Hi Tom, by default Unbound (aka "DNS Resolver" in pfsense) uses DNS-Root Servers, regardles what you've defined under System > General. If you want to use your custom DNS-Server you've defined under System > General, the Forwarding mode has to be enabled (DNS Resolver > Enable Forwarding Mode). All the best

Lawrence if you keep this up you are going to blow up on the tube ,man. You are just the right generation, and just the right topics. I don't know if it is your intention or not but mark my words, your KZbin channel is going to grow insanely because of how good your content is man!

Tom. I can't say how much I enjoy your PFsense and unifi videos. I look forward to them. I enjoy them. I learn so much!!!!

OMG, I so need this. The other day, my 6-year old was had research into making a desert for his remote learning from school lesson, and so I caught him just in time before he had a chance to type into Google, "how to make a cream pie", for fear that something else would come up (no pun intended)...

Excellent video, Tom! I Had no idea my favorite 1.1.1.1 was adding some filtering servers! Thanks for the heads-up!

Great video, just need one thing the Filtering DNS for IPv6, which is 2606:4700:4700::1002 and 2606:4700:4700::1112 For removing adult content 2606:4700:4700::1113 and 2606:4700:4700::1003

I was using Quad 9 because of the malware protection, but Cloudflare latency is over twice as fast for me. So now I'm using it, and it's been great.

If you want to keep the kids from bypassing your DNS setting, then block DNS outbound to everything except your preferred dns.

OpenDNS Family Shield is another option and they have single licences for home use for additional protection/cost. I use a Pihole with the umbrella filter setup via the free option they have. works well.

lol - loved your comment - 'Sorry, Cloudflare wont be a parent for you..."

Love the content. Thank you for helping me ask the right questions. FYI, and it's probably just me, when I tried to reach your kit.com link in latest Firefox and landed on a 404 page until the preceding 'www.' was added. Keep the videos coming! best, d'arcy

Thank you for this tom 👍👏

What data can your ISP see once you use a dns server like cloudflare, google, opendns, etc. Do you have any videos on "hiding" different types of traffic from your ISP. For example I use my phone as backup when my internet goes down. The cell phone company lower the video quality WAY down for Netflix and KZbin. How can I not let them see my type of traffic or whatever they are using to de-prioritize me?

lmao the twitter responses to the CEO @4:35

Thanks LT; started using this last week

Already using Quad9, but it is a good initiative from Cloudflare

Hmm, what about DNS over TLS? Does 1.1.1.3 support this?

Hi Tom - at the 5:40 mark you talk about doing this to a device on the network with static mapping, I'm having troubles getting that to work with modern smartphones that use false macs to negotiate connectivity with wifi, do you know a solution for this? PS-thanks for all the work you put in to these videos, they have helped me set up a much more customized home network fit to my family's needs!

3:49 Ok, on this level I have to say that I think it should be 100% blocked. Regardless of the message from the LGBT community, their community is a community at which sex is talked about and is the main focus. To not block the LGBT websites would mean that kids would be exposed to the sex stuff which includes gender changing and other explicit items. If your website has sex in it, THEN YOU SHOULD BE BLOCKED REGARDLESS OF THE MESSAGE! There should not even be a discussion on the issue, its simple black and white. Does your website have any sexual items on it? If so, then block it.

4:10 Literally the idea of the 1.1.1.3 was to block sexual content. Why did cloudflare apologise for this and reverse it? They have 1.1.1.1 like I use as well which is not censored. If your website has sexual stuff in it, its clear black and white. Regardless of the message if its good or bad should be blocked as its job is to block all sexual content and it should not hold a position. If it is to unblock one sexual content then it should unblock all as it would show bias towards one particular sexual content.

Nice. I use Quad9. I will give I try to Cloudflare. You can also dst-nat all UDP 53 traffic to your preferred DNS server so even if the client manualy changes the DNS server all queries will be redirected to the DNS server you setup. With DoH I think we are out of luck for blocking DNS queries except for known DoH public server or using HTTPS inspection.

Hi Tom, Which DNS is suitable to block gaming apps on android or IOS. Specially I want to block Pubg as my kids are wasting too much time playing PUBG anf Free Fire.

query time at 1.1.1.2 - nice

Thanks a lot for looking at this and for the shout-out! Where can I email you?

