 Time here for Lawrence Systems and we're gonna talk about Cloudflare and their new family-friendly DNS filtering If you want to learn more about me and my company head over to LawrenceSystems.com If you would like to hire sure projectors a hires button up at the top if you want to support this channel in other ways There's some affiliate links down below for products and services that we talk about the channel and get you some deals and discounts Cloudflare they've been doing DNS for a little while they have a really cool service and They've had their one one one for a few years now and it's worked really well now I also in one of the things they mentioned right here They also just completed a privacy audit and I think this is really important They went through and had a third-party come in and review their processes and how they do things and it's a long Public DNS privacy examination now They did this because they have become kind of in the limelight due to the fact that Firefox chose them as a default Provider for DOH and I think that's really cool and some people seem to think it's really controversial You're giving too much control to one company But they want to be very transparent and say that they're a good company to give it to and they're being very open about how they do things That they're not selling your data, etc. And they've let a third-party auditor come in and do this now by the way DNS is an optional thing It's actually not like you are absolutely forced to use cloud planners and other providers There's plenty of other providers out there and for the most part most people just use what the ISP gives them So you're not like being defaulted into it with the exception of if you turn on DOH on Firefox Yes, it does default to cloudflare but completely changeable not locked in not restricted You can use different providers. Anyways back to the topic here They've decided to update their 111 service into offering a family-friendly version actually two versions One is 111.2 the no-mailware version and 111.3 no-mailware or adult content now Some people think this is a little bit controversial But I think it's overall a good thing and once again it DNS is something you generally have to update and choose This isn't like this is being chose by default or not filtering sites by default out of the box But I think a lot of people can agree there is a layers of protection and DNS has become a pretty important one Especially for home users and I get a lot of questions on what are some simple things home users can do And this is one of the easiest and simplest ones you can do and we're going to talk about it specifically how to implement it in PSense so 111.2 no-mailware What does that mean so if a site has a indicator of compromise or known to be distributing malware it gets in their list Now does that mean there will be false positives occasionally get in there completely a possibility You could always just change dnf servers if you find something blocked that you don't think should be blocked I mean that is pretty straightforward to do and if you're you know if you're really worried about it Then don't use this But I think it's a better layer of protection And I really recommend a lot of home users and probably businesses should take a look at it as well Especially some of the smaller ones if they don't have some of the other more advanced filtering system set up This is a pretty low level easy way to do it and adds an extra layer Now 111.3 no-mailware or adult content I think this is particularly good because this solves the problem that I get challenged with a lot when You know people I know that just want to protect their kids and go. Hey, I got a small child I want them to be able to go on the internet, but I'm afraid they might type in the wrong Website or find the wrong thing Well, the no-mailware no adult content night is pretty nice because you can set it on a per computer basis Inside your home and I'm going to show you how to do that with the DHCP reservation So now yes, you're able to filter that one particular computer and Reduce the likelihood adding another layer that they will stumble upon a site. They shouldn't and someone already find out Well, they can just change a dns server. Yes. I know teenagers are clever And this is probably not the best defense against a clever teenager determined to get on websites You do not want them on that requires a whole another level of supervision. Sorry cloud clear won't be apparent for you Anyways, I won't lie though I am aware and I have this link pulled up over here from the register, which I love their snark But I think they're going over the top here with cloud flare cloud flare family friendly dns server flubs filtering for a You know, I love their iterations here for a biz that prides itself on not censoring the internet It sure looks like they're censoring the internet. Now. Yes, they have already made mistakes Shocker, right a company launched a new product and was a problem with it at filtered a site that shouldn't have been filtered That's fine. This is the response that from the CEO himself dumb mistake in our part We are fixing immediately if you have suggestions on how we can make it better. Let us know What more can you ask for a CEO getting on twitter and actually not only fixing it saying how do we make it better And asking for the crowds help filtering websites is a challenge that is amazing We think about the number of websites and what is or isn't categorized this becomes very challenging Once again, dns is an optional thing It's not like you're being forced into that they're trying to break the internet like the Being implied almost at the register either way I'm aware of these articles So let's jump into actually what to do and how to configure it first I set it up on mine because this came out on april 1st and it is now april 5th I used it for a couple days