Network operators, including Internet Service Providers (ISPs), device manufacturers, public Wi-Fi networks, municipal broadband providers, and security scanning services can use and in place of operating their own recursive DNS infrastructure.
There are multiple ways to use 184.108.40.206 as an operator:
- Including a or proxy on end-user routers or devices (best for privacy).
- Pushing 220.127.116.11 to devices via DHCP/PPP within an operator network (recommended; most practical).
- Having a DNS proxy on a edge router make requests to 18.104.22.168 on behalf of all connected devices.
Where possible, we recommend using encrypted transports (DNS over HTTPS or TLS) for queries, as this provides the highest degree of privacy for users over last-mile networks.
The publicly available endpoints for 22.214.171.124 are detailed in the following table:
(Adult Content + Malware)
Operators using 126.96.36.199 for typical Internet-facing applications and/or users should not encounter any rate limiting for their users. In some rare cases, security scanning use-cases or proxied traffic may be rate limited to protect our infrastructure as well as upstream DNS infrastructure from potential abuse.
Best practices include:
- Avoiding tunneling or proxying all queries from a single IP address at high rates. Distributing queries across multiple public IPs will improve this without impacting cache hit rates (caches are regional).
- A high rate of “uncacheable” responses (such as
SERVFAIL) against the same domain may be rate limited to protect upstream, authoritative nameservers. Many authoritative nameservers enforce their own rate limits, and we strive to avoid overloading third party infrastructure where possible.
If you are a network operator and still have outstanding questions, contact
[email protected] with your use case, so it can be discussed further. Make sure to visit from within your network and share the resulting report when contacting Cloudflare.