I just went to test this out because it sounds great for my family. But the KZbin kids app on my daughters ipad stopped working immediately after switching from 1.1.1.1 to 1.1.1.2

Hello, Thank you for the video, although my internal network is a little different as I run Pi-Hole for my network wide ad blocker, so I just need to make the adjustment there. But again thank you for the video.

5:20 Why don't you use 1.1.1.3 and 1.0.0.3? 😀

What dns servers do you recommend as the default setup for clients not asking for specific DNS settings. Would cloudflare be your companies go to? At the start, you said maybe for business, so I'm thinking you may use someone else.

I have switched to CloudFlare Family. If I want to bypass it I just connect one of my VPN services using a different DNS.

I was unable to switch my pfsense box to these new family servers 1.1.1.3,1.0.0.3 from 1.1.1.1,1.0.0.3. It wouldn’t block known popular bad adults sites.

1:39 ISPs and their usual DNS's are shaking right now at the fact that Cloudflare has this option for families. Not going to install it personally on my devices since I deal with... *ahem* both situations but would personally change the DNS's of my kid's computers and stuff so its all good for them.

0:56 Really I don't mind giving control all to one company for as long as they do what they do without any extras, unlike Facebook who sells your data etc.

The issue with 1.1.1.1 is that sometimes you don't get the closest servers to you. You might be streaming a video from a youtube server all the way across the state instead of something local.

When using dig @1.1.1.3 website.com does it use your current DNS for the command or makes use of specified DNS in the command??? Cause, its reaching the IP of not Family friendly content. Any help please. Thanks!

I was going to give 1.1.1.2 a try on my pfsense but it doesn't seem like it's able to use try TLS, at least yet.

I have a rule for DNS on my USG that drops traffic destined to any external resolver and forces everything through the USG which uses Cloudflare. I changed the DNS to 1.1.1.3 on the USG and haven't found an issue as yet.

What you think about opendns

Tk U again for the video,

thanks you pro nice work

Teenagers are clever these days.....*looks at my vsphere cluster that is connected to aws and 10G backbone*

My ISP Blocked the 1.1.1.1 DNS by default, how can I bypass this ?

I'd like to try that out on my kids devices but I have UniFi stuff, not pfsense. I can set a static IP per client but not override the dns servers. I found this, but I'd like to avoid making changes which cannot be made via the UI. community.ui.com/questions/Per-Client-DNS/f9547577-3984-4004-970f-51a8dceb1e23

Wish Cloudflare would make an DNS that blocks facebook so they can't track me

" poptop480 " is real Lenovo T480 ?

using OpenDNS, but looking to see where this goes.

Yea.. 1.1.1.2 seems like the way to go...ahem..*cough-cough*... 1.1.1.3 sounds like it'll interfere with some of my...ahem.... "lifestyle" channel destinations... "cough-cough"...

3:31 The reason I don't give away the passwords XD

Can you look into Cleanbrowsing.org?

How funny would it be to learn they r just using pi-hole

CloudFlare has updated there DNS over TLS: No Blocking: mozilla.cloudflare-dns.com = 104.16.248.249, 104.16.249.249 To block malware you can use: Security.cloudflare-dns.com = 104.18.2.55, 104.18.3.55 And to use malware and adult content you can use: Family.cloudflare-dns.com = 104.18.26.128, 104.18.27.128 in FireFox please remember to use network.trr.mode = 3 or these fileters won't make any sense.

Hi, after making changes to DNS pri=1.1.1.2 & sec=1.0.0.2 i then did a "ipconfig /flushdns" then a "ipconfig /displaydns". as you can see i am on Windows 10 1909 18363.720 and this was the result: sorry it's too large to pase here. pastebin.com/ntwAxamJ 1) How can i flush/fully clear DNS on Windows 10 ? 2) Not sure if this update blocker is doing that list: wpd.app/

As the founder of Google in the owner of 1. 1. 1.1 you're awesome presentation money me that p*** fans for pissed-off registered nurse my aunt I am. AWS smile Cameron Allen Shaner do you work for me already or can I hire you?

let the kid explore and become a men.

This guy talks like a machine gun.

Y I K E S