Hi Tom, by default Unbound (aka "DNS Resolver" in pfsense) uses DNS-Root Servers, regardles what you've defined under System > General. If you want to use your custom DNS-Server you've defined under System > General, the Forwarding mode has to be enabled (DNS Resolver > Enable Forwarding Mode). All the best
Ahh yes thank you! I forgot to mention that! docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html I pinned your comment so others will know to change this if they need to.
Lawrence if you keep this up you are going to blow up on the tube ,man. You are just the right generation, and just the right topics. I don't know if it is your intention or not but mark my words, your TH-cam channel is going to grow insanely because of how good your content is man!
OMG, I so need this. The other day, my 6-year old was had research into making a desert for his remote learning from school lesson, and so I caught him just in time before he had a chance to type into Google, "how to make a cream pie", for fear that something else would come up (no pun intended)...
Great video, just need one thing the Filtering DNS for IPv6, which is 2606:4700:4700::1002 and 2606:4700:4700::1112 For removing adult content 2606:4700:4700::1113 and 2606:4700:4700::1003
@@rayjaymor8754 Pretty much this. Filtering is great if you're worried about young kids stumbling upon porn. Once they are at the point of actively seeking it, they're already past the point of "protecting innocence". My kids also know I can always see what they're doing on the computer.
OpenDNS Family Shield is another option and they have single licences for home use for additional protection/cost. I use a Pihole with the umbrella filter setup via the free option they have. works well.
Love the content. Thank you for helping me ask the right questions. FYI, and it's probably just me, when I tried to reach your kit.com link in latest Firefox and landed on a 404 page until the preceding 'www.' was added. Keep the videos coming! best, d'arcy
0:56 Really I don't mind giving control all to one company for as long as they do what they do without any extras, unlike Facebook who sells your data etc.
.... "Dir sir or madam. Our services are free. You are free to choose from the 100's of alternatives on the market. This product is for people who would like to keep your agenda out of their kid's bedrooms until they're 18, or at least old enough to move out on their own. You do not have the right to push any type of sexuality on children. Please do not be outraged at this idea."
Hi Tom - at the 5:40 mark you talk about doing this to a device on the network with static mapping, I'm having troubles getting that to work with modern smartphones that use false macs to negotiate connectivity with wifi, do you know a solution for this? PS-thanks for all the work you put in to these videos, they have helped me set up a much more customized home network fit to my family's needs!
1:39 ISPs and their usual DNS's are shaking right now at the fact that Cloudflare has this option for families. Not going to install it personally on my devices since I deal with... *ahem* both situations but would personally change the DNS's of my kid's computers and stuff so its all good for them.
Hello, Thank you for the video, although my internal network is a little different as I run Pi-Hole for my network wide ad blocker, so I just need to make the adjustment there. But again thank you for the video.
What data can your ISP see once you use a dns server like cloudflare, google, opendns, etc. Do you have any videos on "hiding" different types of traffic from your ISP. For example I use my phone as backup when my internet goes down. The cell phone company lower the video quality WAY down for Netflix and TH-cam. How can I not let them see my type of traffic or whatever they are using to de-prioritize me?
@@LAWRENCESYSTEMS Do you have a recommendation on a VPN, maybe my own hosted vpnor something else that can handle a 1 gig connection and 50 users who do a lot of hd streaming?
3:49 Ok, on this level I have to say that I think it should be 100% blocked. Regardless of the message from the LGBT community, their community is a community at which sex is talked about and is the main focus. To not block the LGBT websites would mean that kids would be exposed to the sex stuff which includes gender changing and other explicit items. If your website has sex in it, THEN YOU SHOULD BE BLOCKED REGARDLESS OF THE MESSAGE! There should not even be a discussion on the issue, its simple black and white. Does your website have any sexual items on it? If so, then block it.
What dns servers do you recommend as the default setup for clients not asking for specific DNS settings. Would cloudflare be your companies go to? At the start, you said maybe for business, so I'm thinking you may use someone else.
4:10 Literally the idea of the 1.1.1.3 was to block sexual content. Why did cloudflare apologise for this and reverse it? They have 1.1.1.1 like I use as well which is not censored. If your website has sexual stuff in it, its clear black and white. Regardless of the message if its good or bad should be blocked as its job is to block all sexual content and it should not hold a position. If it is to unblock one sexual content then it should unblock all as it would show bias towards one particular sexual content.
I just went to test this out because it sounds great for my family. But the TH-cam kids app on my daughters ipad stopped working immediately after switching from 1.1.1.1 to 1.1.1.2
Nice. I use Quad9. I will give I try to Cloudflare. You can also dst-nat all UDP 53 traffic to your preferred DNS server so even if the client manualy changes the DNS server all queries will be redirected to the DNS server you setup. With DoH I think we are out of luck for blocking DNS queries except for known DoH public server or using HTTPS inspection.
