The Cloudflare Blog

Subscribe to receive notifications of new posts:

Encrypting DNS end-to-end

2018-12-21

Irtefa

1 min read

Over the past few months, we have been running a pilot with Facebook to test the feasibility of securing the connection between 1.1.1.1 and Facebook’s authoritative name servers. Traditionally, the connection between a resolver and an authoritative name server is unencrypted i.e. over UDP.

In this pilot we tested how an encrypted connection using TLS impacts the end-to-end latency between 1.1.1.1 and Facebook’s authoritative name servers. Even though the initial connection adds some latency, the overhead is amortized over many queries. The resulting DNS latency between 1.1.1.1 and Facebook’s authoritative name servers is on par with the average UDP connections.

To learn more about how the pilot went, and to see more detailed results, check out the complete breakdown over on Code, Facebook's Engineering blog.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

1.1.1.1 DNS Resolver Speed & Reliability TLS

Follow on X

Cloudflare|@cloudflare

April 01, 2025 2:00 PM

“You get Instant Purge, and you get Instant Purge!” — all purge methods now available to all customers

Following up on having the fastest purge in the industry, we have now increased Instant Purge quotas across all Cloudflare plans. ...

Cache, Speed & Reliability, Performance, Cache Purge

February 27, 2025 2:00 PM

Some TXT about, and A PTR to, new DNS insights on Cloudflare Radar

The new Cloudflare Radar DNS page provides increased visibility into aggregate traffic and usage trends seen by our 1.1.1.1 resolver...

1.1.1.1, Radar, DNS, Resolver, DNSSEC, DoH, Traffic

February 07, 2025 8:13 PM

Resolving a Mutual TLS session resumption vulnerability

Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different...

Vulnerabilities, WAF, Zero Trust, SASE, TLS, Network Services

February 04, 2025 2:00 PM

No hallucinations here: track the latest AI trends with expanded insights on Cloudflare Radar

Today, we are launching a new dedicated “AI Insights” page on Cloudflare Radar that incorporates this graph and builds on it with additional metrics....

David Belson

AI, Radar, Bots, Workers AI, 1.1.1.1, Traffic