4/1

You are giving your data to two botnets now.

>cloudflare

No fucking thank you. Is there any DNS provider thats not fucking botnet? even ISP DNS is probably botnet now

cloudflare.com/our-story/
>In 2004, Matthew Prince and Lee Holloway set out to answer the basic question: “Where does email spam come from?” The two of them built a system that allowed anyone with a website to track how spammers harvested email addresses. Project Honey Pot was born.

Cloudflare is next tier project honeypot.

>1.1.1.1 is a partnership between Cloudflare and APNIC
HAHAHA, no
i use dns.watch and it's quite comfy; hosted in Germany so the RTT is rather low at about 30 ms

>cloudflare
>privacy
ishiggydiggydoo

can I use this with dns-crypt?

Yes, but unbound with tls 1.1.1.1@853 is even better

OpenNIC or bust.

Attached: 1517569254031.png (375x505, 158K)

after what happened with stormfront I'm not trusting cloudflare

Why would I use dns which is topologically far away from me instead of the local one which responds in 1ms?

Attached: 1509787731396.jpg (371x89, 21K)

really activates my almonds

Attached: 1111 8888.jpg (465x415, 58K)

owned by cloudflare.

You do realize that your local DNS needs an upstream DNS, right?
Having a DNS locally does not mean all your queries are 1ms lookups.

The question is, will it be faster once everyone and their mother starts using it as their default resolver? It's quite easy to resolve addresses quickly if they're only serving 100 people but I highly doubt the numbers will stay the same once they start serving 100 million people.

Jow Forumshomelab is going nuclear to the thought that 1.1.1.1 is owned by cloudfare..

this will totally fuck up the internet

dns.watch

I realize that. But that's true for all the other dns servers as well. I know pinging the dns server isn't a perfect benchmark for its performance but it shows the inherent disadvantage all these third party servers have compared to the local isp one.

>Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads. We think that’s gross. If you do too, now there’s an alternative: 1.1.1.1
wtf I hate my ISP now

Just use DNSCrypt

Is there anything special about a DNS server? Couldn't I make my own for personal use?

Attached: Iactsn.jpg (250x250, 14K)

What is the best DNS?
I'm looking for a non botnet DNS, i see DNS.watch and OpenNIC, what is best? Which DNS do you know?

PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=5.27 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=5.28 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=4.99 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=4.62 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=59 time=4.84 ms
64 bytes from 1.1.1.1: icmp_seq=6 ttl=59 time=4.73 ms
64 bytes from 1.1.1.1: icmp_seq=7 ttl=59 time=5.35 ms
64 bytes from 1.1.1.1: icmp_seq=8 ttl=59 time=5.09 ms
64 bytes from 1.1.1.1: icmp_seq=9 ttl=59 time=4.60 ms
64 bytes from 1.1.1.1: icmp_seq=10 ttl=59 time=5.50 ms

--- 1.1.1.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9017ms
rtt min/avg/max/mdev = 4.600/5.030/5.502/0.315 ms

against
PING 208.67.222.222 (208.67.222.222) 56(84) bytes of data.
64 bytes from 208.67.222.222: icmp_seq=1 ttl=59 time=4.98 ms
64 bytes from 208.67.222.222: icmp_seq=2 ttl=59 time=4.84 ms
64 bytes from 208.67.222.222: icmp_seq=3 ttl=59 time=5.04 ms
64 bytes from 208.67.222.222: icmp_seq=4 ttl=59 time=5.31 ms
64 bytes from 208.67.222.222: icmp_seq=5 ttl=59 time=4.99 ms
64 bytes from 208.67.222.222: icmp_seq=6 ttl=59 time=4.90 ms
64 bytes from 208.67.222.222: icmp_seq=7 ttl=59 time=4.59 ms
64 bytes from 208.67.222.222: icmp_seq=8 ttl=59 time=4.87 ms
64 bytes from 208.67.222.222: icmp_seq=9 ttl=59 time=4.84 ms
64 bytes from 208.67.222.222: icmp_seq=10 ttl=59 time=5.25 ms

--- 208.67.222.222 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9021ms
rtt min/avg/max/mdev = 4.597/4.965/5.315/0.218 ms

Literally the same for me.

opendns
208.67.222.222
208.67.220.220

run this
grc.com/dns/benchmark.htm

>The question is, will it be faster once everyone and their mother starts using it as their default resolver?
This isn't a web browser extension, event though many are incapable or unwilling to learn what those are. I doubt it will ever be widespread to that extent.

