Hi Tom, by default Unbound (aka "DNS Resolver" in pfsense) uses DNS-Root Servers, regardles what you've defined under System > General. If you want to use your custom DNS-Server you've defined under System > General, the Forwarding mode has to be enabled (DNS Resolver > Enable Forwarding Mode). All the best
@LAWRENCESYSTEMS4 жыл бұрын
Ahh yes thank you! I forgot to mention that! docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html I pinned your comment so others will know to change this if they need to.
Wow, this comment fixed my issue after spending some time trying to get this working. Thank you!
@Sladeofdark4 жыл бұрын
Lawrence if you keep this up you are going to blow up on the tube ,man. You are just the right generation, and just the right topics. I don't know if it is your intention or not but mark my words, your KZbin channel is going to grow insanely because of how good your content is man!
@augurseer4 жыл бұрын
Tom. I can't say how much I enjoy your PFsense and unifi videos. I look forward to them. I enjoy them. I learn so much!!!!
@alpachino4684 жыл бұрын
OMG, I so need this. The other day, my 6-year old was had research into making a desert for his remote learning from school lesson, and so I caught him just in time before he had a chance to type into Google, "how to make a cream pie", for fear that something else would come up (no pun intended)...
@GabrielTobing4 жыл бұрын
Oh my gosh XD I am trying not to laugh but there are so many nick names for so many explicit items its hard to just search up normal items now XD
@aschmitt894 жыл бұрын
Excellent video, Tom! I Had no idea my favorite 1.1.1.1 was adding some filtering servers! Thanks for the heads-up!
@airbornedyno4 жыл бұрын
Great video, just need one thing the Filtering DNS for IPv6, which is 2606:4700:4700::1002 and 2606:4700:4700::1112 For removing adult content 2606:4700:4700::1113 and 2606:4700:4700::1003
@Kushari4 жыл бұрын
I was using Quad 9 because of the malware protection, but Cloudflare latency is over twice as fast for me. So now I'm using it, and it's been great.
@rodneyseay92424 жыл бұрын
If you want to keep the kids from bypassing your DNS setting, then block DNS outbound to everything except your preferred dns.
@BobHolowenko4 жыл бұрын
That's what I am doing in my guest VLAN. Blocking UDP53 and the local DNS server is controlled/filtered
@anthonypolsinelli11794 жыл бұрын
This works until you flip on doh. Which runs on 443.
@davidg45124 жыл бұрын
Or you can nat everything going to udp 53 back to 1.1.1.1 lol
@rayjaymor87544 жыл бұрын
I've already told my missus, if my son gets old and smart enough to bypass our DNS filter, he's old enough to look at porn :-P
@blkspade234 жыл бұрын
@@rayjaymor8754 Pretty much this. Filtering is great if you're worried about young kids stumbling upon porn. Once they are at the point of actively seeking it, they're already past the point of "protecting innocence". My kids also know I can always see what they're doing on the computer.
@andrewseamaster4 жыл бұрын
OpenDNS Family Shield is another option and they have single licences for home use for additional protection/cost. I use a Pihole with the umbrella filter setup via the free option they have. works well.
@KaviNithyanandam4 жыл бұрын
lol - loved your comment - 'Sorry, Cloudflare wont be a parent for you..."
@LAWRENCESYSTEMS4 жыл бұрын
Yes, I have used that line regarding tech in general a few times.
@DArcySarjeant4 жыл бұрын
Love the content. Thank you for helping me ask the right questions. FYI, and it's probably just me, when I tried to reach your kit.com link in latest Firefox and landed on a 404 page until the preceding 'www.' was added. Keep the videos coming! best, d'arcy
@bikerchrisukk4 жыл бұрын
Thank you for this tom 👍👏
@CraigMullins14 жыл бұрын
What data can your ISP see once you use a dns server like cloudflare, google, opendns, etc. Do you have any videos on "hiding" different types of traffic from your ISP. For example I use my phone as backup when my internet goes down. The cell phone company lower the video quality WAY down for Netflix and KZbin. How can I not let them see my type of traffic or whatever they are using to de-prioritize me?
@LAWRENCESYSTEMS4 жыл бұрын
If you want to hide it from your ISP, that's what a VPN can help to do. but then the VPN provider has visibility into whatever you're doing.
@CraigMullins14 жыл бұрын
@@LAWRENCESYSTEMS Do you have a recommendation on a VPN, maybe my own hosted vpnor something else that can handle a 1 gig connection and 50 users who do a lot of hd streaming?
@LAWRENCESYSTEMS4 жыл бұрын
If you search VPN on my channel you'll find several videos
.... "Dir sir or madam. Our services are free. You are free to choose from the 100's of alternatives on the market. This product is for people who would like to keep your agenda out of their kid's bedrooms until they're 18, or at least old enough to move out on their own. You do not have the right to push any type of sexuality on children. Please do not be outraged at this idea."
