focus their effort in the places where people have the most money to spend, so you're less likely to get good performance from them if you're in Africa or South America or the Caribbean or South Asia, for instance. But if you're in the US, or Canada, or France, or Germany, any of the four will give you perfectly sufficient performance, and no amount of tinkering or switching is likely to yield any user-noticeable improvement. But performance isn't the point. Google was already there when we set up Quad9, and we're not going to blow our donors' money solely to one-up somebody's commercial offering on the basis of performance.

The point was privacy and security.

Google and Cloudflare make their money by collecting and selling personal information. Whatever you may think about the morality of that, it's flat-out illegal in Europe, and Quad9 was started because European privacy regulators asked us (meaning PCH, in this case) to stand up a GDPR-compliant recursive resolver, as an existence-proof that it was possible to run this critical infrastructure without paying for it by stealing users' personal information and hawking it to data-brokers.

So, unlike the others, Quad9 does not collect personal information. Quad9 does not have a concept of a "user" to hang records off of, and does not collect any IP addresses. Quad9 is the only big anycast resolver that doesn't collect personal information, and it's the only free one that's GDPR-compliant. (Cisco's commercial Umbrella offering is GDPR-compliant and doesn't sell information.) There are people who say that it's okay to collect information if you don't do anything bad with it, but that's completely wrong, because breaches happen all the time. Any information you collect will eventually be stolen, and when it's stolen, it'll be sold. So, don't collect unnecessary information in the first place.

Relative to security, malware and phishing and so forth are a horrible problem, particularly with IoT junk. Botnets are getting very large, and the DDoS attacks they source are a vast problem. So using the recursive resolver to block contact between bot software and its C&C, as David did with OpenDNS, is an excellent way to protect users from malware, and to protect the Internet from infected devices. Whereas OpenDNS has Cisco as its sole source of "threat intelligence," Quad9, as a not-for-profit Internet industry project, has twenty, including Cisco and IBM and F-Secure and many others. So Quad9 offers malware blocking that uses the best information we can glean from all twenty threat intel providers, plus a whitelist of known-good major sites, to make sure that infected devices at your sites can't connect to C&C and start DDoSing people, and that credulous users won't be able to connect to phishing sites that will steal their information.

How we recommend you use Quad9 is to run a local caching resolver that performs QNAME minimization and DNS-over-TLS, provision it with plenty of cache, and only leak the minimum possible information out to us. Lots of folks use the combination of PiHole and Stubby for that purpose. One way you can tell whether people are monetizing your data is by seeing whether they recommend you connect your end-nodes directly to their service, or whether they recommend you put a caching resolver in front. :)

If you want to make this question more visible, you could post it to Quora, and I'll post the answer there as well.


Great response!

I just wish that where I live (South Australia), Quad9 was a tad closer/quicker.

When I specify Quad9 as my chosen dns, I’m sure my resolution requests route via the dark side of the moon! Currently stuck with Cloudflare - super fast here.

Aside from speed issues, Quad9 would otherwise be my go to.
 
From their site:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/

Privacy
Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your phone or computer does is ask its directory: where can I find this?

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads. Cloudflare, in partnership with APNIC, runs 1.1.1.1, a recursive DNS service that values user privacy. Even though most Internet users have no insight into the Recursive DNS process or the entities involved in that work, there are legitimate concerns about how personal information collected through the Recursive DNS process are used or repurposed.

Cloudflare commits that 1.1.1.1 was designed for privacy first, and as a result:

  • Cloudflare will never sell your data or use it to target ads. Period.
  • All debug logs, which we keep just long enough to ensure no one is using the service to cause harm, of are purged within 24 hours.
  • Cloudflare will not retain any personal data / personally identifiable information, including information about the client IP and client port.
  • Cloudflare will retain only limited transaction data for legitimate operational and research purposes, but in no case will such transaction data be retained by Cloudflare for more than 24 hours.
  • Cloudflare will only retain or use what is being asked, not who is asking it. Unless otherwise notified to users, that information may be used for the following limited purposes:
  • Under the terms of a cooperative agreement, APNIC will have limited access to query the transaction data for the purpose of conducting research related to the operation of the DNS system.
Frankly, we don’t want to know what you do on the Internet — it’s none of our business — and we’ve taken the technical steps to ensure we can’t.
 
From their site:
https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/

Privacy
Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your phone or computer does is ask its directory: where can I find this?

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads. Cloudflare, in partnership with APNIC, runs 1.1.1.1, a recursive DNS service that values user privacy. Even though most Internet users have no insight into the Recursive DNS process or the entities involved in that work, there are legitimate concerns about how personal information collected through the Recursive DNS process are used or repurposed.

Cloudflare commits that 1.1.1.1 was designed for privacy first, and as a result:

  • Cloudflare will never sell your data or use it to target ads. Period.
  • All debug logs, which we keep just long enough to ensure no one is using the service to cause harm, of are purged within 24 hours.
  • Cloudflare will not retain any personal data / personally identifiable information, including information about the client IP and client port.
  • Cloudflare will retain only limited transaction data for legitimate operational and research purposes, but in no case will such transaction data be retained by Cloudflare for more than 24 hours.
  • Cloudflare will only retain or use what is being asked, not who is asking it. Unless otherwise notified to users, that information may be used for the following limited purposes:
  • Under the terms of a cooperative agreement, APNIC will have limited access to query the transaction data for the purpose of conducting research related to the operation of the DNS system.
Frankly, we don’t want to know what you do on the Internet — it’s none of our business — and we’ve taken the technical steps to ensure we can’t.


Would be interesting to see Mr Woodcock’s take on this........
 
CF's Privacy wording is very carefully written to impart a sense of comfort until you read between the lines.

"Cloudflare will never sell your data or use it to target ads. Period." > Ok they won't sell it or use it for adding me, but you can sure as hell analyze the hell out of it in 24 hours.

"Cloudflare will only retain or use what is being asked, not who is asking it." > There's a gold mine in just that information.

I tend to avoid google as much as I can, I'm adding Cloudflare to that list. This is the 2nd great thing I learned today! YMMV...
 
Last edited:
CF's Privacy wording very carefully written to impart a sense of comfort until you read between the lines.

"Cloudflare will never sell your data or use it to target ads. Period." > Ok they won't sell it or use it for adding me, but you can sure as hell analyze the hell out of it in 24 hours.

"Cloudflare will only retain or use what is being asked, not who is asking it." > There's a gold mine in just that information.

I tend to avoid google as much as I can, I'm adding Cloudflare to that list. This is the 2nd great thing I learned today! YMMV...

I’m hearing you!
 
Would be interesting to see Mr Woodcock’s take on this........
He’ll probably say it isn’t true. The Quad9 guy wants you to use his service, so he’ll say Cloudflare collects information. That Cloudflare privacy policy, that @Kingp1n posted, is pretty straightforward. You either believe they are committed to it or not.
 
Wonder how it compares to Trend Micro's usage?
 
i'm using cloudfare and quad nine as well woody comes up on the test .
in settings do i have to check don't get dns automaticly so that my isps DNS does not get used because that is the first ip that comes up on the test before i test for leaks , sorry if this is not clear , some fog on the brain
 
i'm using cloudfare and quad nine as well woody comes up on the test .
in settings do i have to check don't get dns automatically so that my isps DNS does not get used because that is the first ip that comes up on the test before i test for leaks , sorry if this is not clear , some fog on the brain
If I'm understanding you "Woody.net" is what your seeing for DNS server? If thats the case then that is Quad9. See first couple of post for explanation.
 
He’ll probably say it isn’t true. The Quad9 guy wants you to use his service, so he’ll say Cloudflare collects information. That Cloudflare privacy policy, that @Kingp1n posted, is pretty straightforward. You either believe they are committed to it or not.
Yea, I wonder why he stated that when it to me states otherwise. Would be interesting to see Mr @Bill Woodcock 's reply. I doubt anyone from Cloudflare would reply but maybe it would help to get a little more of one side's story.
 
i'm using cloudfare and quad nine as well woody comes up on the test .
in settings do i have to check don't get dns automaticly so that my isps DNS does not get used because that is the first ip that comes up on the test before i test for leaks , sorry if this is not clear , some fog on the brain

Set check automatically = no, then manually specify what dns server/s you want to use. (Cloudflare, Quad9, whatever)
That should take your isp servers out of the picture.

To enforce that to all clients, set LAN > DNS Filter to ‘on’, then ‘router’, & everything else just blank.

Works well for me.
 
i'm using cloudfare and quad nine as well woody comes up on the test .
in settings do i have to check don't get dns automaticly so that my isps DNS does not get used because that is the first ip that comes up on the test before i test for leaks , sorry if this is not clear , some fog on the brain
You should use Quad9 or Cloudflare but not both at the same time. You could get different replies from different resolvers. My recommendation is to use the resolver that works best for you and is closer. I use Cloudflare as my ISP sends Quad9 requests across the country when I do DoT.

Sent from my SM-T380 using Tapatalk
 
https://en.wiktionary.org/wiki/kiboze

Other things to do, yes, but Quad9 is a high priority for us, and heck, I'm just sitting around an airport lounge waiting for my next plane, so I might as well be useful, right?