There is no privacy, your ISP still sees what IP you're connecting to and can do a reverse lookup to get what domain you went to.

Is this a botnet, Jow Forums?

Attached: 2018-04-01 15_41_33-C__Windows_System32_cmd.exe.png (466x155, 10K)

opendns is good enough.

Attached: Capture.png (591x211, 15K)

Just run your own damn bind and query the root servers directly.

opennic

Attached: 1.png (912x467, 29K)

Well it can't be worse than google's privacy wise
In dnsbench it comes ahead of google, in a more thorough test like namebench it looks a bit worse though

Do not believe OP, 1.1.1.1 is shit

Attached: 2018-04-01-155616_scrot.png (629x498, 51K)

>Just run your own damn bind and query the root servers directly.
How?

>what is caching

emerge net-dns/bind[/bind]

Yea just hoard my site accessing data, just take it!

>open 1.1.1.1
>get Cisco controller login screen
THANKS CISCO

google is superior for me. get fucked shills

Attached: 8.8.8.8.jpg (846x296, 141K)

Obviously this will depend on where you are, but I'm seeing pretty good performance from it.

Note that the client orders by cached performance, ignoring everything else, so it makes it look worse than it is. The real thing to look at is the average response time on Uncached and Dotcom.

They also have a pretty decent DNS over HTTP implementation. Investigating that now.

Pic related.

Attached: DNS_Bench.png (596x1384, 82K)

>Dotcom
What is that?

>being an 8cuck
No surprise coming form a Team Mini

April fools?

In order for a DNS resolver to query the nameservers for the most popular domains such as Google, Yahoo, and others, the resolver must first know the IP addresses of those nameservers. That information is looked up by asking the “Dot Com” nameservers for the IP addresses of the domain nameservers. As you might imagine, speedy and efficient access to the “Dot Com” nameservers is critically important too, since everything else depends upon it.

The PURPLE BAR shows the performance of each DNS resolver's queries when they are forced to go directly to the “Dot Com” nameservers for the resolution of a lookup request for a dot COM domain name.

Per: grc.com/dns/operation.htm

So what's the difference between a DNS server and a "Dot Com nameserver"?

the .com DNS is on the second highest level. You can a DNS on a lower or higher level as well
i.e with boards.Jow Forums.org you first look up .org. Then ask the .org dns for Jow Forums and then ask the Jow Forums dns for boards.

That's not really how it works in practice though since there's a lot of caching going on.

you can easily bypass some ISP censorship and ads and "features"

It's not for me.

Cloudflare's blog post claims it isn't one, but who knows.
Shit like this is why I hate april fool's jokes. Either they're well done, which is rare,they're just retarded and painfully obvious, or it's just some stupid bullshit like this where it sounds like something good but then you look at the calendar.

See I was writing a more complex explanation, but basically what he said. It's more complex than that, but yeah.

Hmm, never heard about dotcom resolvers before. Aren't they mostly bloat though? Do they make anything faster? Couldn't we just have 2nd level DNS servers only?

hmmm 1ms faster than googlag?

I think ill just stay

Attached: DNS.jpg (538x350, 55K)

install bind. make sure it allows recursive lookups for your local network. ensure there are no forwarders being used (by default there aren't)

>using goolag anything

It spreads out DNS requests, lowering traffic on the individual servers and makes the network more robust.

dns watch even slower

Attached: dns_yikes.jpg (480x292, 53K)

Where do you live?

