Cloudflare Resolver for Firefox
Every time you type a web address, such as www.mozilla.org ↗ or www.firefox.com ↗, into a web browser, the web browser sends a query to a DNS resolver. If DNS is like the card catalog of the Internet, then a DNS resolver is like a helpful librarian that knows how to use the information from that catalog to track down the exact location of a website. Whenever a resolver receives your query it looks up the IP address associated with the web address that you entered and relays that information to your web browser. “DNS resolution” as this process is referred to, is a crucial component of your Internet experience because without it your web browser would be unable to communicate with the servers that host your favorite websites, since communication requires knowing the IP addresses of those websites.
For most Internet users, the DNS resolver that they use is either the one that comes with the operating system running on their machines or the one that is set by their network provider. In some cases, these resolvers leave a lot to be desired because of their susceptibility to unwanted spying and other security threats.
To address this, Mozilla has partnered with Cloudflare to provide DNS resolution directly from within the Firefox browser using the Cloudflare resolver for Firefox. When this feature is active, Firefox sends DNS queries over a secure channel to the Cloudflare resolver for Firefox rather than to an unknown DNS resolver, significantly decreasing the odds of unwanted spying or man-in-the-middle attacks.
Any data Cloudflare handles as a result of its resolver for Firefox is as a data processor acting pursuant to Mozilla's data processing instructions. The data Cloudflare collects and processes pursuant to its agreement with Mozilla is not covered by the Cloudflare Privacy Policy ↗. As part of its agreement with Mozilla, Cloudflare has agreed to collect only a limited amount of data about the DNS requests sent to the Cloudflare resolver for Firefox via the Firefox browser. Cloudflare will collect only the following information from Firefox users:
- date
- dateTime
- srcAsNum
- srcIPVersion
- dstIPVersion
- dstIPv6
- dstIPv4
- dstPort
- protocol
- queryName
- queryType
- queryClass
- queryRd
- queryDo
- querySize
- queryEdns
- ednsVersion
- ednsPayload
- ednsNsid
- responseType
- responseCode
- responseSize
- responseCount
- responseTimeMs
- responseCached
- responseMinTTL
- answerData type
- answerData
- validationState
- coloID (unique Cloudflare data center ID)
- metalId (unique Cloudflare data center ID)
All of the above information is stored in temporary logs and then permanently deleted within 24 hours of Cloudflare's receipt of such information. In addition, Cloudflare stores the following in permanent logs:
- Total number of requests processed by each Cloudflare data center.
- Aggregate list of all domain names requested.
- Samples of domain names queried along with the times of such queries.
Information stored in permanent logs is anonymized and may be held indefinitely by Cloudflare for internal research and development purposes.
Cloudflare commits to using the information collected from the Cloudflare resolver for Firefox solely to improve the performance of the Cloudflare resolver for Firefox and to assist in debugging efforts if an issue arises. In addition to limiting collection and use of data, Cloudflare promises:
-
Cloudflare will not retain or sell or transfer to any third party (except as may be required by law) any personal information, IP addresses, or other user identifiers from the DNS queries sent from the Firefox browser to the Cloudflare resolver for Firefox.
-
Cloudflare will not combine the data that it collects from such queries with any other Cloudflare or third-party data in any way that can be used to identify individual end users.
-
Cloudflare will not sell, license, sublicense, or grant any rights to your data to any other person or entity without Mozilla's explicit written permission.
Cloudflare does not block or filter content through the Cloudflare resolver for Firefox. As part of its agreement with Mozilla, Cloudflare provides only direct DNS resolution. If Cloudflare were to receive written requests from law enforcement and government agencies to block access to domains or content through the Cloudflare resolver for Firefox, Cloudflare would, in consultation with Mozilla, exhaust its legal remedies before complying with such a request. We also commit to documenting any government request to block access in our semi-annual transparency report, unless legally prohibited from doing so.