because the announcement I didn't feel like doing a video about I wanted to actually turn it on And see what happened Nothing, uh, it works perfectly fine. I haven't found a site I couldn't go to I couldn't find any of my workflows that couldn't be done I just use the 1112 and 1002 for filtering this but specifically filtering it just for the no malware one So I put this inside of my general set up a pf sense And that was easy enough to do you just change these two settings right here Whatever you may have had in there. Um, it makes sure that you're not overriding it with whatever your isp gives you Which I never do anyway, so I was actually using cloudflare and quad 9 prior to my switching I can't distinguish any difference. Everything at my house works perfectly fine for the last several days Go over to my dhcp server. How do you specifically go to one computer and do it? Well, you could mainly set up the computer and change a dns Essentially should a computer that way tedious. I'd rather do it right here and we're gonna go to my marcus gaming desktop I went into his dhcp reservation that I have set and I changed this to 1113 My son is at an age where maybe he would look things up And maybe he will be able to figure out how to bypass it But either way I have put the block in here to stop it from working What I did was set his dns server to equal this and I've remoted back into my home And uh, here we go. Here is the dns server 192168.1.1 is the default gateway and then we're Forcing it to give this out as a dns server. Now normally pf sense will give itself as a dns server So now with the dns queries are not passing through my pf sense, which could you know, obviously bypass some of the pf blocker settings I have in there But I'm throwing it out there and if you wanted an arrow down to one specific computer you could do that I could also alternate the secondary dns server to be 192168.1.1 But I wanted to try it with the 113 because I know not everyone's running a more advanced system like pf blocker Which has better abilities for more filtering and I got separate videos on that But from the standpoint of usability the games play fine Someone claimed to me that I got a message that was blocking youtube. I so far haven't seen that happen We can pull youtube right up On his computer and it works perfectly fine We can go back over here to And actually I should probably put this in color If you're wondering when we do the remote, uh, I change things not to color so it loads faster You see how it takes a little longer to draw the color All right, so I'm going to show here is if we do a dig which is a dns records lookup at 1.1.1.1 And we're going to look up a youtube.com And returns the youtube's ip address right here 1722178.206 if we change this to a 2 we get the same answer and we change it to a 3 We get the same answer, but let's start at having it as a 1 And look up another site and what we're doing is we're querying claud flair about this website It gives us an ip address Gives us the same ip address But we go here to dot 3 the family friendly one and it gives us no ip address So pretty straightforward how they're doing it simple dns filter And if you're ever curious if a site is blocked if you happen to globally set your dns to this and suddenly the site you're looking for doesn't work On windows this ns lookup But you can also you know do other lookup tools and linux Obviously it's dig is the easiest one to use but you can dig into this and figure out if there's a site that you want That is blocked You can always just switch your dns version back if you're having a problem and claud flair seems to be open to Addressing issues that get found or miscategorized site. So overall, I think this is a really good thing that claud flair is doing I'm Going to offer it to a lot of my you know home user friends are looking for really simple ways to just put filtering on some of The uh desktops just go in there and either manually set the dns on that particular computer create a dhcp reservation Obviously pf sense makes this really easy There's other firewalls that do this as well where you can specify the dns Or just overall specify that dns to be pushed out to everyone But maybe there's some sites that other Adults in the family would like to get to so maybe filtering all of them may or may not be practical depends on your use case Something to think about but um, that's it. That's my thoughts on claud flair's family for any dns It's a positive thing. It's a good thing I like the fact that they're filtering malware That is something that really every home user and maybe even businesses should consider doing but a lot of the Businesses are usually dns systems that do offer this commercially and it's a pretty popular way to do it Umbrella is one of the ones that come to my and sysco's umbrella They've been filtering malware and things like that for a while dns filtering is Pretty popular and a reason why and i've talked about this before when you try to do constant Diving into a certificate level filtering where you want to play man in the middle with everything when some corporate firewalls do Set this up with proxies But it becomes very difficult and challenging to manage Dns is one of those catchalls. It does a pretty good job And it's a good layer to have in your security stack for filtering things All right, and i'll leave a link to the announcement on claud flair and that's about it Thanks, and thank you for making it to the end of the video If you like this video, please give it a thumbs up if you like to see more content from the channel Hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out If you like to hire us head over to laurance systems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurance systems.com Or we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel out in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time