Cloudflare DNS

What's the angle on this? What does Cloudflare gain by offering a free service where they aren't collecting private info? Something doesn't add up here...

Are you retarded? How would sending queries to another DNS server prevent your ISP from seeing your connections?

can you stop shilling their garbage like a dumb brand loyal drone

cloudfare man in the middles all traffic. their dns will extend their surveillance on every connection your client does to the internet.

don't fucking use cloudfare

don't be mad, the average ni/g/ger doesn't understand how the internet works

here fren you may copy this so you dont have to egas

Attached: 1508017882644.jpg (1000x800, 61K)

>Cloudflare supports DNS over TLS on standard port 853 and is compliant with RFC7858.

Attached: 🤔.gif (468x237, 1.52M)

>site gets ddos'd out of nowhere
>a couple days later get an email from cuckflare niggers
hmmm.. really makes you tyhink

they paid me 50 dollarinos per week.

are you stupid?

youtube.com/watch?v=kqnvrjgyEMc

DNS queries are not fucking encrypted faggot.
Fuck off Jow Forums you queer.

brainlet.

I'll bait.
Where did you read that DNS queries are encrypted? Post sources faggot.

>DNS is pretty much completely unencrypted

>DNS queries are not fucking encrypted faggot.

>Where did you read that DNS queries are encrypted? Post sources faggot.

So this is Jow Forums?
Sad!

Attached: pfSense.png (1528x553, 73K)

oh and don't forgot a tinfoil hat. that is vital

cloudflare is already MITMing you on 80% of the sites you visit you dumb nigger

enough for your sorry ass to buy tendies and shitpost from daddies basement. i'm sure your parents are proud of you

can't use 1.1.1.1 right now because my ATT router and may others were using it for some reason

got 1.0.0.1 as primary for now, ipv6 works fine

oh really, you think my post didn't imply that you dumb faggot. how retarded actually are you?

they are dead, i live with my grandmother.

y-you can use 0's in ipv4 addresses?

DNS over TLS is not a fucking standard you fucking faggot.
Instead of sucking cloudflare's cock why don't you run your own DNS server and use DNScrypt?

→ cmon nigger.

why so angry gaylord.

I was going to use Cloudflare myself, but went with dnscrypt.eu-dk instead since it's usually not more than 1ms slower.

The samefagging is strong in this thread.

Being standard wasn't the question you goalmoving retard. Those tech illiterate retards didn't even know you can encrypt DNS traffic.

Not my concern, that's just how it is.

Attached: 2018-05-06_10-23-13.webm (1054x592, 1.23M)

192.168.0.x
10.0.0.1
Yep.

How do I read this? Is the Red bar the loading time for new websites, green for websites you have visited before, and then I don't know about the blue bar.

Attached: DNSBench_2018-05-06_16-29-24.png (596x472, 47K)

They are right, for DNS queries to be encrypted you need some special snowflake protocol.
Using cloudflare DNS is even more retarded than using ISP's DNS servers since you are leaking data two times instead of one.
DNS over TLS is not supported by a shit ton of stuff, that makes it unpractical to use and that is why having a standard is important.
If you are going through the hassle of setting up an half assed DNS server you might as well go all out and run a proper one on a raspi or something.

tl:dr use unbound + DNScrypt + OpenNIC if you are not a faggot.

>OpenNIC
>immediately means no DNSSEC

No, they are not right. DNS can be encrypted. No one specified you had to use defaults. I thought Jow Forums would be smart enough to know DNS isn't encrypted by default. The point is that DNS can easily be encrypted which those anons obviously didnt know.

Because many websites now use shit like AWS and Cloudflare where the IP of a site will change very frequently. Without a DNS query you have no concrete way of tracking which site of thousands the user may have been going to.

What DNS servers are you using?
Don't tell me cloudlfare because if you are leaking your whole browsing history DNSSEC should be the least of your worries.

You are the one who wrote DNS and DNS is not encrypted just like HTTP is not encrypted.
DNScrypt, DNS over TLS and so on are different protocols than DNS just like HTTPS is not HTTP.
You can't expect other people to know what's on your mind when you use the wrong word to refer to something.

>DNS over TLS is not a fucking standard
tools.ietf.org/html/rfc7858

How does that have anything to do with the fact that opennic immediately means no dnssec, unless you trust MIT.

>tools.ietf.org/html/rfc7858
It is like you can't even read the shit you are posting.
Top right of the page, there is a bold "PROPOSED STANDARD" writing.
Pic related in case you can't find it.