Sure.



Relative to those two, the answer is the same: privacy and security.

A lot of people look at recursive DNS and think that performance is the thing that matters, because it's the thing that they can measure. Performance is easy to see, because anybody can run dnsperftest to see which gives the quickest average response time from their location. But of the four large ones (OpenDNS/Umbrella being the fourth) all are likely to give you very good performance if you're in North America or Western Europe. Because the other three are commercial, they focus their effort in the places where people have the most money to spend, so you're less likely to get good performance from them if you're in Africa or South America or the Caribbean or South Asia, for instance. But if you're in the US, or Canada, or France, or Germany, any of the four will give you perfectly sufficient performance, and no amount of tinkering or switching is likely to yield any user-noticeable improvement. But performance isn't the point. Google was already there when we set up Quad9, and we're not going to blow our donors' money solely to one-up somebody's commercial offering on the basis of performance.

The point was privacy and security.

Google and Cloudflare make their money by collecting and selling personal information. Whatever you may think about the morality of that, it's flat-out illegal in Europe, and Quad9 was started because European privacy regulators asked us (meaning PCH, in this case) to stand up a GDPR-compliant recursive resolver, as an existence-proof that it was possible to run this critical infrastructure without paying for it by stealing users' personal information and hawking it to data-brokers.

So, unlike the others, Quad9 does not collect personal information. Quad9 does not have a concept of a "user" to hang records off of, and does not collect any IP addresses. Quad9 is the only big anycast resolver that doesn't collect personal information, and it's the only free one that's GDPR-compliant. (Cisco's commercial Umbrella offering is GDPR-compliant and doesn't sell information.) There are people who say that it's okay to collect information if you don't do anything bad with it, but that's completely wrong, because breaches happen all the time. Any information you collect will eventually be stolen, and when it's stolen, it'll be sold. So, don't collect unnecessary information in the first place.

Relative to security, malware and phishing and so forth are a horrible problem, particularly with IoT junk. Botnets are getting very large, and the DDoS attacks they source are a vast problem. So using the recursive resolver to block contact between bot software and its C&C, as David did with OpenDNS, is an excellent way to protect users from malware, and to protect the Internet from infected devices. Whereas OpenDNS has Cisco as its sole source of "threat intelligence," Quad9, as a not-for-profit Internet industry project, has twenty, including Cisco and IBM and F-Secure and many others. So Quad9 offers malware blocking that uses the best information we can glean from all twenty threat intel providers, plus a whitelist of known-good major sites, to make sure that infected devices at your sites can't connect to C&C and start DDoSing people, and that credulous users won't be able to connect to phishing sites that will steal their information.

How we recommend you use Quad9 is to run a local caching resolver that performs QNAME minimization and DNS-over-TLS, provision it with plenty of cache, and only leak the minimum possible information out to us. Lots of folks use the combination of PiHole and Stubby for that purpose. One way you can tell whether people are monetizing your data is by seeing whether they recommend you connect your end-nodes directly to their service, or whether they recommend you put a caching resolver in front. :)

If you want to make this question more visible, you could post it to Quora, and I'll post the answer there as well.
You have sold me well done
 
Yea, I wonder why he stated that when it to me states otherwise. Would be interesting to see Mr @Bill Woodcock 's reply. I doubt anyone from Cloudflare would reply but maybe it would help to get a little more of one side's story.
I appreciate that Mr. Woodcock replied here and this is just my opinion—he should have posted about the benefits of Quad9 DNS. He didn’t need to suggest Cloudflare is doing something outside their privacy policy.

He even tweeted once that both Quad9 and Cloudflare have strong privacy policies, but then suggests Quad9 can be trusted more? It just seems to me he’s taking opportunities to sow doubts about the other DNS service. I’m sure Quad9 is great and if so, it should stand on its own merits.
 

Attachments

  • 469F5018-73F0-45AC-AF07-7E7325C5D873.jpeg
    469F5018-73F0-45AC-AF07-7E7325C5D873.jpeg
    61.7 KB · Views: 392
Last edited:
I thought part of using cloudflare was that they didn't collect any data like Google did...guess I was wrong!!!

To be clear, I don't have any magic insight into what happens inside Cloudflare. They're a private company, and pretty opaque. I was speaking about their business model generally. So, first off, their business model, in their founder's words:

Mr Prince got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered.

"They said 'do you have any idea how valuable the data you have is? Is there any way you would sell us that data? I added up the cost of running it, multiplied it by ten, and said 'how about $20,000? It felt like a lot of money. That cheque showed up so fast. I was telling the story to Michelle Zatlyn, one of my classmates, and she said, 'if they'll pay for it, other people will pay for it'."

