Cloudflare DNS (1.1.1.1) review

Cloudflare's 1.1.1.1 service is a private DNS that encrypts the site requests you make, hiding them from your ISP. It’s offered in conjunction with WARP, a VPN service built on top of 1.1.1.1 that also encrypts your traffic.

WARP is a free service, and while we’d usually warn against using free VPNs, we're fairly happy with WARP’s pedigree. Cloudflare is one of the largest network service providers on the internet, and it had 1.1.1.1 audited to demonstrate its no-logs policy.

However, WARP does not hide your IP address or offer the full range of features provided by traditional VPNs. While it's a good choice if you’re looking for a free service for basic privacy needs, it’s not going to compete with the best VPNs we’ve reviewed in the past, such as NordVPN or Surfshark.​

Features

While the 1.1.1.1 DNS service offers a few different features, there’s significantly less available from WARP. In fact, several key features are missing.

There’s no kill switch, meaning you’ll be vulnerable to data leaks if your connection to Cloudflare’s servers goes down. Split tunnelling is available, but you can only specify which domains and IPs aren’t covered by the WARP VPN tunnel. Other than that, it’s a very bog-standard VPN client.

It was also surprising to see that there was no way to select a VPN server location. When you connect to WARP, you get access to your best local server. That’s it. Given that our top-rated VPNs allow you to pick and choose servers in individual cities, this is something we'd like to see WARP integrate into its own offering.

The DNS service is a little more interesting. 1.1.1.1 allows you to request DNS over both HTTPS and TLS, obfuscating your domain requests completely. There’s also Oblivious DNS available, which proxies your DNS requests through 1.1.1.1 without exposing the original IP requesting the domain.

You can optionally connect through “Family” 1.1.1.1 instead, a version of the domain resolver which also adds filtering for malware and inappropriate content. It’s not quite as granular as something like Windscribe’s ROBERT DNS, however, which provides several categories and allows you to add individual IPs to a custom blocklist.

There’s even the option to route your DNS requests through Tor for extra privacy. It’s still in the experimental stage, so don’t expect any official support if it doesn’t work, but it’s an interesting idea. Routing your DNS this way will definitely slow your domain requests down compared to using 1.1.1.1 directly, but if you need to be absolutely sure your requests aren’t being spied on, it’s worth a shot.

You might expect some of WARP’s features to be gated behind WARP+, the optional upgrade subscription. This is not the case. WARP+ is functionally identical to the normal WARP client, except you’re getting some extra-fast routing on the back end.

Server network

It’s a mixed bag. On the one hand, Cloudflare runs an incredibly powerful worldwide server network unparalleled by anything but other top-tier CDNs. On the other hand, you can’t choose which location you connect to through WARP.

All traffic is routed through Cloudflare's global network, but WARP+ uses Cloudflare’s Argo backbone, which is optimized for high-speed connectivity. We didn’t find any particular differences in performance between the two networks, unfortunately.

Apps

There’s not much to say about the WARP app. Install it, hit the “On” button, and you’re in business. That’s really it for most users. On Android and iOS, it’s perfectly functional. On the desktop, the client comes up as a pop-up from the system tray instead of a full window that you can drag around.

In practice, it’s a little annoying to use because you’ll probably end up referring to guides and accidentally closing the window if you’re doing anything more complex than just hitting connect.

On the surface, there are almost no extra settings or customization options, which makes it great if you need a “simple as” VPN that anyone can use. However, dig a little deeper, and there are expert-level settings relating to DNS that the average user will never need to touch.

It’s also not immediately obvious where you’re connected when you check the location on the app, as WARP uses co-location codes for specific regions (LHR for London Heathrow, for example) instead of telling you which country you’re connected to.

The WARP app is available on iOS, Android, Windows, macOS, and Linux. There are no dedicated apps for smart TVs, streaming devices, or gaming consoles. However, you will be able to take advantage of 1.1.1.1’s improved DNS resolution speeds by entering the DNS address directly into most devices.