When using dig @1.1.1.3 website.com does it use your current DNS for the command or makes use of specified DNS in the command??? Cause, its reaching the IP of not Family friendly content. Any help please. Thanks!
I was unable to switch my pfsense box to these new family servers 1.1.1.3,1.0.0.3 from 1.1.1.1,1.0.0.3. It wouldn’t block known popular bad adults sites.
James B I think I figured it out, 1.1.1.2-3 and 1.0.0.2-3 do not yet support DoT which I use. community.cloudflare.com/t/community-tip-best-practices-for-1-1-1-1-for-families/160496
Hi Tom, Which DNS is suitable to block gaming apps on android or IOS. Specially I want to block Pubg as my kids are wasting too much time playing PUBG anf Free Fire.
The issue with 1.1.1.1 is that sometimes you don't get the closest servers to you. You might be streaming a video from a youtube server all the way across the state instead of something local.
I have a rule for DNS on my USG that drops traffic destined to any external resolver and forces everything through the USG which uses Cloudflare. I changed the DNS to 1.1.1.3 on the USG and haven't found an issue as yet.
I'd like to try that out on my kids devices but I have UniFi stuff, not pfsense. I can set a static IP per client but not override the dns servers. I found this, but I'd like to avoid making changes which cannot be made via the UI. community.ui.com/questions/Per-Client-DNS/f9547577-3984-4004-970f-51a8dceb1e23
Yea.. 1.1.1.2 seems like the way to go...ahem..*cough-cough*... 1.1.1.3 sounds like it'll interfere with some of my...ahem.... "lifestyle" channel destinations... "cough-cough"...
CloudFlare has updated there DNS over TLS: No Blocking: mozilla.cloudflare-dns.com = 104.16.248.249, 104.16.249.249 To block malware you can use: Security.cloudflare-dns.com = 104.18.2.55, 104.18.3.55 And to use malware and adult content you can use: Family.cloudflare-dns.com = 104.18.26.128, 104.18.27.128 in FireFox please remember to use network.trr.mode = 3 or these fileters won't make any sense.
Hi, after making changes to DNS pri=1.1.1.2 & sec=1.0.0.2 i then did a "ipconfig /flushdns" then a "ipconfig /displaydns". as you can see i am on Windows 10 1909 18363.720 and this was the result: sorry it's too large to pase here. pastebin.com/ntwAxamJ 1) How can i flush/fully clear DNS on Windows 10 ? 2) Not sure if this update blocker is doing that list: wpd.app/
As the founder of Google in the owner of 1. 1. 1.1 you're awesome presentation money me that p*** fans for pissed-off registered nurse my aunt I am. AWS smile Cameron Allen Shaner do you work for me already or can I hire you?
Hi Tom,
by default Unbound (aka "DNS Resolver" in pfsense) uses DNS-Root Servers, regardles what you've defined under System > General. If you want to use your custom DNS-Server you've defined under System > General, the Forwarding mode has to be enabled (DNS Resolver > Enable Forwarding Mode).
All the best
Ahh yes thank you! I forgot to mention that! docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html
I pinned your comment so others will know to change this if they need to.
docs.netgate.com/pfsense/en/latest/dns/blocking-dns-queries-to-external-resolvers.html
docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html
Wow, this comment fixed my issue after spending some time trying to get this working. Thank you!
Lawrence if you keep this up you are going to blow up on the tube ,man. You are just the right generation, and just the right topics. I don't know if it is your intention or not but mark my words, your TH-cam channel is going to grow insanely because of how good your content is man!
Tom. I can't say how much I enjoy your PFsense and unifi videos. I look forward to them. I enjoy them. I learn so much!!!!
OMG, I so need this. The other day, my 6-year old was had research into making a desert for his remote learning from school lesson, and so I caught him just in time before he had a chance to type into Google, "how to make a cream pie", for fear that something else would come up (no pun intended)...
Oh my gosh XD
I am trying not to laugh but there are so many nick names for so many explicit items its hard to just search up normal items now XD
Excellent video, Tom! I Had no idea my favorite 1.1.1.1 was adding some filtering servers! Thanks for the heads-up!
Great video, just need one thing the Filtering DNS for IPv6, which is 2606:4700:4700::1002 and 2606:4700:4700::1112 For removing adult content 2606:4700:4700::1113 and 2606:4700:4700::1003
I was using Quad 9 because of the malware protection, but Cloudflare latency is over twice as fast for me. So now I'm using it, and it's been great.
If you want to keep the kids from bypassing your DNS setting, then block DNS outbound to everything except your preferred dns.
That's what I am doing in my guest VLAN. Blocking UDP53 and the local DNS server is controlled/filtered
This works until you flip on doh. Which runs on 443.
