DNS forwarder & cloudflare family + malware blocking
-
Hello, I've always found DNS setup to be rather challenging. I wanted to implement one of these DNS services and figured the best way was through the DNS forwarder, but it doesn't seem to be working correctly. Cloudflare offers a family-blocking and malware service, along with test websites to check if everything is functioning properly.
The test websites are successfully blocked; however, there is a delay before a website is actually blocked. When I first visit a site, it is not immediately blocked, but after refreshing the page, it eventually gets blocked. Despite the test websites being blocked, I can still access some obvious p*rn sites. These are never eventually blocked.
I have cleared my cash on my windows computer
ipconfig /flushdns
and on my macsudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
.Also, I'm using firefox and a changed my security settings and turned of DNS within firefox. How do browsers effect DNS? Isn't that at a different network level?
I haven't touched the DNS config anywhere else. It looks like my devices are also being passed my routers domain for the DNS server.
https://developers.cloudflare.com/1.1.1.1/setup/android/
1.1.1.3
1.0.0.3
2606:4700:4700::1113
2606:4700:4700::1003https://nudity.testcategory.com/
Her is my powershell output from my device
C:\Windows\system32> Get-DnsClientServerAddress -InterfaceAlias "Wi-Fi" InterfaceAlias Interface Address ServerAddresses Index Family ------ ------- ----------------- ----------------- Wi-Fi 10 IPv4 {10.10.10.1} Wi-Fi 10 IPv6 {2606:4700:4700::64, 2606:4700:4700::6400}
From another device
nameserver[0] : 2606:4700:4700::64 nameserver[1] : 2606:4700:4700::6400 nameserver[2] : 10.10.10.1 nameserver[0] : 2606:4700:4700::64 nameserver[1] : 2606:4700:4700::6400 nameserver[2] : 10.10.10.1
-
I was able to get this working. I now have sites blocked, etc. I still have to make sure that DNS over TLS works and I also need to configure this for IPv6 so a bit more to do.
I needed to add the appropriate rules to my firewall as specified in these recipes. I added a total of 3 firewall rules and 1 NAT rule.
DNS redirect:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.htmlDNS Blocking:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html#blocking-external-client-dns-queries