Ease of use

WARP with 1.1.1.1 doesn’t require any particularly difficult setup. The fact that it’s feature-light is actually a plus here: all you do is hit “On” and you’re connected.

It’s hard to see how WARP could be made any simpler. There’s no need to log in, no subscription to set up, no locations to choose, just a download and install process. You can get stuck into all of the complex options on the back-end or try implementing some of 1.1.1.1’s more esoteric features into your own app, but that’s not necessary to get the VPN working.

That said, you might hit a snag while looking for the app on the iOS store. Simply put: it’s not there, so you’ll have to download it from the Cloudflare site directly.

Speed and performance

WARP is not particularly quick, but keep in mind that it’s free. Our testing rig uses a 1 Gbit connection to stress test the full capabilities of each VPN we review. WARP didn’t even come close to maxing out our line at only 197 Mbps.

We should point out that this is a free service, so you get what you pay for. It’s also more than fast enough to stream even 4K content, so you’re only really going to notice if you’re heavily into downloading.

You’d expect better from the paid WARP+ service, but unfortunately, our recorded speeds were… basically the same. Scarily so, clocking in at 198 Mbps. That definitely says something for Cloudflare’s consistency.

We can only assume that we’re already being connected to one of the best servers in the region by default, so don’t upgrade to WARP+ if you’re expecting an extreme jump in speeds. You’d be better off purchasing a subscription to Surfshark, instead, which reigns supreme as the fastest VPN on our books.

Unblocking

Don’t expect anything from WARP if you’re hunting for a streaming VPN. It’s not designed to bypass geo-restrictions and it doesn’t allow you to choose which server you’re connected to. At most, you’re going to have your traffic routed through a server geographically close to you. In our case, we found that we were still able to access ITV and Channel 4, but couldn’t access BBC iPlayer with WARP enabled.

Neither service blocks P2P connections, so if you’re looking to torrent on WARP it’s theoretically not a problem. In practice, the lack of port forwarding means you won’t get the same connectivity as using your home connection. Also, you’re not getting the IP masking protections afforded by most VPN providers. Together, this means that torrenting on WARP is an actively worse experience.

One plus side to WARP working differently from most VPN providers is that it’s not detected by nearly as many VPN scanners. We took WARP for a quick test-run and saw that nearly two-thirds of the sites we tested couldn’t tell we were using a VPN, which is significantly better than most of our top VPN providers. As a result, we’d expect you to run into fewer CAPTCHAs while using WARP, too.

Privacy and Security

There are some solid points here in favour of Cloudflare’s approach to privacy and security, but also a lot of areas where it could massively improve.

First, the positives. WARP uses BoringTUN to power the encrypted VPN tunnel you use to access the internet through its servers. It’s essentially another WireGuard implementation run inside the userspace, but instead of being written in the Go language, it uses Rust.

Cloudflare claims it’s a faster and potentially safer implementation of WireGuard, which is plausible, but it really remains to be seen whether this is the case.

Cloudflare has previously commissioned a no-logs audit of its 1.1.1.1 service by KPMG in 2019. KPMG indicated that Cloudflare handles data according to its privacy policy, essentially giving it a clean bill of health. However, there are still some issues here. For one, Cloudflare hasn’t commissioned another audit since then. There has also been no audit for the actual WARP service. Worst of all, by its own admission, Cloudflare does log some minor data about the use of WARP.

While WARP doesn’t require you to share an email address (or any personal information for that matter) to use the service, it does log an aggregated record of how much data you transfer and as well as your average connection speed. This isn’t a huge problem for WARP, but it is slightly more worrying if you add your personal information when you sign up via WARP+.

For 1.1.1.1, Cloudflare supports multiple encrypted and obfuscated methods of sending DNS requests. No problem here, these are great to see. Unfortunately, the same can’t be said of the actual WARP client. There are no obfuscation options, so it’ll be fairly obvious you’re using a VPN to access the internet.

If you’re worried about your network admin or ISP blocking your traffic, you need to look for another secure VPN – like ExpressVPN.

WARP also doesn’t hide your IP, which is a huge negative for a VPN. It’s one of the core selling points, but WARP isn’t really designed for privacy from the wider web. It’s just to stop your ISP from recording your traffic, but without a kill switch implemented, there’s no guarantee this will work 24/7.

The 1.1.1.1 DNS service gets a pass, but we cannot recommend WARP as a serious privacy tool.

Track record

Considering how large Cloudflare is, it isn’t surprising it's run into one or two security issues in the past.

As for the actual app, there have been several exploits discovered for WARP that would allow a local attacker to escalate privileges or otherwise interfere with the system running WARP. It’s not the best track record, and we expect better from an organisation with so many resources to dedicate to security.

From a privacy perspective, WARP performs better, although we have run into at least one case where a user on the local network would still be able to sniff DNS requests made through WARP. This is now fixed, but on the whole, it doesn’t build massive confidence in WARP as a tool that'll keep you safe online.

Customer support

Cloudflare has some very thorough documentation on offer for both 1.1.1.1 and WARP. However, it’s very much tailored towards developers who are using 1.1.1.1 as part of larger applications.

While you might find the answers you’re looking for, it’s not particularly accessible for new VPN users. This is a little disappointing, considering one of WARP’s benefits is supposed to be its simplicity.

Otherwise, you’ll need to check out the community support forum or its Discord. Cloudflare staff regularly check the forum, but you can’t rely on getting an answer if you’ve got a connection problem. Upgrading to WARP+ gets you access to a support portal, but this is strictly for solving billing issues.

Pricing and plans

Both 1.1.1.1 and WARP are free to use forever with no bandwidth limits. The only paid part of the package is WARP+, which is priced at $4.99 per month and is only available through the iOS and Google Play stores. WARP+ is literally just a speed and connectivity upgrade, there are no extra features on offer for the upgrade price.

In comparison, you could subscribe to Mullvad VPN for the same price and access a VPN with fleshed-out privacy features and the ability to connect to servers all over the world. There’s no money-back guarantee for WARP+, so if you find that it hasn’t significantly increased your speeds, you’re out of luck.

Should you use 1.1.1.1.?

As a free private DNS service, 1.1.1.1 ticks all the right boxes. As a free VPN, WARP leaves some key features out that leave much to be desired. The lack of a kill switch and IP masking are the most egregious problems. Proton VPN Free offers a free version with all the functionality of WARP and more, plus some marginally better location selection.

If you’re just looking to upgrade your DNS, giving 1.1.1.1 a shot isn’t the worst idea in the world. However, there are better free VPNs out there that do a better job of improving your privacy.

Furthermore, if you’re going to pay for WARP+, you may as well just pay for a VPN that actually protects your IP address instead, as the speed upgrades you’re getting are marginal at best.

1.1.1.1. alternatives

1. NordVPN – from $3.09 per month
The best VPN overall
One of the most well-rounded VPNs out there. NordVPN offers connection locations all over the world in 118+ countries, top-tier security features like Threat Protection, and consistently fast speeds. It's the total package, and you can take it for a risk-free test drive with its 30-day money-back guarantee.

View Deal

2. Surfshark – from $1.99 per month
The best cheap VPN (and the fastest!)
A fantastic choice if you’re concerned about value for money. Surfshark is one of the few providers that offers unlimited simultaneous device connections. There’s also some top-tier connectivity here, powered by the Nexus network, which allows you to create multi-hop connections between any two servers whenever you feel like it. Try it today with a 30-day money-back guarantee.

View Deal

3. ExpressVPN – from $4.99 per month
The best VPN for beginners
It’s a little pricier, but in return, you get best-in-class custom encryption protocols and a 24/7 support team ready to assist you whenever you have an issue with your VPN. ExpressVPN balances a powerful feature set with a streamlined, easy-to-use app that works on basically any platform you can think of. Best of all, you and try before commiting to a long-term subscription thanks to its 30-day money-back guarantee.

View Deal