Wednesday , January 20 2021

Smartphone security: Cloudflare speeds up and encrypts DNS traffic



DNS provider Cloudflare has developed an app for iOS and Android devices in conjunction with the Asian IP address provider APNIC, which facilitates the use of DNS service providers. By yourself, you have access to the fastest and safest DNS service in the world.

A brief description really shows the comfort – to activate the service, all you need is a tap in the app – but in fact, there's a lot more to it. You really can Simply manually enter the DNS server 1.1.1.1 into network settings, but without extra precautions, Android and iOS transmit unencrypted DNS traffic. Therefore third-party backbone routers can read.

The application speaks encryption and promises the provider not to forward the DNS data and deletes it after 24 hours from the server. By contrast, some DNA providers estimate or even sell DNA requests for promotional purposes. Also, from the application it is expected that the DNS resolutions will be harmonious, because Cloudflare beats its own distributed infrastructure around the world. It is not clear whether Cloudflare as an American company can prevent the secret services of its country from reading DNS data.

Cloudflare application, however, builds TLS tunnel DNS server; in fact even sets four Cloudflare IP addresses for it: 1.1.1.1, 1.0.0.1, 2606: 4700: 4700 :: 1111 and 2606: 4700: 4700 :: 1001. Both DNS requests and responses are then encrypted between the smartphone and server. In app settings, you can choose between HTTPS and TLS encrypted DNS traffic. That's why the application places its own VPN profile during installation after approval. If it is active, you can not use other VPN applications. As the name implies, the application encodes only DNS traffic. The rest of IP data is still online.

In a short test the app had a good impression. The DNS configuration in the system settings remains intact and becomes active as soon as the DNS tunnel is closed. Some dialects are still in English. It is not clear whether constant DNA encryption is detected on the battery. We have practically determined that you can see the protocol with DNS requests in the Advanced settings. Among other things, the duration of the required IP address is displayed.


(DZ)


Source link