Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS forwarder & cloudflare family + malware blocking

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 216 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CatSpecial202C
      CatSpecial202
      last edited by

      Hello, I've always found DNS setup to be rather challenging. I wanted to implement one of these DNS services and figured the best way was through the DNS forwarder, but it doesn't seem to be working correctly. Cloudflare offers a family-blocking and malware service, along with test websites to check if everything is functioning properly.

      The test websites are successfully blocked; however, there is a delay before a website is actually blocked. When I first visit a site, it is not immediately blocked, but after refreshing the page, it eventually gets blocked. Despite the test websites being blocked, I can still access some obvious p*rn sites. These are never eventually blocked.

      I have cleared my cash on my windows computer ipconfig /flushdns and on my mac sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder.

      Also, I'm using firefox and a changed my security settings and turned of DNS within firefox. How do browsers effect DNS? Isn't that at a different network level?

      I haven't touched the DNS config anywhere else. It looks like my devices are also being passed my routers domain for the DNS server.

      https://developers.cloudflare.com/1.1.1.1/setup/android/

      1.1.1.3
      1.0.0.3
      2606:4700:4700::1113
      2606:4700:4700::1003

      https://nudity.testcategory.com/

      Her is my powershell output from my device

      C:\Windows\system32> Get-DnsClientServerAddress -InterfaceAlias "Wi-Fi"

InterfaceAlias        Interface Address ServerAddresses
Index  Family
------ -------        ----------------- -----------------
Wi-Fi  10   IPv4      {10.10.10.1}
Wi-Fi  10   IPv6      {2606:4700:4700::64, 2606:4700:4700::6400}

      From another device

      nameserver[0] : 2606:4700:4700::64
nameserver[1] : 2606:4700:4700::6400
nameserver[2] : 10.10.10.1
nameserver[0] : 2606:4700:4700::64
nameserver[1] : 2606:4700:4700::6400
nameserver[2] : 10.10.10.1

      Screenshot 2024-12-27 132034.png

      583a6599-3d05-4fe2-ada5-f8941b58ad73-image.png
      f0cf6607-a9d8-4d24-86e4-2c9a4e6ea857-image.png

      CatSpecial202C 1 Reply Last reply Reply Quote 0
      • CatSpecial202C
        CatSpecial202 @CatSpecial202
        last edited by

        I was able to get this working. I now have sites blocked, etc. I still have to make sure that DNS over TLS works and I also need to configure this for IPv6 so a bit more to do.

        I needed to add the appropriate rules to my firewall as specified in these recipes. I added a total of 3 firewall rules and 1 NAT rule.

        DNS redirect:
        https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

        DNS Blocking:
        https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html#blocking-external-client-dns-queries

        93ee7da2-b049-491f-88d7-e6bafcf4065a-image.png

        79a7645d-3820-433b-9dcf-c25d65f571e0-image.png

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.