How to Manage the New Cloudflare DNS App
Free the DNS-provider Cloudflare recently released a brand new app for iOS and All Android «1.1.1.1», which is incredibly easy routing of the DNS-requests your device through the fast service servers , rather than through a server of your ISP (probably slower). In other words, it should make your web browsing faster. What’s more, Cloudflare states that it does not store any data about what you are browsing, unlike your ISP possibly. What’s not to like about it?
The app, which can be installed and used for free, comes with one minor freeze. Cloudflare CEO Matthew Prince teased the issue in response to a blog comment a few days ago:
“IOS unfortunately only allows you to set DNS settings for each WiFi network. This means that you need to set DNS settings for each Wi-Fi network. And even if you do, it won’t cover you when you use your cellular carrier. Moreover, while version 1.1.1.1 is faster and more confidential, iOS does not support encrypted DNS by default (DNS over TLS or DNS over HTTPS). The only way to support 1.1.1.1 on all * and * networks to add encrypted DNS support is by setting up a VPN profile. We hope both iOS and Android will provide more flexibility in the future, but for now this has been the only technical way to make it work. Note: we only proxy DNS traffic over VPN. Non-DNS traffic is not routed through the VPN. “
In case you don’t get it, here’s the problem: By running the Cloudflare app, which installs a VPN profile on your device, you are deprived of the ability to use a real VPN when you are on the go. It doesn’t really matter if you spend most of your day on your home or work Wi-Fi – or if you surf the Internet over your cellular – but I definitely recommend using a VPN if you’re killing time at Starbucks and, say, checking the balance on your bank account.
I also believe the Cloudflare app is a must for your iOS or Android devices. (I switched my various devices and computers to Cloudflare’s fast DNS the moment the company launched it.) What’s the best way to balance VPN security with the speed and privacy of the new DNS service? You have two options:
Switch between the Cloudflare app and your VPN
I use NordVPN, which means I have to launch a small iOS app and choose a server when I want to launch it. Since the Cloudflare 1.1.1.1 app is also standalone software (with an on / off switch), it’s not hard to use one or the other when you need it.
I’ll probably keep the Cloudflare app on at all times by default, and just remember that I need to turn it off before turning on my real VPN, which I usually don’t need.
Configure Cloudflare DNS manually on your device
You don’t need to use the Cloudflare app to take advantage of its free public DNS resolver. If you are using iOS, you will have to manually set up a DNS record for each Wi-Fi network you want to use Cloudflare DNS with, and you will not be able to use it when browsing on your cellular network. However, you get the main benefits of Cloudflare on the most used Wi-Fi networks, aside from secure DNS transport , and you can use a separate VPN when you need it for added security.
For some Android users, this is a little easier. If you don’t have Android 9 Pie, you’ll have to do the same as your iOS counterparts – change your DNS settings for every Wi-Fi network you connect to.
Android Pie users – such as Pixels, Essentials and OnePlus smartphone owners – can use Google’s new Private DNS feature to route all DNS requests (over Wi-Fi and cellular) through Cloudflare. As an added bonus, it also encrypts your DNS requests to keep them private, as Cloudflare describes:
“This new feature simplifies the process of setting up a custom secure DNS resolver on Android, which means the parties between your device and the websites you visit won’t be able to track your DNS requests because they will be encrypted. The underlying protocol, TLS, is also responsible for the green padlock icon that you see in the address bar when you visit websites over HTTPS. The same technology is useful for encrypting DNS requests, ensuring that they cannot be altered or misunderstood by ISPs, mobile operators, and anyone else in the network path between you and your DNS resolver. These new security protocols are called DNS over HTTPS and DNS over TLS. “
Can I Trust Cloudflare?
When you redirect your traffic elsewhere – to a third-party DNS resolver or VPN service – there is no guarantee that the company on the other end is not monitoring what you are doing. Moreover, some have already criticized the Cloudflare app. to store temporary logs of your DNS queries on your device.
Whether you are worried about this, or about Cloudflare itself, you have a variety of other options. I recommend looking into an app like DNSCloak (iOS), DNS Changer (Android), or another DNS Changer (Android), which gives you similar functionality but allows you to use whatever DNS service you want.
(My advice? Take Namebench and see what’s coming soon . If you like the service, be it Cloudflare, Google, OpenDNS or whatever, turn it on.)