Free DNS provider Cloudflare recently released a brand-new app for iOS and Android, “220.127.116.11,” that makes it incredibly easy to route all of your device’s DNS requests through the service’s speedy servers, not your ISP’s (likely slower) servers. In other words, this should make your web browsing feel faster. Better still, Cloudflare says it doesn’t store any data about what you’re browsing—unlike your ISP, potentially. What’s not to love about that?
The app, free to install and use, comes with one minor hangup. Cloudflare CEO Matthew Prince teased the issue in a response to a blog comment a few days ago:
“iOS, unfortunately, only allows you to set DNS settings on a per-WiFi-network basis. That means, you need to set your DNS settings for each WiFi network. And, even if you do that, it won’t cover you when you’re using your cellular provider. Moreover, while 18.104.22.168 is fast and more privacy respecting, iOS, by default, does not support encrypted DNS (either DNS over TLS or DNS over HTTPS). The only way to support 22.214.171.124 across all networks *and* to add encrypted DNS support was to setup a VPN profile. We’re hopeful that both iOS and Android will provide more flexibility in the future but, for now, that was the only technical way to make it work. Note: we are only proxying DNS traffic via the VPN. Non-DNS traffic is not routed through the VPN.”
If you haven’t caught on, here’s the problem: By running the Cloudflare app, which installs a VPN profile on your device, you’re removing your ability to use an actual VPN when you’re on the go. This isn’t that big of a deal if you spend most of your day on your home or work wifi—or if you’re browsing the web via your cellular connection—but I’d definitely recommend using a VPN if you’re killing time at Starbucks and, say, checking your bank account balances.
I also think Cloudflare’s app is a must-have for your iOS or Android devices. (I switched my various devices and computers to Cloudflare’s speedy DNS the moment the company launched it.) How do you best balance the security of a VPN with the speed and privacy of a new DNS service? You have a two options:
Switch between Cloudflare’s app and your VPN
Screenshot: David Murphy
I use NordVPN, which means that I have to fire up a little iOS app and pick a server whenever I want to trigger it. Since Cloudflare’s 126.96.36.199 app is also standalone software (with an on/off switch), it’s not that difficult to use one or the other whenever you need it.
I’ll probably default to keeping Cloudflare’s app enabled all the time, and just remember that I have to turn it off before enabling my actual VPN—which I don’t tend to need that often.
Set up Cloudflare’s DNS manually on your device
You don’t have to use Cloudflare’s app to benefit from its free, public DNS resolver. If you’re on iOS, you’ll have to set up a manual DNS entry for each wifi network you want to use Cloudflare’s DNS with—and you won’t be able to use it when browsing on your cellular network. Still, you’ll get the basic benefits of Cloudflare’s service on your most-used wifi networks, save for secure DNS transports, and you’ll be able to use your separate VPN whenever you need it for extra security.
Some Android users have it a little easier. If you aren’t on Android 9 Pie, you’ll have to do the same thing as your iOS peers—modifying the DNS settings for each wifi network you connect to.
Android Pie users—owners of Pixels, Essentials, and OnePlus smartphones, for example—can make use of Google’s new Private DNS feature to route all DNS queries (on wifi and cellular connections) through Cloudflare. As an added bonus, this also encrypts your DNS queries so they remain private, as Cloudflare describes:
“This new feature simplifies the process of configuring a custom secure DNS resolver on Android, meaning parties between your device and the websites you visit won’t be able to snoop on your DNS queries because they’ll be encrypted. The protocol behind this, TLS, is also responsible for the green lock icon you see in your address bar when visiting websites over HTTPS. The same technology is useful for encrypting DNS queries, ensuring they cannot be tampered with and are unintelligible to ISPs, mobile carriers, and any others in the network path between you and your DNS resolver. These new security protocols are called DNS over HTTPS, and DNS over TLS.”
Can I trust Cloudflare?
When you route your traffic somewhere else—either to a third-party DNS resolver or a VPN service—there’s no guarantee that the company on the other end isn’t keeping tabs on what you do.In fact, some have already criticized Cloudflare’s app for storing temporary logs of your DNS requests on your device.
If this bothers you, or Cloudflare itself bothers you, you have plenty of other options. I recommend investigating an app like DNSCloak (iOS), DNS Changer (Android), or the other DNS Changer (Android), which give you similar functionality, but lets you use any DNS service you want.
(My advice? Grab Namebench and see what’s speedy near you. If you’re comfortable with the service, be it Cloudflare, Google, OpenDNS, or whatever, switch on over.)