Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
TetraSky

Cloudflare is introducing Malware and Adult DNS filters.

Recommended Posts

Posted Original PosterOP

We all know and love the 1.1.1.1 DNS from Cloudflare. But now, on聽this foolish day, Cloudflare has announced two new DNS addresses that were quite in demand apparently. (technically four聽new DNS聽馃槄).

Here's a partial quote from the article, which I encourage you to go and read the source of:

Quote

Since launching 1.1.1.1, the number one request we have received is to provide a version of the product that automatically filters out bad sites. While 1.1.1.1 can safeguard user privacy and optimize efficiency, it is designed for direct, fast DNS resolution, not for blocking or filtering content. The requests we鈥檝e received largely come from home users who want to ensure that they have a measure of protection from security threats and can keep adult content from being accessed by their kids. Today, we're happy to answer those requests.


Introducing 1.1.1.1 for Families

[...] it includes the same strong privacy guarantees that we committed to when we launched 1.1.1.1 two years ago. And, just like 1.1.1.1, we're providing it for free and it鈥檚 for any home anywhere in the world.

Two Flavors: 1.1.1.2 (No Malware) & 1.1.1.3 (No Malware or Adult Content)

1.1.1.1 for Families has two default options: one that blocks malware and the other that blocks malware and adult content. You choose which setting you want depending on which IP address you configure.

Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2

Malware and Adult Content
Primary DNS: 1.1.1.3
Secondary DNS: 1.0.0.3

For IPv6 use:

Malware Blocking Only
Primary DNS: 2606:4700:4700::1112
Secondary DNS: 2606:4700:4700::1002

Malware and Adult Content
Primary DNS: 2606:4700:4700::1113
Secondary DNS: 2606:4700:4700::1003


Now I'm sure I know what you're thinking.
Surely this is a joke right? It IS聽April聽fool's day, after all. Nope.

Quote

Not A Joke

Most of Cloudflare's business involves selling services to businesses. However, we've made it a tradition every April 1 to launch a new consumer product that leverages our network to bring more speed, reliability, and security to every Internet user. While we make money selling to businesses, the products we launch at this time of the year are close to our hearts because of the broad impact they have for every Internet user.

It actually works!

I've tried the 1.1.1.3 DNS on my router and it did indeed blocks those darn websites that are just everywhere these days.

Honestly, this is great for families and likely for system admins of various businesses too, to prevent their users from watching pr0n on the job.

I've been using the 1.1.1.1 DNS for a while now and am quite satisfied with it. But with these new DNS, I'm making the switch.

Certainly, I am not聽personally going to use the 1.1.1.3 DNS... For obvious reasons 聽( 汀掳 蜏蕱 汀掳).
But if the 1.1.1.2 DNS can offer somewhat additional protection, I'm happy to switch to it and will likely add this DNS to the list of things I should change on other networks that I manage.

Source:

https://blog.cloudflare.com/introducing-1-1-1-1-for-families/


CPU: AMD Ryzen 3600 / GPU: Radeon HD7970 GHz 3GB(upgrade pending)/ RAM: Corsair Vengeance LPX 2x8GB聽DDR4-3200
MOBO: MSI B450m Gaming Plus聽/ NVME: Corsair聽MP510 240GB / Case:TT Core v21聽/ PSU: Seasonic 750W聽/ OS: Win聽10 Pro

Link to post
Share on other sites

PIA! Private Internet Access allows you to browse the web anonymously, and safely using military grade encryption, multi hop, and more. It also allows you to access porn sites when your parents have set the default DNS of your router to block out all the nastiness. Click the link in the video description to learn more.

Link to post
Share on other sites

no my free p0rn!!!!


*Insert Witty Signature here*

System Config:聽https://au.pcpartpicker.com/list/yJ2cQV

5U The Waifu (my new in-progress server): https://linustechtips.com/main/topic/1130931-5u-the-waifu-my-new-server/

Link to post
Share on other sites
Posted (edited)

My first thought is

  1. how good is it at catching things (what percent of things that should be filtered get through anyway), and
  2. how good is it at not over-reaching (what percent of things that should be allowed get blocked by mistake).

Sounds like a good idea, I just wonder where they're getting the data from to apply this filter.

Edit: Reading the comments on their page, it appears as though (unsurprisingly) there are serious problems with the .3 version in both of these regards.聽 I'm mainly interested in the malware protection though...

Edited by Ryan_Vickers

Solve your own audio issues聽 | 聽First Steps with RPi 3聽 | 聽Humidity & Condensation聽 | 聽Sleep & Hibernation聽 | 聽Overclocking RAM聽 | 聽Making Backups聽 | 聽Displays聽 | 聽4K / 8K / 16K / etc.聽 | 聽Do I need 80+ Platinum?

If you can read this you're using the wrong theme. 聽You can change it at the bottom.

Link to post
Share on other sites
Quote

聽Cloudflare is introducing Malware

That part really caught my attention.


Make sure to quote or tag me (@JoostinOnline) or I won't see your response!

PSU Tier List聽 |聽 The Real Reason Delidding Improves Temperatures |聽"2K" does not mean 2560脳1440

Link to post
Share on other sites

Hmmm my local DNS resolver already does this for my home network with filters ads/trackers plus I can redirect external dns to local to enforce this rule.


