Improving Privacy and Performance via DNS

Posted on: 2018-05-06

I saw a Linus Tech Tips You Tube video yesterday for speeding up your internet. I was somewhat skeptical... but it turned out what the piece is really about is Cloudflares new DNS service.

DNS or domain name system, is one of the mains mechanisms of how text you type into the bar of your browser gets turned into something your computer can use to actually do something. More specifically it turns a domain name like 'google.com' or 'amazon.com' into an IP address - in effect a large number that identifies a computer on the internet.

Typically DNS is handed off to your ISP provider via how your router is configured. The trouble is that it seems not only are the ISP provided DNS servers very slow - they also store all the sites you have looked up associated with your IP address. As the ISP knows where you live, and may be able to identify requests from specific machines. They can and do sell this information on - to advertisers at a minimum and who knows who else.

The slowness of the ISPs DNS service is a known problem, and so some other companies have made their own services available. Google provides such a service and is promoted on being significantly faster than ISPs. I haven't used it because googles business model is to capture as much data about users of the internet - such as it can exploit it and that seems to typically lead to attempts to exploit you. So it's the same sort of privacy problem as with the ISPs, with the only advantage that it's not as slow.

This is not cloudflares business model, and it claims it only stores logs for less than 24 hours for diagnosing problems, and never stores the information to disk. So assuming this is all true, it is great news. Moreover their service seems to be substantially faster than even google.

Note that if you have a VPN, you probably should be using the VPN services DNS service. The VPN companies business model is specifically about protecting your privacy. There might be an argument for using cloudflares so as not relying so much on VPN service - as it would be a way to not rely solely on a single entity. I'm not sure that is super compelling argument and so I have just stuck with the DNS of my VPN provider when using VPN.

Anyway if you are like me you have some machines behind VPN and others not - such as the set top box I use for netflix streaming. Making systems that are not behind the VPN use Cloudflares service seems like a double win - much better privacy and performance!

If you are somewhat technical the best place to do this is in the configuration of your router. Typically that's as simple as logging into your routers web interface - and setting your primary DNS server to be and your secondary to Once you have done this you may wonder how to check if your change is working? You can use DNS leak test, click on 'standard test', and you should see the servers appear as ISP 'Cloudflare'. You can also use this to check VPN is not using your ISPs DNS.

Yesterday I took 10 mins and configured my router to use Cloudflare DNS. It was easy to do and seems to work nicely. Is it significantly faster? For me it's hard to say, because most of the time I'm behind the VPN and using the VPNs DNS. When I purposefully tested it - by going to hacker news without VPN and clicking a few articles -  it does indeed seem snappier.