1.1.1.1 Mod Vip

[Melissa Hassel]

NoCloudflare deeply believes in the value of free, fast, and private DNS and intends to provide the 1.1.1.1 DNS service for the forseeable future. Warp is an additional feature which augments our mobile apps but will always remain optional.

1.1.1.1 is a free Domain Name System (DNS) service by the American company Cloudflare in partnership with APNIC.[7][needs update] The service functions as a recursive name server, providing domain name resolution for any host on the Internet. The service was announced on April 1, 2018.[8] On November 11, 2018, Cloudflare announced a mobile application of their 1.1.1.1 service for Android and iOS.[9] On September 25, 2019, Cloudflare released WARP, an upgraded version of their original 1.1.1.1 mobile application.[10]

The 1.1.1.1 DNS service operates recursive name servers for public use at the twelve IP addresses listed below.[11] These addresses are mapped to the nearest operational server by anycast routing.[12] The DNS service is also available for Tor clients.[13] Users can set up the service by manually changing their DNS resolvers to the IP addresses below. Mobile users on both Android and iPhone have the alternative of downloading the 1.1.1.1 mobile application, which automatically configures the DNS resolvers on the device.[14]

1.1.1.1 is a recursive DNS resolver. Cloudflare runs an authoritative DNS resolver with a network of over 20 million Internet properties. With the recursor and the resolver on the same network, some DNS queries can be answered directly.[third-party source needed]

With the release of the 1.1.1.1 mobile application in November 2018, Cloudflare added the ability for users to encrypt their DNS queries over HTTPS (DoH) or TLS (DoT).[19] Later on, a VPN tunnel was implemented based on Cloudflare's own BoringTun, a user space implementation of WireGuard written in Rust.[20][21][22]

Technology websites noted that by using 1.1.1.1 as the IP address for its service, Cloudflare exposed misconfigurations in existing setups that violated Internet standards (such as RFC 1918). 1.1.1.1 was not a reserved IP address, yet was abused by many existing routers (mostly those sold by Cisco Systems) and companies for hosting login pages to private networks, exit pages or other purposes, rendering the proper routing of 1.1.1.1 impossible on those systems.[23][24] Additionally, 1.1.1.1 is blocked on many networks and by multiple ISPs because the simplicity of the address means that it was previously often used inappropriately for testing purposes and not legitimate use.[23] These previous uses have led to a huge influx of garbage data to Cloudflare's servers.[24]

The 1.0.0.0/8 IP block was assigned in 2010 to APNIC;[25] before this time it was unassigned space.[26] An unassigned IP space, however is not the same as a reserved IP space for private use (called a reserved IP address).[27] For example, AT&T has said it is working on fixing this issue[non sequitur][28][better source needed] within its CPE hardware.

In September 2019, Cloudflare released a VPN service called WARP which is built into the 1.1.1.1 app.[29][30][14] WARP is based on Cloudflare's own WireGuard implementation written in Rust called BoringTun.[31] It tunnels the connection between device and nearest Cloudflare data center, claiming to increase connection speed, encrypting data and DNS requests.[10] Connection speed gain is claimed to be achieved by converting TCP to UDP traffic (both IPv4, IPv6 are supported), DNS resolution inside Cloudflare's network, and direct access to sites which are using Cloudflare's infrastructure.[32]

WARP+ routes users' internet traffic into less congested pathways using Cloudflare's own private backbone called Argo, which makes it much faster than basic WARP. WARP+ is a limited data plan, to get more data to use WARP+, users must refer more people to use the service.[10][30][34]

DNS is the directory of the Internet. Whenever you click on a link, send an email, open a mobile app, often one of the first things that has to happen is your device needs to look up the address of a domain. There are two sides of the DNS network: Authoritative (the content side) and Resolver (the consumer side).

Every domain needs to have an Authoritative DNS provider. Cloudflare, since our launch in September 2010, has run an extremely fast and widely-used Authoritative DNS service. 1.1.1.1 doesn't (directly) change anything about Cloudflare's Authoritative DNS service.

On the other side of the DNS system are resolvers. Every device that connects to the Internet needs a DNS resolver. By default, these resolvers are automatically set by whatever network you're connecting to. So, for most Internet users, when they connect to an ISP, or a coffee shop wifi hot spot, or a mobile network then the network operator will dictate what DNS resolver to use.

But privacy concerns extend far beyond just ad targeting. Cloudflare operates Project Galileo to protect at no cost politically or artistically important organizations around the world from cyber attack. Through the project we protect groups like LGBTQ organizations targeted in the Middle East, journalists covering political corruption in Africa, human rights workers in Asia, and bloggers on the ground covering the conflict in Crimea. We're really proud of the project and we're really good at stopping cyber attacks launched at its participants.

But it's been depressing to us to watch all too frequently how DNS can be used as a tool of censorship against many of the groups we protect. While we're good at stopping cyber attacks, if a consumer's DNS gets blocked there's been nothing we could do to help.

In March 2014, for instance, the government of Turkey blocked Twitter after recordings showing a government corruption scandal leaked online. The Internet was censored by the country's ISP's DNS resolvers blocking DNS requests for twitter.com. People literally spray painted 8.8.8.8, the IP of Google's DNS resolver service, on walls to help fellow Turks get back online. Google's DNS resolver is great, but diversity is good and we thought we could do even better.

We began talking with browser manufacturers about what they would want from a DNS resolver. One word kept coming up: privacy. Beyond just a commitment not to use browsing data to help target ads, they wanted to make sure we would wipe all transaction logs within a week. That was an easy request. In fact, we knew we could go much further. We committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours.

Cloudflare's business has never been built around tracking users or selling advertising. We don't see personal data as an asset; we see it as a toxic asset. While we need some logging to prevent abuse and debug issues, we couldn't imagine any situation where we'd need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we're doing what we said we would.

The one thing that was left was we needed a pair of memorable IPs. One of the core reasons for the DNS system is that IPs aren't very memorable. 172.217.10.46 isn't nearly as memorable as Google.com. But DNS resolvers inherently can't use a catchy domain because they are what have to be queried in order to figure out the IP address of a domain. It's a chicken and egg problem. And, if we wanted the service to be of help in times of crisis like the attempted Turkish coup, we needed something easy enough to remember and spraypaint on walls.

We reached out to the team at APNIC. APNIC is a Regional Internet Registery (RIR) responsible for handing out IPs in the Asia Pacific region. It is one of five RIRs that manage IP allocation globally, the other four being: ARIN (North America), RIPE (Europe/Middle East), AFRINIC (Africa), and LACNIC (South America).

APNIC's research group held the IP addresses 1.1.1.1 and 1.0.0.1. While the addresses were valid, so many people had entered them into various random systems that they were continuously overwhelmed by a flood of garbage traffic. APNIC wanted to study this garbage traffic but any time they'd tried to announce the IPs, the flood would overwhelm any conventional network.

We talked to the APNIC team about how we wanted to create a privacy-first, extremely fast DNS system. They thought it was a laudable goal. We offered Cloudflare's network to receive and study the garbage traffic in exchange for being able to offer a DNS resolver on the memorable IPs. And, with that, 1.1.1.1 was born.

The only question that remained was when to launch the new service? This is the first consumer product Cloudflare has ever launched, so we wanted to reach a wider audience. At the same time, we're geeks at heart. 1.1.1.1 has 4 1s. So it seemed clear that 4/1 (April 1st) was the date we needed to launch it.

We justified it to ourselves that Gmail, another great, non-fictional consumer service, also launched on April 1, 2004. Of course, as Cloudflare's PR team has repeatedly pointed out to me in the run up to launch, the Gmail launch day was a Thursday and not on Easter. Nearly every media briefing I did this week ahead of the launch the reporter made me swear that this wasn't a joke. And it's not. I swear. And the best way to prove that is go to 1.1.1.1, follow the instructions to set it up, and see for yourself. It's real. And it's awesome.

The answer to why we built the service goes back to our mission: to help build a better Internet. People come to work at Cloudflare every day in order to make the Internet better, more secure, more reliable, and more efficient. It sounds cheesy, but it's true.

When, in 2014, we decided to enable encryption for free for all our customers a lot of people externally thought we were crazy. In addition to the technical and financial costs, SSL was, at the time, the primary difference between our free and paid service. And yet, it was a hard technical challenge, and clearly the right thing to do for the Internet, so we did it. And, in one day, we doubled the size of the encrypted web. I'm proud of the fact that, three and a half years later, the rest of the industry is starting to follow suit. The web should have been encrypted from the beginning. It's a bug it wasn't. We're doing what we can do to fix it.

3a8082e126