Or you can nat everything going to udp 53 back to 1.1.1.1 lol
I've already told my missus, if my son gets old and smart enough to bypass our DNS filter, he's old enough to look at porn :-P
@@rayjaymor8754 Pretty much this. Filtering is great if you're worried about young kids stumbling upon porn. Once they are at the point of actively seeking it, they're already past the point of "protecting innocence". My kids also know I can always see what they're doing on the computer.
OpenDNS Family Shield is another option and they have single licences for home use for additional protection/cost. I use a Pihole with the umbrella filter setup via the free option they have. works well.
Love the content. Thank you for helping me ask the right questions.
FYI, and it's probably just me, when I tried to reach your kit.com link in latest Firefox and landed on a 404 page until the preceding 'www.' was added. Keep the videos coming!
best,
d'arcy
0:56 Really I don't mind giving control all to one company for as long as they do what they do without any extras, unlike Facebook who sells your data etc.
lmao the twitter responses to the CEO @4:35
truly pathetic! lol
Vegan lesbian anarchists. Can't please everyone. BWHAHAHAHA
.... "Dir sir or madam. Our services are free. You are free to choose from the 100's of alternatives on the market. This product is for people who would like to keep your agenda out of their kid's bedrooms until they're 18, or at least old enough to move out on their own. You do not have the right to push any type of sexuality on children. Please do not be outraged at this idea."
Thank you for this tom 👍👏
Hi Tom - at the 5:40 mark you talk about doing this to a device on the network with static mapping, I'm having troubles getting that to work with modern smartphones that use false macs to negotiate connectivity with wifi, do you know a solution for this? PS-thanks for all the work you put in to these videos, they have helped me set up a much more customized home network fit to my family's needs!
lol - loved your comment - 'Sorry, Cloudflare wont be a parent for you..."
Yes, I have used that line regarding tech in general a few times.
1:39 ISPs and their usual DNS's are shaking right now at the fact that Cloudflare has this option for families.
Not going to install it personally on my devices since I deal with... *ahem* both situations but would personally change the DNS's of my kid's computers and stuff so its all good for them.
Thanks LT; started using this last week
I did the .3 one globally on my router, and I didn't seem to block any of the adult sites. P Hub and P Tube, etc came right up.. ??
Hello,
Thank you for the video, although my internal network is a little different as I run Pi-Hole for my network wide ad blocker, so I just need to make the adjustment there. But again thank you for the video.
What data can your ISP see once you use a dns server like cloudflare, google, opendns, etc. Do you have any videos on "hiding" different types of traffic from your ISP. For example I use my phone as backup when my internet goes down. The cell phone company lower the video quality WAY down for Netflix and TH-cam. How can I not let them see my type of traffic or whatever they are using to de-prioritize me?
If you want to hide it from your ISP, that's what a VPN can help to do. but then the VPN provider has visibility into whatever you're doing.
@@LAWRENCESYSTEMS Do you have a recommendation on a VPN, maybe my own hosted vpnor something else that can handle a 1 gig connection and 50 users who do a lot of hd streaming?
If you search VPN on my channel you'll find several videos
query time at 1.1.1.2 - nice
3:49 Ok, on this level I have to say that I think it should be 100% blocked. Regardless of the message from the LGBT community, their community is a community at which sex is talked about and is the main focus.
To not block the LGBT websites would mean that kids would be exposed to the sex stuff which includes gender changing and other explicit items.
If your website has sex in it, THEN YOU SHOULD BE BLOCKED REGARDLESS OF THE MESSAGE!
There should not even be a discussion on the issue, its simple black and white. Does your website have any sexual items on it? If so, then block it.
Already using Quad9, but it is a good initiative from Cloudflare
I was using Quad 9, but ping was almost 30 milliseconds, Cloudflare is under 10 milliseconds. So I switched to 1.1.1.2 and it's been much faster.
What dns servers do you recommend as the default setup for clients not asking for specific DNS settings. Would cloudflare be your companies go to? At the start, you said maybe for business, so I'm thinking you may use someone else.
4:10 Literally the idea of the 1.1.1.3 was to block sexual content.
Why did cloudflare apologise for this and reverse it?
They have 1.1.1.1 like I use as well which is not censored.
If your website has sexual stuff in it, its clear black and white. Regardless of the message if its good or bad should be blocked as its job is to block all sexual content and it should not hold a position.
If it is to unblock one sexual content then it should unblock all as it would show bias towards one particular sexual content.
I just went to test this out because it sounds great for my family. But the TH-cam kids app on my daughters ipad stopped working immediately after switching from 1.1.1.1 to 1.1.1.2
Hmm, what about DNS over TLS? Does 1.1.1.3 support this?
@@RunawayIT Obviously but who doesn't use HTTPS anyway?
