DT Intro: We've been watching developments at DNS provider, DeCloudUs, recently and have received another update that we're sharing with you now. As we say, it's a product we really rate!

New Features & Enhancements

Dear subscriber,

We are pleased to announce that we just completed a second Major Release for October 2021. With this release, DeCloudUs DNS servers implemented advanced filtering capabilities that are second to none along with implementing our own recursive resolvers.

- Added malicious IP address blocking based on Threat Intelligence feeds. Many DNS resolvers are capable of parsing DNS queries and blocking DNS lookups for specific domains/subdomains, if they exist on a blocklist. DeCloudUS DNS servers are also capable of parsing DNS responses and blocking the response if a domain/subdomain resolves to a known malicious IP address. Registering malicious domains/subdomains is fairly easy and cheap; once a domain/subdomain is added to a blocklist, the malicious service owner can simply point the service IPs to new domains to get around that. Obtaining new/different server IPs is more difficult though. To better protect your traffic, we obtain daily threat intelligence feeds for server IPs that are proven to be malicious; regardless of the domain/subdomain, if these IPs show up in DNS responses, DeCloudUs DNS servers will respond with instead to protect your devices. To prevent false positives, once the IP address ceases malicious activities (typically when the malicious service is taken down), the IP address is then removed from the blocklist, which is refreshed at least once a day. It is also worth mentioning that Custom DNS extends the ability to block by response IPs to Premium Plus users through custom blocklist.

- Launched DeCloudUs DNS own recursive resolvers. As you may have seen in the past, DeCloudUs DNS servers upstreamed non-filtered DNS queries to Quad9 and Cloudflare (which was done in a way that guaranteed Quad9/Cloudflare would know absolutely nothing about you as the user or what DNS queries a specific user was submitting). This was done mainly to reduce computing overhead and also deliver speedy responses. Surprisingly, we noticed some issues with Quad9 and Cloudflare over the past year: Quad9 responses would timeout once in a great while, which caused DNS errors for end users; Cloudflare delivered outdated responses on more rare occasions when certain DNS entries had large TTLs. As DeCloudUs grew, we became confident that we could do better. It took a couple of months to build massive recursive resolvers and configure them in a way that rivals Quad9/Cloudflare speed. Based on weeks of benchmarking, our recursors were often faster in resolving domains/subdomains that were not cached by Quad9/Cloudflare (sometimes twice as fast); when a DNS entry is cached by our resolvers, they are 10 times faster in responding. With all things considered, averaging the response times when benchmarking one million largely diverse requests, our resolvers were indeed slightly faster. Over the last two weeks, we configured all DeCloudUs DNS servers to use our own recursive resolvers. For you, this means faster and more reliable DNS with the peace of mind that no other provider is involved with you DNS queries whatsoever. Now, if you do a DNS Leak Test, you will only see "resolver.decloudus.com" as the DNS resolver.

To make it easier to see Major Releases summaries, we added a section in the Status page that you can access anytime: https://decloudus.com/status.html

Finally, over the past few weeks, we received many inquiries about how DeCloudUs DNS uses other "cloud" service providers in the DNS service. These inquiries often cited other privacy-touting DNS providers that use Cloudflare Workers, Google hosted services, Cloudflare proxies, Amazon loadbalancers, etc. The answer to that question is simple, there are no other providers or cloud services used in our DNS servers whatsoever. We self-host all of our servers. We do not use "cloud" servers; rather, we lease hardware servers from data centers and we then install and manage all componets: firewall, Operating System, web server, DNS server, etc. It is worth mentioning that in the past we upstreamed DNS traffic to Quad9/Cloudflare, but that is no longer the case (as mentioned above). While this is indeed more complex and more expensive than using "cloud" providers to deliver our service, it is the only way to guarantee optimal privacy and security, since we are in control of the DNS traffic and we do not trust it to any other provider. If we were to use Cloudflare Workers or proxies for example, Cloudflare would then, likely, be able to see unecrypted DNS queries/traffic coming from your IP address. That would never be OK with us; after all, what is the point of using a privacy-focused DNS service when all DNS traffic is handled by a third party provider that may have different privacy policies that the DNS service does not control? To conclude, we are committed to your privacy and security as outlined in our privacy policy. One of the main reasons behind our service is to "decloud" and take charge of our data and privacy from large tech companies that control most of the Internet. For us, building our DNS service on the top of other cloud services is simply not an option.

As always, if there are any questions, issues, or feedback, please feel free to contact us at https://decloudus.com

Best regards,


Operating update from DeCloudUs
DT Intro: We published a chapter on the Decloudus DNS service just last week inthe Privacy Cookbook. The link is below. Now we have received this update fromthem on some new features and enhancements that we now want to share with you. Dear subscriber, We are pleased to announce that we just co…
Privacy Cookbook - Chapter 2.5 - DNS - Decloudus DNS
I’ve made my point multiple times on decentralize.today that when it comes toprivacy, I prefer a DNS with ad-blocking over a VPN. Perhaps you can combineboth of them? We do have, on the other hand, the combination of a Firewall/DNSsetup like RethinkDNS, NextDNS and AdGuard, but many people just d…
Share this post