Why is it faster than ISP? lmao
ISP dns box is literally 100 meters away

Aw shit, it's just April fools. It will be taken down in two days.

There's definitely nothing strange about China's IP allocation board giving the the simplest address possible to Cloudflare instead of Google. :)))

test

what is this creme thing? plz answer

go ba ck to hacker news faggot.

litterly this. wtf is up with the same copy pasta from other sites or same shit that was said two weeks ago

United States, Atlanta
I'm open to DNS suggestions I've just been using goolag because I couldn't anything faster

>simplest address possible
would actually be 1.2.3.4
and its ipv6 would again just be numbers increasing
fucking cremetard

wtf i love cloudflare now

after what happened with stormfront I'm trusting cloudflare

>copy pasta
what copy pasta?

Team creme reigns supreme

wanwan-html5.moe/

How the fuck did they get a cert for an ip address?

>6ms
Not bad.

Attached: IMG_0009.jpg (438x203, 19K)

The Subject Alternative Name (often misunderstood as an alias, but "Alternative" here is meant in the sense of this is the Internet's _Alternative_ way to name things versus the X.500 series directory hierarchy that the X.509 certificates are originally intended for) can be one of several distinct types, the two relevant for servers are dnsName and ipAddress. dnsName can be any er, name, in the DNS hierarchy, or, as a special case, a "wildcard" with asterisks, whereas ipAddress can be any type of IP address, currently either IPv4 or IPv6.

The Baseline Requirements agreed between Web Browser vendors and root Certificate Authorities dictate how the CA can figure out if an applicant is allowed a certificate for a particular name, for dnsNames this is the Ten Blessed Methods, for ipAddress the rules is you can't get one for that dynamic IP you have from your cable provider for 24 hours, but somebody who really controls the IP address can get one. They're uncommon, but not rare, maybe a dozen a day are issued?

Your web browser requires that the name in the URL exactly matches the name in the certificate. So if you visit some-dns-server.example/ the certificate needs to be for some-dns-server.example (or *.example) and a certificate for 1.1.1.1 doesn't work, even if some-dns-server.example has IP address 1.1.1.1 - so this cert is only useful because they want people actually typing 1.1.1.1/ into browsers

They are scammers. They literally sell MITM attacks.

Half of it was because andrew is a dumbass that can only post memes

Facebook has a cert for their .onion address

Who is the shitposter behind this dns server?
servers.opennic.org/edit.php?srv=ns5.fr.dns.opennic.glue

You hand your privacy and censorship off to another private company that isn't serving you the requests for any payment.

Take a moment and think about that for a second. If you think they aren't using this to collect data for personal gain then you are an idiot. This is also the same company that tried to outright ban sites from using its services because it hurt their feelings if you think they aren't going to censor sites in their DNS service then you are once again an idiot.

Botnet.

what a joke

Attached: powershell_2018-04-01_18-46-46.png (460x255, 13K)

delete system32

>not living near ny
└─> ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=16.6 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=16.8 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=16.9 ms

--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 16.659/16.800/16.919/0.107 ms

heh.

proof? legit curious because I can believe it. cloudflare is pretty fucking evil.

Thank you Peanut Butter bro.

$ ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=5.44 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=5.30 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=5.30 ms

$ ping -c 3 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=55 time=5.45 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=55 time=5.44 ms
64 bytes from 4.2.2.2: icmp_seq=3 ttl=55 time=5.48 ms

$ ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=5.13 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=5.02 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=59 time=5.03 ms

I'll keep using Level 3

What about isolation from your ISP?

are you stupid? Their cloudflare service (the one that reverse proxies websites) is literally a MITM.

move to ausfailia guy :^)

Attached: Capture.png (824x332, 22K)

Ok I'm really wondering: how did they get that IP address? How much did it cost? Nobody ever bought it before? I would have guessed it belonged to Microsoft or Google...