5:20
Why don't you use 1.1.1.3 and 1.0.0.3? 😀
Nice. I use Quad9. I will give I try to Cloudflare. You can also dst-nat all UDP 53 traffic to your preferred DNS server so even if the client manualy changes the DNS server all queries will be redirected to the DNS server you setup. With DoH I think we are out of luck for blocking DNS queries except for known DoH public server or using HTTPS inspection.
I have switched to CloudFlare Family. If I want to bypass it I just connect one of my VPN services using a different DNS.
Ah, you mean when you're in the mood to check out some porn... 😉
Thanks a lot for looking at this and for the shout-out! Where can I email you?
Twitter
When using dig @1.1.1.3 website.com does it use your current DNS for the command or makes use of specified DNS in the command??? Cause, its reaching the IP of not Family friendly content. Any help please. Thanks!
I was unable to switch my pfsense box to these new family servers 1.1.1.3,1.0.0.3 from 1.1.1.1,1.0.0.3. It wouldn’t block known popular bad adults sites.
did you clear dns cache on said devices ?
James B I think I figured it out, 1.1.1.2-3 and 1.0.0.2-3 do not yet support DoT which I use. community.cloudflare.com/t/community-tip-best-practices-for-1-1-1-1-for-families/160496
thanks you pro nice work
Tk U again for the video,
I was going to give 1.1.1.2 a try on my pfsense but it doesn't seem like it's able to use try TLS, at least yet.
Yes, there is not dns hostname to verify yet, can please Lawrence Systems / PC Pickup make an update later?
Hi Tom,
Which DNS is suitable to block gaming apps on android or IOS. Specially I want to block Pubg as my kids are wasting too much time playing PUBG anf Free Fire.
I don't know
The issue with 1.1.1.1 is that sometimes you don't get the closest servers to you. You might be streaming a video from a youtube server all the way across the state instead of something local.
So far no problems for me, but my phone is for sure getting affected.
What you think about opendns
My ISP Blocked the 1.1.1.1 DNS by default, how can I bypass this ?
try 1.0.0.1. but dns over https (doh) its a better option. There is also dns over tls (dot) but it is easier to block
That is illegal for them to do. Who is the isp?
Oof, that's hard.
I'm using 1.1.1.1 because my ISP does DNS spoofing with their normal one and blocks websites.
@@TheHermitHacker not always. Many countries permit this practice.
I have a rule for DNS on my USG that drops traffic destined to any external resolver and forces everything through the USG which uses Cloudflare. I changed the DNS to 1.1.1.3 on the USG and haven't found an issue as yet.
I'd like to try that out on my kids devices but I have UniFi stuff, not pfsense. I can set a static IP per client but not override the dns servers. I found this, but I'd like to avoid making changes which cannot be made via the UI.
community.ui.com/questions/Per-Client-DNS/f9547577-3984-4004-970f-51a8dceb1e23
Teenagers are clever these days.....*looks at my vsphere cluster that is connected to aws and 10G backbone*
3:31 The reason I don't give away the passwords XD
" poptop480 " is real Lenovo T480 ?
Lenovo L480 is what he uses.
using OpenDNS, but looking to see where this goes.
Open is owned by Cisco :P
@@JasonLeaman It sure is.
Can you look into Cleanbrowsing.org?
Yea.. 1.1.1.2 seems like the way to go...ahem..*cough-cough*... 1.1.1.3 sounds like it'll interfere with some of my...ahem.... "lifestyle" channel destinations... "cough-cough"...
1.1.1.1 for me XD
I do too much cyber stuff.
Wish they had one for no "cough-cough" websites only which would be nice.
Wish Cloudflare would make an DNS that blocks facebook so they can't track me
CloudFlare has updated there DNS over TLS:
No Blocking:
mozilla.cloudflare-dns.com = 104.16.248.249, 104.16.249.249
To block malware you can use:
Security.cloudflare-dns.com = 104.18.2.55, 104.18.3.55
And to use malware and adult content you can use:
Family.cloudflare-dns.com = 104.18.26.128, 104.18.27.128
in FireFox please remember to use network.trr.mode = 3 or these fileters won't make any sense.
How funny would it be to learn they r just using pi-hole
Hi, after making changes to DNS pri=1.1.1.2 & sec=1.0.0.2
i then did a "ipconfig /flushdns" then a "ipconfig /displaydns". as you can see i am on Windows 10 1909 18363.720 and this was the result:
sorry it's too large to pase here.
pastebin.com/ntwAxamJ
1) How can i flush/fully clear DNS on Windows 10 ?
2) Not sure if this update blocker is doing that list: wpd.app/
As the founder of Google in the owner of 1. 1. 1.1 you're awesome presentation money me that p*** fans for pissed-off registered nurse my aunt I am. AWS smile Cameron Allen Shaner do you work for me already or can I hire you?
let the kid explore and become a men.
Y I K E S
This guy talks like a machine gun.