Cloudflare DNS Issues & DNS Suggestions

What is everyones thoughts on using Cloudflare as your DNS provider? I saw this in the privacytoolsIO GitHub, what are your thoughts?

I have a lot of sensitive users that I want to issue out good, privacy respecting DNS on their networks and I need to know if I should stay away from Cloudflare.

My other options are
DNS.Watch https://dns.watch/
OpenNIC Servers https://www.opennic.org/
UncensoredDNS https://blog.uncensoreddns.org/

Edit: Now Quad9 is on the top of my list.

I prefer quad9 simple because they block some malicious sites and their privacy policy is better than Cloudflare’s.
You can also setup both Firefox and Bromite to use quad9.

1 Like

How does Quad9 compare to DNS.Watch, OpenNIC and UncensoredDNS in terms of privacy and security?

Edit: I do like what Quad9 says about privacy and security.

Also, I agree with what a Quad9 chairman said about their DNS and hosting your own resolver.

1 Like

you think quad9 is comparable to dnswatch/opennic in terms of privacy?

I don’t know, that’s what I was hoping to get answered.

I view them as too big so I will exclude them from my dnscrypt-proxy when the Debian version is upgraded to support that.

I don’t feel like returning this topic more deeply again, but I think I can shortly say that there is a problem and in this comment I documented how I moved away from Cloudflare.

Quad9 privacy policy says that they are collecting some anonymized data, dns.watch says that they don’t log (and I didn’t see a privacy policy) and I don’t think they can be compared to OpenNIC, because I have understood OpenNIC to not run all the servers by themselves and individual servers have different policies.

Personally I am currently using Quad9 as Firefox trusted recursive resolver in order to benefit from eSNI and to not use Cloudflare.

network.security.esni.enabled;true
network.trr.bootstrapAddress;149.112.112.112
network.trr.mode;2
network.trr.uri;https://dns.quad9.net/dns-query
3 Likes

Thank you @Mikaela, that helped a lot! Do you mind if I ask for your user.js? I am curious on the settings you use in Firefox.

This is correct, anyone can run an OpenNIC server. The idea is either you know/trust someone who runs one, or you run one yourself.

1 Like

i not use cloudflare DNS (cloudflare made to record data like IP to protect users, its like antivirus it’s must see ur files to scan it) so i’m sure they record data on their dns so yeah i’m using DNS.watch & opennic project sometimes

I don’t use user.js, but my usual about:config is at https://mikaela.info/browser-extensions.html#firefox-aboutconfig . (I know I have monstrous amount of extensions and I am working on cutting them, but there are always more pleasant tasks…)

And we have a list of encrypted DNS providers on the website :partying_face: :tada:

2 Likes