My wife takes her iPhone (6S I think) and iPad with her from New York to Seoul to Bangkok to Hong Kong and elsewhere - for her own business. Her iPhone’s AT&T plan has UNLIMITED WORLDWIDE DATA - data, not voice. (It’s a VERY unusual plan.) Her iPad connects to whatever WiFi is available (usually hotel).
- If we set her iPhone and iPad to use 220.127.116.11 for DNS lookup, will those lookups always automatically go to the CLOSEST Cloudflare 18.104.22.168 server, or will her phone continue to try to reach Cloudflare near NYC?
- How can we test to make sure?
- If we ALSO install the DNSCloak app on each device (which runs dnscrypt-proxy to encrypt the DNS lookups) and make it point to 22.214.171.124 as the only resolver, same question - when she’s traveling, will the DNS queries go to Cloudflare’s closest 126.96.36.199 server, or back to the NYC area?
- Again, how could we test to be sure? (Should testing be done differently with DNSCloak installed?)
188.8.131.52 is always the closest Cloudflare data center.
To check, go to the hamburger menu (three horizontal lines) and tap Advanced Settings. The Diagnostics option will show you which Colocation center you’re hitting.
sdayman - thanks for fast reply.
As I’m not an iPhone person, where is this hamburger menu? In her safari browser or in a 184.108.40.206 app that she should install first?
I think we’re done here.
Well…ok. It’s in the 220.127.116.11 app, upper right corner.
I agree about being done when it comes to iPhone. Thanks for your patience!
Next question - if we’re going to install the DNSCloak app to add dnscrupt-proxy to the mix (and have it point exclusively to 18.104.22.168 as only resolver), can she skip installing cloudfare’s 22.214.171.124 app?
If yes, then again how would we check that all DNS lookups are going to 126.96.36.199 (encrypted) AND that it’s the closest Cloudflare 188.8.131.52 server as she moves around?
I used DNSCloak before the 184.108.40.206 app came out. It will also hit the nearest 220.127.116.11 data center. There’s no way around that, which is good.
Give this a try to see if DNS is encrypted: https://18.104.22.168/help
Edit: Yes, you can use DNSCloak only. That’s handy if 22.214.171.124 is blocked. The 126.96.36.199 app is just a very user-friendly way to do it.
sdayman - great info and I just checked 188.8.131.52/help on my iPad (which never moves from my apartment in NYC). That’s a great link because it confirms the encryption and also shows which Cloudflare server.
Question - does Cloudflare’s 184.108.40.206 app for iPhone also encrypt the DNS lookups like DNSCloak, or does it just set the iPhone to send DNS queries to 220.127.116.11?
It’s definitely encrypted. Also in the Advanced Settings are Connection Options. You only have two choices: DoH or DoT, both encrypted.
sdayman - great news - i didn’t know that nine months ago when I put DNSCloak on my own stationary iPad and I will try the app soon.
On my home PCs (wired to Verizon FIOS), I am using SimpleDNSCrypt, which also adds the dnscrypt-proxy service to the PCs, and again I have it set to use 18.104.22.168 as only resolver. All tests are very good.
BUT is there a new Cloudflare 22.214.171.124 app that does the same thing for PCs?
I ask because SimpleDNSCrypt and the dnscrypt-proxy service are not easy enough to use for people who spend less time fussing with their PCs.and so I have not recommended them to friends.
Sorry, Cloudflare doesn’t have a Desktop app that does this, but I thought I heard they’re looking into this. The easy workaround is to use Firefox which supports it natively. I think Chrome’s Canary version supports it.
Didn’t know Firefox supported encrypted (DoH or DoT) DNS lookups natively. Where are its settings for that? (I use FF with security add-ons like NoScript and Disconnect.)
EDIT - I found the info - see, for example,
And for a great article about encrypted DNS lookups and dnscrypt-proxy, see
I use these two about:config flags. Mode 3 forces DoH only with no fallbacks.
sdayman - great volley here - almost as good as Wimbledon.
You’re the champ.