Cloudflare 1.1.1.1 for Families & How to use it with pfsense

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Tommy here from Warren Systems we're gonna talk about cloud FLIR and their new family friendly DNS filtering if you all learn more about me and my company head over to Lawrence systems.com if you would like to hire sure project Jersey hire spudding up at the top you got support this channel in other ways there's some affiliate links down below for products and services that we talk about the channel and get you some deals and discounts CloudFlare they've been doing dns for a little while they have a really cool service and they've had their one-one-one for a few years now and it's worked really well now I also and one of things they mentioned right here they also just completed a privacy audit and I think this is really important they went through and had a third party come in and review their processes and how they do things and it's a long Public DNS privacy examination now they did this because they've become kind of in the limelight due to the fact that Firefox chose them as a default provider for do H and I think that's really cool and some people seem to think it's really controversial you're giving too much control to one company but they want to be very transparent and say that they're a good company to give it to and they're being very open about how they do things that they're not selling your data etc and they've let a third-party auditor come in and do this now by the way DNS is an optional thing it's actually not like you are absolutely forced to use cloud flinters and other providers there's plenty of other providers out there and for the most part most people just use what the ISP gives them so you're not like being defaulted into it with the exception of if you turn on do H on fire five Cs it does default to cloud flare but completely changeable not locked in not restricted you can use different providers anyways back to the topic here they've decided to update their one-one-one service into offering a family-friendly version actually two versions one is one 11.2 does no malware version and one 11.3 no malware or adult content now some people think this little bit controversial but I think it's overall a good thing and once again it DNS is something you generally have to update and choose this isn't like this is being chose by default or not filtering sites by default out of the box but I think a lot of people can agree there is a layers of protection and DNS has become a pretty important one especially for home users and I get a lot of questions on what are some simple things home users can do and this is one of the easiest and simplest ones you can do and we're going to talk about it specifically how to implement it and pfSense so one one one two no matter what does that mean so if a site has a indicator of compromise or known to be distributing malware it gets in their list now does that mean there will be false positives occasionally get in there completely a possibility you could always just change the NF servers if you find something blocked that you don't think should be blocked I mean that it's pretty straightforward to do and if yours you know if you're really worried about it then don't use this but I think it's a better layer of protection and I really recommend to a lot of home users and probably businesses should take a look at it as well especially some of the smaller ones if they don't have some of the other more advanced filtering system set up this is a pretty low level easy way to do it and adds an extra layer now one one one three no malware or adult content I think this is particularly good because this solves the problem that I get challenged with a lot with you know people I know that just want to protect their kids they go hey I got a small child I want them to be able to go on the internet but I'm afraid you might type in the wrong website or find the wrong thing well the no malware no adult content night is pretty nice because you can set it on a per computer basis inside your home and I'm going to show you how to do that with a DHCP reservation so now yes you're able to filter that one particular computer and reduce the likelihood adding another layer that they will stumble upon a site they shouldn't and someone already point out well they can just change a DNS server yes I know teenagers are clever and this is probably not the best defense against a clever teenager determined to get on websites you do not want them on that requires a whole nother level of supervision sorry clogged there won't be a parent for you anyways I won't lie though I am aware and I have this link pulled up over here from the register which I love their snark but I think they're going over the top here with CloudFlare CloudFlare family-friendly DNS server flubs filtering for a you know I love their iterations here for AB is that prides itself on not censoring Internet it sure looks like they're censoring the Internet no yes they have already made mistakes shocker right a company launching a new product and was a problem with it it filtered his site that shouldn't have been filtered that's fine this is the response that from the CEO himself dumb mistake in our part we are fixing immediately if you have suggestions on how we can make it better let us know what working you ask for a CEO getting on Twitter and actually not only fixing it saying how do we make it better and asking for the crowds help filtering websites is age Challenge that is amazing we think about the number of websites and what is or isn't categorized this becomes very challenging once again DNS is an optional thing it's not like you're being forced into that you're trying to break the internet like the being implied almost at the register either way I'm aware of these articles so let's jump into actually what to do and how to configure it first I set it up on mine because this came out on April 1st and it is now April 5th I used it for a couple days because the announcement I didn't feel like doing a video about I wanted to actually turn it on and see what happened nothing it works perfectly fine I haven't found the site I couldn't go to I couldn't find any of my workflows that couldn't be done I just used the 1 1 1 2 and 1 0 0 2 for