WHAT IS THE CLOUDFLARE RESOLVER?
Every time you type a web address such as www.cloudflare.com into a web browser, the web browser sends a query to a DNS resolver. If DNS is like the card catalog of the Internet, then a DNS resolver is like a helpful librarian that knows how to use the information from that catalog to track down the exact location of a website. Whenever a resolver receives your query, it looks up the IP address associated with the web address that you entered and relays that information to your web browser. “DNS resolution” as this process is referred to, is a crucial component of your Internet experience. Without DNS resolution, your web browser would be unable to communicate with the servers that host your favorite websites since communication requires knowing the IP addresses of those websites.
For most Internet users the DNS resolver that they use is either the one that comes with the operating system running on their machines or the one that is set by their network provider. Unfortunately, what this means is that your DNS is usually slow and insecure. Moreover, your Internet service provider, and anyone else listening in on the Internet, can see every website that you visit and every app that you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it to target you with ads.
Given the current state of affairs, Cloudflare decided that it was time to create a DNS resolver with your privacy and security in mind. What this means is that whenever you click on or type a web address in your internet browser your DNS lookup request will be sent over a secure channel to the Cloudflare Resolver rather than to an unknown DNS resolver, significantly decreasing the odds of any unwanted spying or man in the middle attacks.
WHAT IS THE CLOUDFLARE PROMISE?
Cloudflare will not retain or sell or transfer to any third party (except as described in the section below and as may be required by law) any personal information, IP addresses or other user identifiers from the DNS queries sent to the Cloudflare Resolver;
Cloudflare will not combine the data that it collects from DNS queries, with any other Cloudflare or third party data in any way that can be used to identify individual end users; and
WHAT INFORMATION DOES THE CLOUDFLARE RESOLVER COLLECT?
Cloudflare will collect only the following anonymized DNS query data that is sent to the Cloudflare Resolver:
Except for the three DNS query types discussed below, all of the log information above will be deleted within 24 hours of Cloudflare’s receipt of such information.
There is some telemetry information (i.e. performance related metrics), however, that Cloudflare will store indefinitely as part of its permanent logs in order to assist Cloudflare in enhancing the overall performance of Cloudflare Resolver and identifying security threats. Cloudflare will only store permanent logs of the following such information:
All information collected by Cloudflare, no matter whether such information is part of Cloudflare’s temporary or permanent logs, will be cleansed of any personally identifiable data (including your IP addresses). Additionally information that is stored as part of Cloudflare’s permanent logs will be further anonymized.
WILL CLOUDFLARE SHARE MY DATA WITH ANYONE?
Cloudflare has partnered with APNIC, the regional internet registry for the Asia-Pacific region to make the 22.214.171.124 IP address the home of the Cloudflare Resolver. As part of its mission to ensure a global, open and secure Internet, APNIC conducts research about the functioning and governance of the Internet, which it makes available on its website, located at www.apnic.net.
Cloudflare has agreed to provide APNIC with access to some of the data that Cloudflare collects through the Cloudflare Resolver. Specifically, APNIC will be permitted to access query names, query types, resolver location and other metadata via a Cloudflare API, that will allow APNIC to study topics like the volume of DDoS attacks launched on the Internet and adoption of IPv6.
In return for access to the Cloudflare Resolver data, APNIC has agreed to use such data solely for non-profit operational research. APNIC has also agreed not to use the data in any manner that would allow it to associate any individual with a DNS query, or publish any studies containing any references to particular query names or individual behavior. As part of Cloudflare’s commitment to privacy, Cloudflare will not provide APNIC with any access to the IP address or port associated with a client.
Aside from APNIC, Cloudflare will not share your data with any third party.