This week Panera Bread, the national franchise website was hacked. Names, addresses (email and physical), birthdays and credit cards were being leaked onto the internet. In total, it appears more than 7 million online accounts were impacted. Couple week prior, Facebook Cambridge Analytica data misuse scandal affected “substantially” more than 50 million users.
In 2017 Equifax was hit with a cyberattack and 150 million people who's personal information was compromised. Local city Government websites are shutting down left and right, people can't pay bills or request local help. When will this stop? Are we really safe online? How can I protect myself and my website from hackers these days? Well there is some good news on the horizon, but it's going to take some diligence on your part to stay safe. You will need to do a couple things to stay safe. Scroll down to the bottom for my best tips to protect your browsing and your website safe!
Good News, Cloudflare is here to save the day!
On April 1, 2018 cloudflare released their new DNS service 1. 1. 1. 1. That's four ones with dots in between. This is no April Fool's Day joke. You can read all about it on the Cloudflare blog. Cloudflare stated that even though it was a Sunday and it was Easter Passover weekend and it was April Fool's Day there was just no better day to announce 18.104.22.168. DNS service.
What is this exactly you ask? 22.214.171.124 is a public DNS server used for translating domain names into internet addresses. But it;s not just any DNS Server. It the fastest and safest. You see computers work with numbers but humans have a hard time remembering numbers, so names work best that's why this DNS was created in the first place. For those of you that don't know, a DNS service is a domain name system. You can think of DNS servers like phone books for the internet. You make a request for something like google.com or facebook.com and that has to correlate to a place called an IP address which is a number. An IP address is a way for computers to communicate with each other over the internet. So that DNS server will respond with what the IP addresses for that domain. What Cloudflare launched specifically was a DNS server.
Your Internet Service Provider selling your data? Nah..Yes.. What?
Most ISP's like AT&T, Verizon, Comcast, provide their own DNS servers by default. So whenever you hook up your modem in your router you receive DNS servers from them and you connect to them and all your requests go through that ISP. Over the years Google has has created very popular DNS servers like 8. 8. 8. 8 and 126.96.36.199, a very popular alternative option. If you have the new Google Wi-Fi, those come pre enabled by default instead of using your ISP's. ISP stands for Internet service providers for those of you that don't know what that is.
Feel better knowing Cloudflare DNS will never sell your data
Now Cloudflare launched their own DNS server which is 1. 1. 1. 1. The best part is they won't keep your browsing data and will not ever sell it. You will get a boost in your speed as well, depending on your location. You can go to your web browser and type in 188.8.131.52 and it will load a DNS server page for you with a full explanation about what it is and how to install it. Cloudflare has been in the market of securing the web and helping create a better internet for everybody for years now. Mostly for business applications and network engineering but recently at the consumer level. I've been using Cloudflare for several years now for clients websites for both https security as well as a Content Delivery Network. Cloudflare does this via your domain name system. Also Cloudflare's enterprise-class internet application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests. Oh, have you checked your website to see if it secure? Does it have a https secure seal?
Two Main Reasons to Use Cloudflare Now
The main reasons why you might want to change your DNS server away from your current ISP is 2 fold. One for security and 2nd for speed. You see when you use any ISP and you make a request online, you use that that digital phone book to look up a website. Your ISP DNS servers respond to that request. All of those requests get logged. Now they got you and they can do anything they want with that data Which means any ISP you are using can take that data and sell it for marketing. They can use it to target you as well. Another worse case scenario is any ISP can throttle your internet depending on the site you're accessing. So setting up a DNS servers a great first step to getting around those things. If you're wanting Total Protection on the internet and you're wanting to make sure that nobody can see who you are talking to, you need to add additional services. Get a VPN and or use Google Canary browser. Out of all the web browsers I do recommend canary and Microsoft Edge. I have been using Canary this week and I like it a lot. Combine Cloudflare with Canary and a VPN and you have top of the line security available today. Plus you will be super fast too. See comparison below of the top fastest DNS servers. Notice how Google is not even in the top.
Screenshot below is from DNSPerf.com list of public DNS resolvers which you can check yourself.
1. 1. 1. 1 is now the number one fastest DNS server . As you can see from the chart above Google doesn't even make this list in the top 10. At least in the world location last 30 days. Given that they just launched this yesterday there isn't a heck of a lot of traffic or usage on their system so I'd be curious to see where they stand in about 6 months. But for now they're super fast. Security is another issue with traditional DNS servers DNS standards were built like 35 years ago and it wasn't designed with security or privacy in mind. Cloudflare is trying to push into the future with this new DNS service at lunch and they are supporting both DNS over TLS and DNS over https open standards. Now neither of these Open Standards are widely used yet but we should see more adoption coming in the years to come. One more pretty big advantage to using one Safari one more pretty big advantage to using 1. 1. 1. 1 since that Cloudflare DNS resolver is integrated with cloudflare Services there's no DNS time to live expiration for cloudflare enabled websites. So basically in most cases when you make a change to websites IP address or even the IP address of one node in a load balance group of websites are lodowce group of IP addresses, you have to wait for the DNS time to live to expire and then propagate that change out to all other DNS resolvers around the world. Back in the olden days we used to say that it takes 24 hours for DNS to fully propagate. Now it's usually within an hour or faster but if you are using 1. 1. 1. 1 and you make a change to a cloudflare hosted website that change is instant. So we're talking about millions of websites here and listen to make it pretty significant difference. If you are using 184.108.40.206 to resolve DNS and you're heading to a website that also uses Cloudflare, any changes they make are instantaneously available to your own DNS.