@S_Kane4 жыл бұрын
Thanks LT; started using this last week
@RolZuela4 жыл бұрын
Already using Quad9, but it is a good initiative from Cloudflare
@Kushari4 жыл бұрын
I was using Quad 9, but ping was almost 30 milliseconds, Cloudflare is under 10 milliseconds. So I switched to 1.1.1.2 and it's been much faster.
@maxd72284 жыл бұрын
Hmm, what about DNS over TLS? Does 1.1.1.3 support this?
@yfs90354 жыл бұрын
@@RunawayIT Obviously but who doesn't use HTTPS anyway?
@ciavolella4 жыл бұрын
Hi Tom - at the 5:40 mark you talk about doing this to a device on the network with static mapping, I'm having troubles getting that to work with modern smartphones that use false macs to negotiate connectivity with wifi, do you know a solution for this? PS-thanks for all the work you put in to these videos, they have helped me set up a much more customized home network fit to my family's needs!
@GabrielTobing4 жыл бұрын
3:49 Ok, on this level I have to say that I think it should be 100% blocked. Regardless of the message from the LGBT community, their community is a community at which sex is talked about and is the main focus. To not block the LGBT websites would mean that kids would be exposed to the sex stuff which includes gender changing and other explicit items. If your website has sex in it, THEN YOU SHOULD BE BLOCKED REGARDLESS OF THE MESSAGE! There should not even be a discussion on the issue, its simple black and white. Does your website have any sexual items on it? If so, then block it.
@GabrielTobing4 жыл бұрын
4:10 Literally the idea of the 1.1.1.3 was to block sexual content. Why did cloudflare apologise for this and reverse it? They have 1.1.1.1 like I use as well which is not censored. If your website has sexual stuff in it, its clear black and white. Regardless of the message if its good or bad should be blocked as its job is to block all sexual content and it should not hold a position. If it is to unblock one sexual content then it should unblock all as it would show bias towards one particular sexual content.
@gulzoo4 жыл бұрын
Nice. I use Quad9. I will give I try to Cloudflare. You can also dst-nat all UDP 53 traffic to your preferred DNS server so even if the client manualy changes the DNS server all queries will be redirected to the DNS server you setup. With DoH I think we are out of luck for blocking DNS queries except for known DoH public server or using HTTPS inspection.
@asifnajib38752 жыл бұрын
Hi Tom, Which DNS is suitable to block gaming apps on android or IOS. Specially I want to block Pubg as my kids are wasting too much time playing PUBG anf Free Fire.
@LAWRENCESYSTEMS2 жыл бұрын
I don't know
@clearx61823 жыл бұрын
query time at 1.1.1.2 - nice
@ValVesa4 жыл бұрын
Thanks a lot for looking at this and for the shout-out! Where can I email you?
@LAWRENCESYSTEMS4 жыл бұрын
Twitter
@blot04 жыл бұрын
I just went to test this out because it sounds great for my family. But the KZbin kids app on my daughters ipad stopped working immediately after switching from 1.1.1.1 to 1.1.1.2
@BCKammen4 жыл бұрын
Hello, Thank you for the video, although my internal network is a little different as I run Pi-Hole for my network wide ad blocker, so I just need to make the adjustment there. But again thank you for the video.
@daniel_24 жыл бұрын
5:20 Why don't you use 1.1.1.3 and 1.0.0.3? 😀
@colt15964 жыл бұрын
What dns servers do you recommend as the default setup for clients not asking for specific DNS settings. Would cloudflare be your companies go to? At the start, you said maybe for business, so I'm thinking you may use someone else.
@QuantumKurator4 жыл бұрын
I have switched to CloudFlare Family. If I want to bypass it I just connect one of my VPN services using a different DNS.
@alpachino4684 жыл бұрын
Ah, you mean when you're in the mood to check out some porn... 😉
@johnroz4 жыл бұрын
I was unable to switch my pfsense box to these new family servers 1.1.1.3,1.0.0.3 from 1.1.1.1,1.0.0.3. It wouldn’t block known popular bad adults sites.
@SerpentDrago4 жыл бұрын
did you clear dns cache on said devices ?
@johnroz4 жыл бұрын
James B I think I figured it out, 1.1.1.2-3 and 1.0.0.2-3 do not yet support DoT which I use. community.cloudflare.com/t/community-tip-best-practices-for-1-1-1-1-for-families/160496
@GabrielTobing4 жыл бұрын
1:39 ISPs and their usual DNS's are shaking right now at the fact that Cloudflare has this option for families. Not going to install it personally on my devices since I deal with... *ahem* both situations but would personally change the DNS's of my kid's computers and stuff so its all good for them.
@GabrielTobing4 жыл бұрын
0:56 Really I don't mind giving control all to one company for as long as they do what they do without any extras, unlike Facebook who sells your data etc.
