Facebook takes a step forward to encrypt DNS end-to-end with Cloudflare

Facebook’s authoritative name servers are now using an encrypted connection with 1.1.1.1, the Cloudflare DNS Resolver. Cloudflare says Facebook was working with them over the past few months to change the connection from unencrypted to encrypted. Users using Cloudflare DNS + Facebook, now have a full encrypted connection.

The pilot results were shared by Facebook. Facebook says the “pilot proved to be a working solution for the type of production traffic Facebook see between Cloudflare DNS and Facebook name servers.”

The results show some latency to the initial request, but Facebook and Cloudflare are able to reuse the TLS connections to perform multiple requests. Cloudflare says the resulting DNS latency between 1.1.1.1 and Facebook’s authoritative name servers is on par with the average UDP connections.

According to Facebook, people browsing Facebook and using Cloudflare DNS with DoT now enjoy a fully encrypted experience, not only when they connect to Facebook using HTTPS, but also at the DNS level. Facebook says latency will improve more when they start to use the latest version of TLS (TLS 1.3) and the TCP Fast Open.

How to use Cloudflare DNS?

Cloudflare DNS is available worlwide and for free. Users can use on their internet connections modifying the DNS server to 1.1.1.1. This year, Cloudflare also launched apps for iOS and Android, that enables users to use Cloudflare DNS name resolver.