Google DNS Server 220.127.116.11 and/or 18.104.22.168.
Other DNS services like this already exists. The most common being Google's 22.214.171.124 DNS server and level threes 126.96.36.199 server. In comparison to Cloudflare it is slower. Also Cloudflare service is primarily known as a CDN or content delivery Network. Essentially Cloudflare's main business is to geographically distribute websites and other internet application and to provide services such as routing, caching, firewall, load balancing and DDOS mitigation. 15 to 20 years ago you had to pay $20,000 -$30,000 for this hardware. Every couple of years you had to order new load balancers from F5 or netscaler in order to provide the same services. Now I can simply turn on Cloudflare with my hosting account and I get all of those same services. So needless to say Cloudflare does have a lot of DNS experience they've been doing this for years and over the years their services have become cheaper and cheaper.
Back in 2014 they enabled encryption for all customers and then last year I've been able to DDOS mitigation for everyone. DDOS being distributed denial-of-service. As an alternative to the DNS Services provided to you by your local ISP they created the 188.8.131.52 DNS.
DNS is an old protocol and like most of the internet in general, it was not designed with your privacy in mind. It's not that it was designed to spy on you, it is used to easily spy on you because it was just not designed with privacy in mind. DNS censorship is definetly a problem. Cloudflare started this project after they started noticing a lot of censorship happening in the world such as in 2014 when the Turkish government blocked Twitter after recordings showing the government corruption scandal leaked online.
In 2014 Turkey blocked DNS in their country and people would spray paint 184.108.40.206 on many buildings, which is Google's DNS provider, which you could get access to sites like Twitter. Even today Turkey has blocked Cloudflare's DNS. Any country that support censorship, they are going to block these servers. Cloudflare does support DNS Sac. Cloudflare also has a very robust network with over 149 data centers. Pretty much all over the place with many big portal sites already using their CDN ( content delivery netowork ). The great part here is Cloudflare is working on DNS over https.
Why should I use Cloudflare for my business website?
As mentioned before, for two main reasons, security and speed. The cluprit is usually not https websites and wordpress plugins.
Just recently I did a site audit for a client and I stumbled upon a Real Estate competitor website which got hacked. The owner had no idea. The site was being used to promote various diet pills and scams.
The website was not ranking organically for keywords related to Real Estate. Long story short the site did not have a https fully enabled security certificate. I run into this daily. If you do not have https, I highly recommend Cloudflare for the https installation and now for their CDN. If you have a site and need help securing it let me know.
More Benchamark tests
Cloudflare comes out on top for speed. So they aren't lying about the speed here. They're an average of .01 millisecond for a cache name .045 and .025 on lookups. Really impressive. Now this is going to be subjective as I mentioned before from where you're at. The difference in speed you're going to see based on different areas, that's going to happen. Just so you know there using point to presence. So point to presence means 1.1.1 isn't a geographically pinned IP address so it's not like that servers located in one place. That server, because of their content delivery network is so big they're able to give points of presence wherever is geographically close. Cloudflare has all those data centers listed on there if you want to find out where the closest server to you is. You're actually able to use this DNS resolver not just locally for good speed but if you're in California, if you're in Europe if you're in Germany if you're any where that this isn't blocked, they have a point of presence closer to you than one single server. So it doesn't have to traverse as much. This is the same server methodology used by other companies as well
You're going to get some speed variation from time to time depending on your location. Many people ask about filtering. So far no websites have been found where Cloudflare DNS did not resolve.
If you ever did find a website which was not resolving, it's easy enough to go look up with a resolver against other DNS. I haven't had any that failed to resolve. I don't have the best testing methodologies besides benchamark test I used here. This at least gives you an idea. Cloudflare claims to keep logs very brief. In fact less than 24 hours. This doesn't foolproof 100% your security online or invisibility on the internet but it is still going to be way way better than using your ISP's internet. So that extra layer of protection there is a great thing. Also Cloudflare is working on the whole DNS over HTTPS. I know there's some availability with some plug-ins for that right now. That's great becasue it would hide some of your DNS. Be sure to use the web browsers recommended here in this article.
How can you try out 220.127.116.11 ?
Here is a video
If you are using Windows 10
Step 1. Click on the Start menu, then click on Control Panel.
Step 2. Click on Network and Internet.
Step 3. Click on Change Adapter Settings.
Step 4. Right click on the Wi-Fi network you are connected to, then click Properties.
Step 5. Select Internet Protocol Version 4 (or Version 6 if desired).
Step 6. Click Properties.
step 7. Write down any existing DNS server entries for future reference.
Step 8. Click Use The Following DNS Server Addresses.
Step 9. Replace those addresses with the 18.104.22.168 DNS addresses:
For IPv4: 22.214.171.124 and 126.96.36.199
Step 10 Click OK, then Close
Step 11. Restart your browser and enjoy!
There are many operating systems out there so be sure to pick the one for your install.
If you want to speed up your internet, get ddos protection, have a safe web browsing experience, and believe net neutrality, Cloudflare is the place to be.