filtering this but specifically filtering it just for the no malware one so I put this inside of my general set up a PS sense and that was easy enough to do you just change these two settings right here whatever you may have had in there and make sure that you're not overriding it with whatever your ISP gives you which I never do anyway so I was actually using cloud player and quad 9 prior to my switching I can't distinguish any difference everything at my house works perfectly fine for the last several days go over to my DHCP server how do you specifically go to one computer and do it well you could mainly set up the computer and change the DNS entry sort of computer that way tedious I'd rather do it right here and we're gonna go to my Markus gaming desktop I went in to his DCP reservation that I have set and I changed his to 1 1 1 3 my son is at an age where maybe he would look things up and maybe he will be able to figure how to bypass it but either way I have put the block in here to stop it from working what I did was that his DNS server to equal this and I remote her back into my home and here we go here is the DNS server 192 168 dot 1.1 is the default gateway and then we're forcing it to give this out as a DNS server now normally pfSense will give itself as a DNS server so now with the DNS queries are not passing through my PF sense which could you know obviously bypass some of the PF blocker settings I have in there but I'm throwing it out there too if you wanted an arrow down to one specific computer you could do that I could also alternate the secondary DNS server to be 192 168 1 1 but I wanted to try it with the 1 1 3 because I know not everyone's running a more advanced system like PF blocker which has better abilities for more filtering and I got separate videos on that but from and point of usability the games play fine someone claimed to me that I got a message that was blocking YouTube I so far haven't seen that happen we can pull YouTube right up on his computer and it works perfectly fine we can go back over here to and actually I should prep it this in color if you're wondering when we do the remote I change things not to color so it loads fast you see how it takes a bit longer to draw the color all right so I'm going to show here is if we do a dig which is a DNS record lookup at one dot one dot one dot one and we're going to look up you tube comm it returns the youtubes IP address right here 172 217 8 206 if we change this to a 2 we get the same answer and we change it to a 3 we get the same answer but let's started having it as a 1 and look up another site and what we're doing is a requiring CloudFlare about this website it gives us an IP address give us the same IP address but we go here to doubt 3 the family-friendly one and it gives us no IP address so pretty straightforward how they're doing it simple DNS filter and if you're ever curious if a site is blocked if you happen to globally set your DNS and suddenly the site you're looking for doesn't work and windows has sent us look up but you can also you know do other lookup tools and Linux obviously it's Digg as the easiest one you use but you can dig into this and figure out if there's a site that you want that it's blocked you could always just switch your dns writers back if you're having a problem and CloudFlare seems to be open to addressing issues that get found or miscategorized site so overall I think this is a really good thing that CloudFlare is doing I'm gonna offer it to a lot of my you know home user friends are looking for really simple ways to just put filtering on some of the desktops just go in there and either manually set the DNS on a particular computer create a DHCP reservation obviously pfSense makes this really easy there's other firewalls that do this as well where you can specify the DNS or just overall specify that DNS TV pushed out to everyone but maybe there's some sites that other adults in the family would like to get to so maybe filtering all of them may or may not be a practical depends on your use case something to think about but that's it that's my thoughts on called for your family friendly dns it's a positive thing it's a good thing I like the fact that they're filtering malware that is something that really every home user and maybe even businesses should consider doing but a lot of the businesses are using DNS systems that do offer this commercially and it's pretty popular way to do it umbrella is one of the ones that come to mind Cisco's umbrella they've been filtering malware and things like that for a while DNS filtering is pretty popular and a reason why and I've talked about this before when you try to do constant diving into its certificate level filtering where you want to play man-in-the-middle with everything when some corporate firewalls do set this up with proxies but it becomes very difficult challenging to manage DNS is one of those catch all's that does a pretty good job and it's a good layer to have in your security stack for filtering things all right and I'll leave a link to the announcement on CloudFlare that's about it thanks and thank you for making it to the end of the video if you like this video please give it a thumbs up if you like to see more content for the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you'd like to hire us head over to Lauren systems comm fill out our contact page and let us know what we can help you with and what projects you like us to work together on if you want to carry on the discussion how to wrote of forums that Lauren systems comm where we can carry on the discussion about this video other videos or other tech topics and general even suggestions for new videos they're accepted right there on our forums which are free also if you like to help the channel on other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time

Info

Channel: Lawrence Systems

Views: 41,247

Rating: undefined out of 5

Keywords: lawrencesystems, cloudflare for family, cloudflare, cloudflare dns, cloudflare cdn, setup cloudflare, cloudflare dns for family, cloudflare dns settings, cloudflare dns 1.1.1.1, cloudflare 1.1.1.1, cloudflare dns 1.1.1.1 review, privacy, security, cloudflare dns 1113

Id: uNKgnycpZhg

Channel Id: undefined

Length: 10min 27sec (627 seconds)

Published: Sun Apr 05 2020