Answer to the question in the post you just quoted

Attached: Untitled.png (701x1029, 77K)

So you're basing your argument on something that won't even be true in a few months? Why do you care if it's a proposed standard or a finalized standard? It's being used in the real world already either way.

I am basing my argument on the fact that standards takes ages to get adopted.
Over and out, use cloudflare or whatever the fuck you want.
Have a nice day.

DNSSEC is not DNScrypt. Also I don't use Cloudflare, although I haven't seen any evidence of it leaking or being worse than unencrypted shit.

Would you have said the exact same thing about Google and Facebook five years ago?
>Google is awesome! They're the good guys, you're just paranoid lol.
>Facebook is a normie trap, but it's harmless.
How about law enforcement?
>The NSA is backdooring software and hacking domestic companies? Fucking tinfoil nutjobs, the NSA is only looking out for the security of the US.

I've learned to be very distrustful of anyone or anything with lots of money and power. Calling paranoia despite the evidence is just ignorance.

>standards takes ages to get adopt
This one in particular happens to be getting adopted fairly quickly. Regardless, the way the IETF marks it has little or nothing to do with adoption.
Look at the IETF RFC for the IRC protocol. It's still labeled "experimental" and not even on the standards track and yet it's been everywhere for decades.

If you don't trust encryption you might as well an hero.

>It's still labeled "experimental"
Maybe nobody told them?

But lots of sites don't use those services, and if someone were determined they could discover which IPs resolve to which sites on a fine grained enough timespan to do a statistical analysis of traffic and determine with some probability and confidence which sites you were visiting.

If you think this is complicated you're a brainlet. ISPs have been known to to some pretty deep analysis of traffic for marketing and to detect torrenting traffic, even when tunneled.

>ping 8.8.8.8
>42ms

>ping 1.1.1.1
>8ms

how the fuck? i think im gonna try this shit

This has nothing to do with encryption, and besides crypto is NOT a panacea! Cryptographic algorithms cover only one level of data privacy. Metadata about the communication are also important. Things like who you were talking to, how much talking happened, the timespan of the communication, etc.

Maybe you were talking to a friend about a cookie recipe, maybe it turns out this friend has a prior for drug dealing you didn't know about, maybe law enforcement are monitoring this connection and are looking for a reason to raid you.
Maybe they take your encrypted communication to a judge and tell them it's extremely likely you're coordinating drug trades. It doesn't matter that they don't actually believe it, it only matters that they could fool a judge into believing it.

Germanfag here. It's not faster. Google is faster (but still not fastest)

It depends. Popular normie sites/services/products will typically be on some cloud provider (AWS, Google Cloud, Azure, etc) that has elastic IPs and typically using a load-balancer in front of Kubernetes or whatever. So you are more than likely going to get routed to a different IP on almost every request. This is how they deal with millions of visitors per day or even hour.

Your niche websites that have only a couple hundred or thousand views a month will definitely only reside on one server. Whether that's run of the mill shared hosting or a VPS with a provider or even in someone's house.

In a way, it's almost easier to track the website usage of some niche site visitors than normie usage. However, the normie sites also have a ton of tracking regardless of what your ISP can do so sort of negates that.

>normie

>Hey how about you trust Americans with your DNS
How about fuck no

At least in America you dont go to jail for mean tweets like you EU cucks.

lmao keep trying to justify your shit with "but, but, surely you have it worse!" bullshit. Enjoy being spied on and having no privacy online while the EU just passed an extensive privacy legislation lol. And there's a reason anything privacy related should be considered compromised if they're US based

ok Ahmed

lmao I don't think US can say shit about that topic to Finland

>Not running your own local resolver utilizing DNSSEC and DANE/TLS-A
You're better than this!

Attached: 1524257683674.jpg (703x685, 151K)

netgate.com/blog/dns-over-tls-with-pfsense.html

Attached: Capture.png (892x740, 85K)

Oh look, another shill thread for cloudflare's man in the middle.

Every single fucking day you post this shit.

It doesn't, your ISP, and other ISP's, can see everything you do as you route through their hardware.

They're on your local network. Run while you can!

cry more faggot.

i use my own modem and router, bitch nigga

>Can it be trusted?

With what? They are gonna run analytics on your DNS and sell it to advertisers with larger datasets. Running your own DNS with an extended cache is not difficult. The registrars will still know when a domain was looked up but they can't tell how often you did. If you do this, you will still be fingerprintable since there aren't many people who do this.

There is something seriously wrong with you