DT Intro: We've been watching developments at DNS provider, DeCloudUs, recently and have received another update that we're sharing with you now. As we say, it's a product we really rate!
New Features & Enhancements
We are pleased to announce that we just completed a second Major Release for October 2021. With this release, DeCloudUs DNS servers implemented advanced filtering capabilities that are second to none along with implementing our own recursive resolvers.
- Added malicious IP address blocking based on Threat Intelligence feeds. Many DNS resolvers are capable of parsing DNS queries and blocking DNS lookups for specific domains/subdomains, if they exist on a blocklist. DeCloudUS DNS servers are also capable of parsing DNS responses and blocking the response if a domain/subdomain resolves to a known malicious IP address. Registering malicious domains/subdomains is fairly easy and cheap; once a domain/subdomain is added to a blocklist, the malicious service owner can simply point the service IPs to new domains to get around that. Obtaining new/different server IPs is more difficult though. To better protect your traffic, we obtain daily threat intelligence feeds for server IPs that are proven to be malicious; regardless of the domain/subdomain, if these IPs show up in DNS responses, DeCloudUs DNS servers will respond with 0.0.0.0 instead to protect your devices. To prevent false positives, once the IP address ceases malicious activities (typically when the malicious service is taken down), the IP address is then removed from the blocklist, which is refreshed at least once a day. It is also worth mentioning that Custom DNS extends the ability to block by response IPs to Premium Plus users through custom blocklist.
- Launched DeCloudUs DNS own recursive resolvers. As you may have seen in the past, DeCloudUs DNS servers upstreamed non-filtered DNS queries to Quad9 and Cloudflare (which was done in a way that guaranteed Quad9/Cloudflare would know absolutely nothing about you as the user or what DNS queries a specific user was submitting). This was done mainly to reduce computing overhead and also deliver speedy responses. Surprisingly, we noticed some issues with Quad9 and Cloudflare over the past year: Quad9 responses would timeout once in a great while, which caused DNS errors for end users; Cloudflare delivered outdated responses on more rare occasions when certain DNS entries had large TTLs. As DeCloudUs grew, we became confident that we could do better. It took a couple of months to build massive recursive resolvers and configure them in a way that rivals Quad9/Cloudflare speed. Based on weeks of benchmarking, our recursors were often faster in resolving domains/subdomains that were not cached by Quad9/Cloudflare (sometimes twice as fast); when a DNS entry is cached by our resolvers, they are 10 times faster in responding. With all things considered, averaging the response times when benchmarking one million largely diverse requests, our resolvers were indeed slightly faster. Over the last two weeks, we configured all DeCloudUs DNS servers to use our own recursive resolvers. For you, this means faster and more reliable DNS with the peace of mind that no other provider is involved with you DNS queries whatsoever. Now, if you do a DNS Leak Test, you will only see "resolver.decloudus.com" as the DNS resolver.
To make it easier to see Major Releases summaries, we added a section in the Status page that you can access anytime: https://decloudus.com/status.html
As always, if there are any questions, issues, or feedback, please feel free to contact us at https://decloudus.com