Developer(s) | Cloudflare |
---|---|
Initial release | April 1, 2018[1] |
Stable release | |
Platform | Android, iOS, Linux, macOS, Windows |
Website | 1 |
1.1.1.1 is a free Domain Name System (DNS) service by the American company Cloudflare in partnership with APNIC.[7][needs update] The service functions as a recursive name server, providing domain name resolution for any host on the Internet. The service was announced on April 1, 2018.[8] On November 11, 2018, Cloudflare announced a mobile application of their 1.1.1.1 service for Android and iOS.[9] On September 25, 2019, Cloudflare released WARP, an upgraded version of their original 1.1.1.1 mobile application.[10]
The 1.1.1.1 DNS service operates recursive name servers for public use at the twelve IP addresses listed below.[11] These addresses are mapped to the nearest operational server by anycast routing.[12] The DNS service is also available for Tor clients.[13] Users can set up the service by manually changing their DNS resolvers to the IP addresses below. Mobile users on both Android and iPhone have the alternative of downloading the 1.1.1.1 mobile application, which automatically configures the DNS resolvers on the device.[14]
1.1.1.1 | 1.1.1.1 for Families | ||
---|---|---|---|
Filters domains | No[15] | Yes[16] | |
Passes ECS | No | ||
Validates DNSSEC | Yes | Yes | |
Via DoH | https://cloudflare-dns.com/dns-query[17] | https://security.cloudflare-dns.com/dns-query | https://family.cloudflare-dns.com/dns-query |
Via DoT | 1dot1dot1dot1.cloudflare-dns.com[18] or one.one.one.one | security.cloudflare-dns.com | family.cloudflare-dns.com |
Via IPv4 | 1.1.1.1 1.0.0.1 |
1.1.1.2 1.0.0.2 |
1.1.1.3 1.0.0.3 |
Via IPv6 | 2606:4700:4700::1111 2606:4700:4700::1001 |
2606:4700:4700::1112 2606:4700:4700::1002 |
2606:4700:4700::1113 2606:4700:4700::1003 |
1.1.1.1 is a recursive DNS resolver. Cloudflare runs an authoritative DNS resolver with a network of over 20 million Internet properties. With the recursor and the resolver on the same network, some DNS queries can be answered directly.[third-party source needed]
With the release of the 1.1.1.1 mobile application in November 2018, Cloudflare added the ability for users to encrypt their DNS queries over HTTPS (DoH) or TLS (DoT).[19] Later on, a VPN tunnel was implemented based on Cloudflare's own BoringTun, a user space implementation of WireGuard written in Rust.[20][21][22]
Technology websites noted that by using 1.1.1.1 as the IP address for its service, Cloudflare exposed misconfigurations in existing setups that violated Internet standards (such as RFC 1918). 1.1.1.1 was not a reserved IP address, yet was abused by many existing routers (mostly those sold by Cisco Systems) and companies for hosting login pages to private networks, exit pages or other purposes, rendering the proper routing of 1.1.1.1 impossible on those systems.[23][24] Additionally, 1.1.1.1 is blocked on many networks and by multiple ISPs because the simplicity of the address means that it was previously often used inappropriately for testing purposes and not legitimate use.[23] These previous uses have led to a huge influx of garbage data to Cloudflare's servers.[24]
The 1.0.0.0/8 IP block was assigned in 2010 to APNIC;[25] before this time it was unassigned space.[26] An unassigned IP space, however is not the same as a reserved IP space for private use (called a reserved IP address).[27] For example, AT&T has said it is working on fixing this issue[non sequitur][28] within its CPE hardware.
In September 2019, Cloudflare released a VPN service called WARP which is built into the 1.1.1.1 app.[29][30][14] WARP is based on Cloudflare's own WireGuard implementation written in Rust called BoringTun.[31] It tunnels the connection between device and nearest Cloudflare data center, increasing connection speed, encrypting data and DNS requests.[10] Connection speed gain is achieved by converting TCP to UDP traffic (both IPv4, IPv6 are supported), DNS resolution inside Cloudflare's network, direct access to sites which are using Cloudflare's infrastructure.[32]
As VPN exit points are located inside the nearest data center, WARP will not provide access to geo-restricted content. Additionally, users' real IP addresses will be revealed to Cloudflare's CDN clients, so WARP cannot be considered an anonymity measure.
WARP+ routes users' internet traffic into less congested pathways using Cloudflare's own private backbone called Argo, which makes it much faster than basic WARP. WARP+ is a limited data plan, to get more data to use WARP+, users must refer more people to use the service.[10][30][33]
WARP+ Unlimited is a paid monthly subscription service to secure more data to use for WARP+ without any data limits.[30][33]