The new DNS servers provided by Cloudflare the Sunday: and promised to increase it speedς καθώς και περισσότερη ασφάλεια στα προσωπικά μας δεδομένα είναι ουσιαστικά ένα πείραμα που διεξάγεται σε cooperation with the Asia Pacific Network Information Center (APNIC from the Asia Pacific Network Information Centre).
The experiment aims to improve DNS in performance, security, and privacy.
"We depend on the integrity of the DNS, but the details of how the services work remain opaque," said APNIC project manager Geoff Huston. a publication.
"We know that DNS is being used for malicious denial of service (DDoS) attacks, and we're trying to figure out if there's more we can do to stop such attacks. DNS services are based on caching but we are not yet sure how well it performs… ”
Huston, a Hall of Fame champion on the Internet, has been working for many years with DNS srvers and supports the specific experiment that promises to improve DNS resiliency against DDoS attacks.
The Cloudflare-APNIC experiment uses two addresses IPv4, 1.1.1.0 / 24 and 1.0.0.0 / 24, which are committed to research use. Cloudflare's new DNS uses two of these addresses: 1.1.1.1 and 1.0.0.1.
These addresses were originally referred to as "dark traffic addresses" and a few years ago APNIC partnered with Google to analyze all the unwanted traffic it received.
"Our initial work showed that the management was attracted to unusually large amounts of malicious traffic. At the time we were researching it with Google, it was over 50 gigabits per second. "
So by experimenting with Cloudflare using the same addresses as public DNS, APNIC records both the noise and the traffic of DNS - or at least "a certain percentage" of them, for research purposes.
Huston has pointed out that APNIC intends to protect the privacy of users.
Please note that IP 1.1.1.1 is intended for research use only, in the Cloudflare-APNIC experiment. But as it seems before the new one works well service, revealed that many operating systems use it for various malicious hacks that violate basic Internet routing standards.
For the truth, see the following tweets:
1.1.1.1 is used by Fortinet VPN as the virtual endpoint so doesn't work when my VPN is running 🤦🏼♂️
- Chris Wiggins (@chriswigginsnz) April 3, 2018
https://twitter.com/leojloke/status/981323146446942208
https://twitter.com/billplein/status/981307410643148801
I just got a DM confirming this behavior. There's nothing more permanent than a stupid hack. https://t.co/u8yB8yLaUF
- SwiftOnSecurity (@SwiftOnSecurity) April 3, 2018
At present, Mr Huston is not reported to have analyzed the traffic to find out how much trash is circulating with this experiment, but he said the traffic is getting too many gigabits per second.
So if you're one of those who are testing the new service, it's good to wait a bit until it stabilizes. Besides, you may already have seen slow speeds, although it was completely promising.