Introducing 1.1.1.1, the app!


#1

Today we are launching a mobile app to make it easier than ever to enable 1.1.1.1 DNS on your iOS and Android devices.


#2

#3

I have been using the beta version and have now downloaded from the Play Store!! Great app - just like most of the stuff that CloudFlare does - amazing! So glad as there aren’t many companies that I would trust with my data with this kind of thing :slightly_smiling_face:


#4

Was thinking CF should probably add to the android app description why it asks for Camera & microphone permissions (instabug), many people didn’t download it because of those permissions.


#5

It is also the storage permission. But as of Marshmallow it is optional anyhow (well, not that there havent been applications which are sort of trying to force it).


#6

So I take it this app creates a VPN link for just the 1.1.1.1 resolvers? I mean, fair enough, as there’s no way to create secure DNS connections otherwise, at least on iOS, but why not just go the rest of the way and offer an optional full VPN? Heck, I’d probably pay for that.


#7

It would be nice if the app shows that nothing needs to be done, if the user as used the new private-dns option in android 9 (pie).


#8

I believe they are trying to remove VPNs from existence. They are slow and insecure/cumbersome, causing massive bandwidth/CPU usage for the server and high latency/slow throughput for the client. The VPN in the app is local, all on-device.


#9

My point was just that, by using a VPN configuration, this app would prevent me from using a real VPN. So if they’re going to do that, providing a real VPN would be nice, so I don’t have chose between secure DNS and generally secure traffic.


#10

@Judge, great point & good conversation here about that, https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/.
–snip from above link–
Our developers rolled out a fix. We don’t ask for microphone permissions anymore. Here is our latest release notes:
• Removed microphone permission, previously required for reporting bugs and feedback through Instabug.
• Storage permission is still there, but it’s required only for attaching screenshots for bug reports.

The app itself does not require any of those permissions.
However, we are using a third party library to help us debug issues that you or other users may have. Unfortunately, they require these permissions to gather screenshots/recordings (ONLY WHEN YOU EXPLICITLY FILE A BUG REPORT). Here is the documentation: https://docs.instabug.com/d…
–end–


#11

Thanks for the app! I’ll help spread the word to family and friends. Have a question: I have a Ubiquiti EdgeRouterX with 1.1.1.1 as the primary DNS resolver for the gateway and the DNSMasq service enabled for the LAN. If the 1.1.1.1 Resolver App is enabled as a ‘Connect on Demand’ (the default configuration), the local DNSMasq can not respond to requests as all DNS traffic is secured.

Shouldn’t the app have an option to “remember” specific networks to not act as a resolver. For example, If I am connected to my HOME AP, do not use the 1.1.1.1 app Local VPN resolver interface. If I’m on Cellular data, route DNS through 1.1.1.1 app VPN resolver. If i’m on work WiFi, use the corporate DNS Resolver (which is hopefully using 1.1.1.1 for external resolution). If I have turned off WiFi then the Cellular connection is primary and the 1.1.1.1 app VPN takes back over.

If the 1.1.1.1 iOS app publishes Shortcut Actions, users could check the WiFi Network Name and run If, Then and send the 1.1.1.1 app an Action to disable if on specific networks.


#12

Your own VPN or a (paid) VPN service?


#13

I take his meaning to be that the 1.1.1.1 apps require utilizing a VPN configuration on the phone.

Since it is occupying the single network-wide ‘vpn’ a phone may utilize in order to secure only DNS, the posters point was that Cloudflare could take the opportunity to actually provide a full VPN service [poster suggests fee-based] so people don’t have to choose.


#14

A VPN app is probably not on their roadmap, or is just an idea if anything. Cloudflare already hard pushes against the use of VPN software with their Cloudflare Access product, so I don’t see them offering VPN services in the near future.

1^4 does take up the system-wide VPN configuration, but if you switch to a different VPN app your DNS will be encrypted anyways (as long as you trust your VPN provider).


#15

Yup! Completely agree about the likelihood of a VPN as a product offering, especially given their positioning. It would likely be tenable as some kind of marketing for another of their services.

I was only trying to clarify @jshier’s post to @MarkMeyer :slight_smile:


#16

Imho it’s not their business. I can magine that it is a question of time until the first VPN provider offers 1^4 in some way. But this

is a good point. They could offer VPN services to access infrastructure behind Cloudflare. Which could reduce costs for hardware and probably licenses and administrative efforts. Though there’s Cloudflare Access.


#17

Access is way better IMHO. But can’t be for everyone.


#18

Can I set auto start of this app in Android after phone restart?


#19

Hi all,

Please go easy on me. I’m new to this stuff and learning. Sorry if what I’m asking is a bit uneducated. :slight_smile:

Before installing the new Cloudflare app on my iOS devices, I already had it’s DNS setup in my Asus router and with DNSSEC on. I installed the Cloudflare app for an easy way to setup DNS over HTTPS.

When I test here: https://cloudflare-dns.com/help/, I get a Yes for both DNS and DoH. That’s great.

When I test DNSSEC here, http://en.conn.internet.nl/connection/, the test confirms that DNSSEC is active on Cloudflare. That’s good.

Is it ok to run things this way? Any possible conflicts I should be concerned about? Everything seems to be running perfectly. Internet speeds are darn good, websites loading perfectly. Couldn’t be happier.

Thank you all and thank you Cloudflare for this app.


#20

With the app, you always go direct to 1.1.1.1 over HTTPS. At home or over cellular.

Depending on your router setup, your devices either have to query your router for DNS lookups, or DHCP tells your device to use 1.1.1.1. However, in either case, it doesn’t sound like your router setup uses DNS over HTTPS.

Your setup is like mine. My router tells my devices to use 1.1.1.1, but doesn’t do DNS over HTTPS. And I use the app on my iOS devices. DNSSEC works in all cases.