And so the idea for Cloudflare was born, with Ms Zatlyn as its third co-founder.

(https://www.bbc.com/news/business-37348016)

There were quite a lot of data-collection businesses getting started at that time, many of them with In-Q-Tel backing, looking to do generalized aggregate surveillance and monetize it by selling it to intelligence agencies. Cloudflare was hardly unique in that regard. Google was notably doing the same thing, and AT&T and Verizon both spun up huge groups to sell customer data to intelligence agencies. But just because it was commonplace doesn't mean it was ok.

Second, there's the IP address. The 1.0.0/24 and 1.1.1/24 blocks are reserved exclusively for research use. Specifically, Geoff Huston, APNIC's big-data guy, collects lots and lots of datasets, and does some pretty interesting analysis on them, often with useful outcomes for network operators. Putting aside for another day the story of how Cloudflare managed to get the use of the address, it came with two big caveats: that the data be collected and given to Geoff, and that they only got the loan of it for five years.

Ironically for a project predicated on privacy, Cloudflare is sharing DNS query data with APNIC Labs, a part of Asian registry APNIC, in exchange for the use of its 1.1.1.1 network address.

(https://www.theregister.co.uk/2018/04/03/cloudflare_dns_privacy)

By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes. Huston emphasised that APNIC intends to protect users' privacy. "DNS is remarkably informative about what users do, if you inspect it closely, and none of us are interested in doing that," he said.

(https://www.zdnet.com/article/1-1-1-1-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish)

All of which is reasonable, if you're up-front about it. This is a five-year experiment to collect data about people's use of the DNS, and analyze and publish it in as-yet unspecified ways.

At first, Cloudflare was denying that they were sharing the information, but now they've published a policy that explains that they're gathering this information for Geoff. There's a page on their web site which is Google-indexed, though not apparently linked to from the 1.1.1.1 page on their web site, in which they do list the twenty-five different pieces of information they collect about every query, and they say that they delete some of their copy of the data about some of the queries after 24 hours, after they've already shared it with APNIC. APNIC's privacy policy, in turn, is notably permissive relative to, for instance, European law:

Non-personally identifiable information is automatically recorded in our databases when you are measured by our systems. Your IP address, date, time, language, and technical data about your browser and operating system (via user-agent string) are considered non-personally identifiable information, and is logged by APNIC.

(https://labs.apnic.net/privacy.shtml)

Under European law, IP addresses are personally identifiable information. Also, notably, APNIC does not specify any data-retention time limit, nor do they have a mechanism whereby an individual whose information has already been gathered may have it removed from their records.

So, anyway, I'd very much like for Cloudflare to commit to not collecting or sharing personal information, but if they gave that up, they'd have to also give up the 1.1.1.1 IP address early, rather than at the five-year mark.

Another thing to think about... All those users who've pointed their configs at 1.1.1.1... When the five-year mark rolls around, and 1.1.1.1 isn't pointing at Cloudflare anymore, who will get all those queries then? And what privacy policy will they be bound by, if any?

Anyway, this isn't so much to pick on Cloudflare as to point out an instance of the kinds of practices that we were specifically trying to avoid with Quad9. If you collect data in the first place, things get really complicated, and even if you intend well, the data will still eventually get breached. If you don't collect data in the first place, none of these problems exist. We're advocating, and practicing, the don't-collect-it-in-the-first-place model.
 
Last edited:
It just seems to me he’s taking opportunities to sow doubts about the other DNS service. I’m sure Quad9 is great and if so, it should stand on its own merits.

Nobody asked about the merits of Quad9. I'm happy to talk about both its merits and its deficiencies. I was just answering the question that was posed.

Also, I don't really care one way or other about Cloudflare as a service, what I care about is privacy practices. There will always be more services coming along; what matters is whether users' privacy is being respected more in the future, or less. Whether users have more options that don't monetize them, or fewer. There will always be bad options, and there will always be people who prefer them. What matters is whether there are also good options for people who care enough to use them, and whether the world is generally getting better or worse.
 
I moved this thread to the Network Security sub-forum as it is more appropriate than the Asuswrt-Merlin for this discussion.
 
Also, I don't really care one way or other about Cloudflare as a service, what I care about is privacy practices.
You do, because you wouldn’t be suggesting that Cloudflare is operating outside of its posted privacy policy. Your own tweet, in 2018, called Cloudflare’s privacy policy “strong” and to me—the read between the lines argument of their privacy policy is used to sow doubts of their service. This rubs me the wrong way. Sorry—but that’s my opinion, as you have your opinion. We’ll have to disagree here.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top