Skip to main content

1.1.1.1 Cloudflare encrypted DNS.Does it still leak IP addresses? [Resolved]

1.1.1.1 might be encrypting the DNS request but then between my ISP and the website I'm accessing, IP addresses are exchanged.Does my ISP see the IP address of the website I'm accessing but not its domain name?

When that happens over HTTPS therefore you the domain is encrypted, is the IP address still leaking? And what about simple HTTP ?


Question Credit: microwth
Question Reference
Asked March 25, 2019
Posted Under: Security
66 views
4 Answers

There are several unrelatd topics here, but:
Yes, the IP never is safe from attackers. Neither is the domain name is your scenario.

First, Cloudflares DNS might support some encrypted transfer, but this won't happen if the client doesn't use it. Making a normal old DNS request is still unencrypted, so a sniffing something can see what domains you're visiting.

Then, even if it was encrypted, the whole point of DNS is to transform a domain name to a numeric IP address. This IP is then used to request the content of the website itself. Anything on the way there (your ISP, some other commercial internet nodes, the websites hoster, etc.) can see the target IP (and yours too).

And the content of the request will also contain the domain again, because there might be several different domains on one IP. This is true for both HTTP and HTTPS, and both times it is not encrypted. There are some plans for HTTPS to make encryption of this part possible, but right now it is plaintext.


credit: deviantfan
Answered March 25, 2019
  1. Your ISP does see the IP address you are accessing. But it does not necessarily reveal the target, because that IP could be a Google/Amazon load balancer or something. But in general case, the real target may be found.
  2. For now, TLS handshake (which is used in HTTPS) is revealing a domain name in clear text in order to resolve which domain certificate should be given (several domains can target one IP). But a workaround is coming soon.

credit: Andrii K
Answered March 25, 2019

Yes your IP will be 'leaking'. By using secure DNS, your queries won't be 'readable' to anyone except the DNS service and you. But your own IP address will be viewable to IPS.

Same about HTTP and HTTPS, the IP address will always be viewable, but in HTTPS the traffic between you and the server will be encrypted, and therefore won't be readable to others. In HTTP all will readable.

If you want to 'hide' your IP. You will need to use other services such as VPN or use the TOR network.


credit: MrSykkox
Answered March 25, 2019

Yes, It leaks your IP address. It's basically a privacy-driven DNS service which provides the following benefits:

  1. Privacy: Cloudflare commits that 1.1.1.1 was designed for privacy first and will never sell your data or use it to target ads.
  2. Speed: As they mention on their website, this service is ranked #1 by DNSperf.

credit: SeeYouInDisneyland
Answered March 25, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA