Google Public DNS: The Pioneer
Google launched Google Public DNS on December 3, 2009, with the memorable IP addresses 8.8.8.8 and 8.8.4.4. It was the first major public alternative to ISP-provided DNS and immediately attracted users frustrated with slow, ad-injecting, or unreliable ISP resolvers. At launch it was the fastest public resolver available, backed by Google's global network infrastructure.
Google Public DNS is built on the same global anycast infrastructure as Google's other services, with resolver instances distributed across Google's data centers worldwide. It supports DNSSEC validation, which protects against DNS cache poisoning by verifying cryptographic signatures on DNS responses. Google states a reliability target of 99.999% uptime, and in practice outages are exceedingly rare. The resolver does not filter any content by default — every valid domain resolves normally — and does not redirect NXDOMAIN responses to a search page.
Google's privacy stance has evolved over time but remains the primary area of criticism. The current policy logs full query data temporarily, anonymizes IP addresses within 24–48 hours, and retains a sampled subset of anonymized data for up to two weeks. Google explicitly states it does not correlate DNS data with other Google services for advertising purposes, but users who strongly value DNS privacy remain skeptical given Google's broader data collection practices.
Cloudflare DNS: The Privacy-First Challenger
Cloudflare launched 1.1.1.1 on April 1, 2018 — a date that led many to initially assume it was a joke — partnering with APNIC to operate the historically significant 1.1.1.1 IP address. From day one, Cloudflare positioned the service around two claims: it would be the world's fastest public DNS resolver, and it would be the most privacy-respecting.
Cloudflare's anycast network spans over 300 cities globally — a larger DNS footprint than Google's at the time of launch — which translates to lower average latency for users worldwide. In independent benchmarks, Cloudflare consistently achieves global average uncached response times of approximately 11 milliseconds, compared to approximately 20 milliseconds for Google. The difference is most pronounced in regions where Cloudflare has data centers closer to end users than Google's DNS-specific infrastructure.
On privacy, Cloudflare made a stronger commitment than any previous resolver: it pledged never to write querying IP addresses to disk, to wipe all transient logs within 24 hours, and to have its privacy practices independently audited annually by KPMG. The KPMG audit reports are published publicly, providing verifiable evidence that Cloudflare's stated practices match its actual operations — a level of transparency that no other major DNS provider has matched.
Speed Comparison
In global benchmark studies, Cloudflare 1.1.1.1 leads Google 8.8.8.8 by approximately 10–15% on average uncached query response time. The gap is consistent across multiple independent testing methodologies. DNSPerf, which continuously monitors public resolver performance from dozens of locations worldwide, has shown Cloudflare maintaining first place globally for uncached query speed since shortly after its 2018 launch.
For cached queries — which represent the large majority of real-world lookups for popular domains — both resolvers return results in under 5 milliseconds and the difference is imperceptible. The speed advantage of Cloudflare is most meaningful for first-time lookups of less common domains and for users in regions where Cloudflare's network footprint gives it a geographic advantage over Google's nearest DNS node. For most everyday browsing of popular websites, the practical speed difference between the two is negligible.
Privacy Comparison
This is the most meaningful difference between the two resolvers. Cloudflare's privacy commitment is structurally stronger. It does not log querying IP addresses to persistent storage, limits transient operational logs to 24 hours, and submits to annual third-party audits of these practices. Users who prioritize DNS privacy have a verified, audited commitment from Cloudflare that their queries are not linked to their identity.
Google Public DNS does retain some query data. While Google anonymizes IP addresses quickly and does not use DNS data for advertising, the 24-to-48-hour window before anonymization and the retention of sampled data for two weeks means some association between IP address and query exists temporarily. For users who trust Google's broader data practices and are comfortable with this retention window, it is a reasonable trade-off. For users who want the strongest possible DNS privacy guarantee, Cloudflare's audited no-logging policy is the clearer choice.
Cloudflare's Filtering Variants: 1.1.1.2 and 1.1.1.3
Cloudflare offers two filtering variants of its resolver that Google does not match. 1.1.1.2 (with secondary 1.0.0.2) blocks domains associated with malware distribution and phishing, returning NXDOMAIN for flagged domains rather than their real IP addresses. This provides a network-level layer of protection against malicious sites without requiring any software installation on the client device.
1.1.1.3 (with secondary 1.0.0.3) extends filtering to include adult content in addition to malware domains, making it suitable for family or school network deployments. Both filtering variants use the same anycast infrastructure and privacy practices as 1.1.1.1 and are free to use. Google's DNS offering has no filtering variants — it resolves all valid domains without restriction.
Reliability and Features
Both resolvers are extremely reliable by any practical measure. Google advertises a 99.999% uptime SLA, and Cloudflare's network redundancy across 300+ cities makes widespread outages extremely rare. Both support DNSSEC validation, DNS over HTTPS (DoH), and DNS over TLS (DoT), enabling encrypted DNS for clients that support it. Both support EDNS Client Subnet (ECS), which passes a truncated version of the client's IP to authoritative nameservers to improve GeoDNS accuracy — though Cloudflare's ECS implementation is more conservative to preserve privacy.
Google's DoH endpoint is https://dns.google/dns-query and DoT hostname is dns.google on port 853. Cloudflare's DoH endpoint is https://cloudflare-dns.com/dns-query and DoT hostname is 1dot1dot1dot1.cloudflare-dns.com on port 853. Both endpoints are compatible with all major browsers and operating systems that support encrypted DNS configuration.
Which to Choose
Choose Cloudflare 1.1.1.1 if DNS privacy is a priority, if you want the fastest globally-benchmarked resolver, or if you want built-in malware filtering via 1.1.1.2. Choose Google 8.8.8.8 if you already trust Google's ecosystem and want a resolver with a long track record and deep integration with Google's infrastructure. For gaming, streaming, and general browsing, either resolver will serve you well — the practical performance difference is small enough that it rarely matters in daily use. When in doubt, benchmark both from your own network and use the one that performs better for your specific location and ISP.
Google DNS vs Cloudflare DNS Head-to-Head
| Property | Google Public DNS | Cloudflare DNS |
|---|---|---|
| Primary IP | 8.8.8.8 | 1.1.1.1 |
| Secondary IP | 8.8.4.4 | 1.0.0.1 |
| Avg global latency (uncached) | ~20 ms | ~11 ms |
| Privacy logging | Logs temporarily; anonymized within 24–48 h | No query logs written to disk (KPMG audited) |
| DNSSEC validation | Yes | Yes |
| DNS over HTTPS (DoH) | Yes — dns.google | Yes — cloudflare-dns.com |
| DNS over TLS (DoT) | Yes — port 853 | Yes — port 853 |
| Filtering options | None | 1.1.1.2 (malware), 1.1.1.3 (malware + adult) |
| Launched | 2009 | 2018 |
| Operator | Google (Alphabet) | Cloudflare / APNIC |
Frequently Asked Questions
Is Cloudflare DNS faster than Google DNS?
In global benchmark studies, Cloudflare 1.1.1.1 is typically 10–15% faster than Google 8.8.8.8 on average uncached query response times — approximately 11 ms for Cloudflare versus 20 ms for Google globally. The difference comes from Cloudflare's larger anycast network footprint, with points of presence in over 300 cities. In practice, the difference for cached queries (the majority of real-world lookups) is negligible — both return cached results in under 5 ms. For uncached lookups, Cloudflare's edge is real but unlikely to be perceptible to users in everyday browsing.
Does Google DNS log my queries?
Google Public DNS does log DNS queries, but with significant anonymization. According to Google's privacy policy, full IP addresses in DNS logs are deleted within 24–48 hours, after which only a sampled subset of queries is retained in a partially anonymized form for up to two weeks for debugging and research purposes. Google states it does not correlate DNS query data with other Google services or use it for advertising. Cloudflare, by contrast, commits to never writing querying IP addresses to disk and has this policy independently audited annually by KPMG.
What is the difference between 1.1.1.1 and 1.1.1.2?
1.1.1.1 is Cloudflare's standard public DNS resolver with no content filtering — it resolves all valid domain names regardless of their content. 1.1.1.2 is Cloudflare's malware-blocking variant, which uses threat intelligence to identify and block domains associated with malware distribution and phishing. Queries for blocked domains return NXDOMAIN rather than the actual IP address. Cloudflare also offers 1.1.1.3, which blocks both malware domains and adult content. These filtering variants are free and use the same global anycast infrastructure and privacy practices as 1.1.1.1.
Does Google DNS support DNS over HTTPS?
Yes. Google Public DNS has supported DNS over HTTPS (DoH) since 2016 and DNS over TLS (DoT) since 2019. The DoH endpoint is https://dns.google/dns-query and the DoT hostname is dns.google on port 853. Cloudflare similarly supports both DoH (https://cloudflare-dns.com/dns-query) and DoT (1dot1dot1dot1.cloudflare-dns.com on port 853). Both providers also support Oblivious DoH (ODoH) for additional privacy. Most modern browsers and operating systems can be configured to use DoH with either provider.
Which DNS server is better for gaming?
Both Cloudflare and Google are strong choices for gaming. Cloudflare's slightly lower average latency gives it a marginal edge for the initial hostname resolution when connecting to game servers. However, once your game client has resolved the game server's address and established a connection, DNS plays no role in ongoing game latency — ping to the game server is determined entirely by the network route between you and the server. For gaming, the DNS choice matters only for the connection setup phase, and either 1.1.1.1 or 8.8.8.8 will perform well.
Is it safe to use public DNS servers?
Yes, using Cloudflare or Google Public DNS is safe for the vast majority of users. Both providers operate enterprise-grade infrastructure with DNSSEC validation enabled, protecting against DNS cache poisoning attacks. Both support DNS over HTTPS and DNS over TLS, which encrypt your DNS queries in transit and prevent ISP or network-level snooping. The primary consideration is privacy — Google retains some query data for up to two weeks, while Cloudflare commits to no persistent query logging. Neither provider injects ads into DNS responses or redirects failed lookups to their own search pages.