@davidg45124 жыл бұрын
The issue with 1.1.1.1 is that sometimes you don't get the closest servers to you. You might be streaming a video from a youtube server all the way across the state instead of something local.
@GabrielTobing4 жыл бұрын
So far no problems for me, but my phone is for sure getting affected.
@JuanLopez-db4cc4 жыл бұрын
When using dig @1.1.1.3 website.com does it use your current DNS for the command or makes use of specified DNS in the command??? Cause, its reaching the IP of not Family friendly content. Any help please. Thanks!
@camberwellcarrot4204 жыл бұрын
I was going to give 1.1.1.2 a try on my pfsense but it doesn't seem like it's able to use try TLS, at least yet.
@fedesoundsystem4 жыл бұрын
Yes, there is not dns hostname to verify yet, can please Lawrence Systems / PC Pickup make an update later?
@vijgai34 жыл бұрын
I have a rule for DNS on my USG that drops traffic destined to any external resolver and forces everything through the USG which uses Cloudflare. I changed the DNS to 1.1.1.3 on the USG and haven't found an issue as yet.
@kurtbrown75044 жыл бұрын
What you think about opendns
@alonzosmith61894 жыл бұрын
Tk U again for the video,
@MD5HA4 жыл бұрын
thanks you pro nice work
@zhixiangzhao25974 жыл бұрын
Teenagers are clever these days.....*looks at my vsphere cluster that is connected to aws and 10G backbone*
@putudipayana8414 жыл бұрын
My ISP Blocked the 1.1.1.1 DNS by default, how can I bypass this ?
@fedemtz64 жыл бұрын
try 1.0.0.1. but dns over https (doh) its a better option. There is also dns over tls (dot) but it is easier to block
@TheHermitHacker4 жыл бұрын
That is illegal for them to do. Who is the isp?
@GabrielTobing4 жыл бұрын
Oof, that's hard. I'm using 1.1.1.1 because my ISP does DNS spoofing with their normal one and blocks websites.
@ChadAmI803 жыл бұрын
@@TheHermitHacker not always. Many countries permit this practice.
@FunkyELF4 жыл бұрын
I'd like to try that out on my kids devices but I have UniFi stuff, not pfsense. I can set a static IP per client but not override the dns servers. I found this, but I'd like to avoid making changes which cannot be made via the UI. community.ui.com/questions/Per-Client-DNS/f9547577-3984-4004-970f-51a8dceb1e23
@kmcat4 жыл бұрын
Wish Cloudflare would make an DNS that blocks facebook so they can't track me
@SPPhotography894 жыл бұрын
" poptop480 " is real Lenovo T480 ?
@JuanLopez-db4cc4 жыл бұрын
Lenovo L480 is what he uses.
@LawnD4rt4 жыл бұрын
using OpenDNS, but looking to see where this goes.
@JasonLeaman4 жыл бұрын
Open is owned by Cisco :P
@LawnD4rt4 жыл бұрын
@@JasonLeaman It sure is.
@garolstipock4 жыл бұрын
Yea.. 1.1.1.2 seems like the way to go...ahem..*cough-cough*... 1.1.1.3 sounds like it'll interfere with some of my...ahem.... "lifestyle" channel destinations... "cough-cough"...
@GabrielTobing4 жыл бұрын
1.1.1.1 for me XD I do too much cyber stuff. Wish they had one for no "cough-cough" websites only which would be nice.
@GabrielTobing4 жыл бұрын
3:31 The reason I don't give away the passwords XD
@alonzosmith61894 жыл бұрын
Can you look into Cleanbrowsing.org?
@JBothell_KF0IVQ2 жыл бұрын
How funny would it be to learn they r just using pi-hole
@fbifido24 жыл бұрын
CloudFlare has updated there DNS over TLS: No Blocking: mozilla.cloudflare-dns.com = 104.16.248.249, 104.16.249.249 To block malware you can use: Security.cloudflare-dns.com = 104.18.2.55, 104.18.3.55 And to use malware and adult content you can use: Family.cloudflare-dns.com = 104.18.26.128, 104.18.27.128 in FireFox please remember to use network.trr.mode = 3 or these fileters won't make any sense.
@fbifido24 жыл бұрын
Hi, after making changes to DNS pri=1.1.1.2 & sec=1.0.0.2 i then did a "ipconfig /flushdns" then a "ipconfig /displaydns". as you can see i am on Windows 10 1909 18363.720 and this was the result: sorry it's too large to pase here. pastebin.com/ntwAxamJ 1) How can i flush/fully clear DNS on Windows 10 ? 2) Not sure if this update blocker is doing that list: wpd.app/
@cameronshaner74343 жыл бұрын
As the founder of Google in the owner of 1. 1. 1.1 you're awesome presentation money me that p*** fans for pissed-off registered nurse my aunt I am. AWS smile Cameron Allen Shaner do you work for me already or can I hire you?