Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cloudflare new 1.1.1.1 for families

    DHCP and DNS
    2
    5
    143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee
      last edited by JonathanLee

      Hello fellow Netgate community members,

      I have just learned that Cloudflare has new options for DNS servers that come built in with anti-malware, and even if you so choose block adult content. This is done with just using

      As quoted from Cloudflare

      1.1.1.1 for Families categorizes destinations on the Internet based on the potential threat they pose regarding malware, phishing, or other types of security risks.

1.1.1.1 for Families has two default options:

Block malware
Use the following DNS resolvers to block malicious content:

1.1.1.2
1.0.0.2
2606:4700:4700::1112
2606:4700:4700::1002

Block malware and adult content
Use the following DNS resolvers to block malware and adult content:

1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003

      However if you use DoT like me over port 853 you can also now use

      1.1.1.1 for Families also supports DoT if you have a compliant client, such as a compatible DoT router. DoT allows you to encrypt your DNS queries, protecting you from spoofing, malicious actors, and others. You can learn more about DoT in the Learning Center article on DNS encryption โ†—.

To configure an encrypted DoT connection to 1.1.1.1 for Families, type one of the following URLs into the appropriate field of your DoT-compliant client:

Block malware
security.cloudflare-dns.com

Block malware and adult content
family.cloudflare-dns.com

      This works at the main dns resolver so much like an upgrade to pfblocking, as the main DNS server does the major blocking for you.

      Ref:
      https://developers.cloudflare.com/1.1.1.1/setup/#1111-for-families
      https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html

      Make sure to upvote

      1 Reply Last reply Reply Quote 1
      • JonathanLeeJ
        JonathanLee
        last edited by

        DNS over TLS example

        2f98a94f-f63c-4600-9477-37906df6ff10-image.png

        058a7cde-47ba-43a6-9389-00b6dc24fc85-image.png

        Make sure to upvote

        M 1 Reply Last reply Reply Quote 1
        • M
          mcury @JonathanLee
          last edited by

          @JonathanLee I'll be testing this..
          Thanks ๐Ÿ‘

          dead on arrival, nowhere to be found.

          JonathanLeeJ 1 Reply Last reply Reply Quote 1
          • JonathanLeeJ
            JonathanLee @mcury
            last edited by

            @mcury If you want to use port 853 you will first have to follow the instructions on this guide from netgate.

            https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html

            Otherwise you can just use the adapted dns addresses

            Make sure to upvote

            M 1 Reply Last reply Reply Quote 0
            • M
              mcury @JonathanLee
              last edited by mcury

              @JonathanLee I'm checking it right now.
              I have dual WAN here, so I can't use general settings like you did.

              Edit:
              Unless I use 1.1.1.1 for one WAN and 1.0.0.1 for the other..
              hmm ๐Ÿค”

              Edit2:
              Left the gateway option empty in general settings, added both family.cloudflare-dns.com for 1.1.1.1 and 1.0.0.1, disabled DNSSEC and enabled forwarding and Use SSL/TLS for outgoing DNS Queries to Forwarding Servers.

              Testing now.

              dead on arrival, nowhere to be found.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.