Magical Pineapples


Link to post
Share on other sites

There is also NextDNS which is more flexible as you can pick what lists you want to use or even curate your own black/whitelist. With logs, analytics and all that jazz. Youc an also turn all of it off and it'll act as DNS alone.

Link to post
Share on other sites

Well interesting though for malware filter.聽


Ryzen 7 3800X | X570 Aorus Elite | G.Skill 16GB 3200MHz C16 | Radeon RX 5700 XT | Samsung 850 PRO 256GB | Mouse: Zowie S1 | OS: Windows 10

Link to post
Share on other sites

Where's the IPv6 versions? We're in the future man, we shouldn't be using older tech


PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

DesktopBuild: Ryzen 7 1800X @ 4.0GHz,聽AsRock Fatal1ty X370 Professional Gaming,聽32GB Corsair DDR4 @ 3000MHz,聽RX480 8GB OC,聽Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


Link to post
Share on other sites
Posted Original PosterOP
8 minutes ago, rcmaehl said:

Where's the IPv6 versions? We're in the future man, we shouldn't be using older tech

It's in the source.

It originally wasn't in the article, but I had seen them聽in their comments. I wasn't sure if it was legit or not, hence why I hadn't added them.
Now that they've edited their article to add this info, I've also聽added them to the original post.

Malware Blocking Only
Primary DNS: 2606:4700:4700::1112
Secondary DNS: 2606:4700:4700::1002

Malware and Adult Content
Primary DNS: 2606:4700:4700::1113
Secondary DNS: 2606:4700:4700::1003


CPU: AMD Ryzen 3600 / GPU: Radeon HD7970 GHz 3GB(upgrade pending)/ RAM: Corsair Vengeance LPX 2x8GB聽DDR4-3200
MOBO: MSI B450m Gaming Plus聽/ NVME: Corsair聽MP510 240GB / Case:TT Core v21聽/ PSU: Seasonic 750W聽/ OS: Win聽10 Pro

Link to post
Share on other sites

Imagine being the person that has to review every site on the mature ban list.聽


Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE庐 LPXDDR4 3200Mhz CL16-18-18-36 2x8GB

聽 聽 聽 聽 聽 聽 CPU: Ryzen 7 2700X @ 4.2Ghz聽 聽 聽 聽 聽 Case: Antec P8 聽 聽 PSU: G.Storm GS850聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

聽 聽 聽 聽 聽 聽 Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168聽GPU: EVGA RTX 2080 ti Black edition @ 2Ghz

聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽 聽

Link to post
Share on other sites
Posted Original PosterOP
25 minutes ago, williamcll said:

Imagine being the person that has to review every site on the mature ban list.聽

Dream job.


CPU: AMD Ryzen 3600 / GPU: Radeon HD7970 GHz 3GB(upgrade pending)/ RAM: Corsair Vengeance LPX 2x8GB聽DDR4-3200
MOBO: MSI B450m Gaming Plus聽/ NVME: Corsair聽MP510 240GB / Case:TT Core v21聽/ PSU: Seasonic 750W聽/ OS: Win聽10 Pro

Link to post
Share on other sites
1 hour ago, williamcll said:

Imagine being the person that has to review every site on the mature ban list.聽

Apparently it not manually reviewed. It's a list from a provider

image.png.4bbfa9abde21042e4e30d3d46355dff3.png


PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

DesktopBuild: Ryzen 7 1800X @ 4.0GHz,聽AsRock Fatal1ty X370 Professional Gaming,聽32GB Corsair DDR4 @ 3000MHz,聽RX480 8GB OC,聽Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


Link to post
Share on other sites
11 hours ago, Doobeedoo said:

Well interesting though for malware filter.聽

They would know, since they protect 99% of it.

Link to post
Share on other sites

*teenagers sweating聽profusely*


-it鈥檚 scuff Gang btw, I hated the name and needed a change
Quote me for a reply, React if I聽was helpful, informative, or funny

AMD blackout rig

cpu: ryzen 5 3600 @4.4ghz @1.35v

gpu: rx580 @1.45ghz mem=2100mhz

ram: vengeance lpx c15 @3800mhz

mobo: Asus b450f

psu: cooler master mwe 650w

case: masterbox mbx520

fans:Noctua industrial 3000rpm x6

Link to post
Share on other sites

We already use Bitdefender Gravityzone for my family's small business with 7 computers and that does the job for blocking not just malware but also job search and porn sites. It would be interesting how a malware/porn blocking DNS resolver complement what we use.

Spoiler

1933911401_Screenshot(144).thumb.png.a0e17cef9bdc0db94635024eb64564d2.png

To be honest, I see this as a good parental control in the house or if you want your customers to stop watching porn in a small coffee shop. There's always VPN to circumvent it but with some investments, VPNs can be blocked too.


There is more that meets the eye
I see the soul that is inside

Making Windows Defender as good or even better than paid options

Link to post
Share on other sites
On 4/2/2020 at 6:54 AM, TetraSky said:

Surely this is a joke right? It IS聽April聽fool's day, after all. Nope.

1.1.1.1 released on 1st April as well.聽


| Intel i7-3770@4.2Ghz聽|聽Asus Z77-V | Zotac 980 Ti Amp! Omega聽| DDR3 1800mhz聽4GB x4聽|聽300GB Intel DC S3500 SSD | 512GB Plextor M5聽Pro | 2x 1TB WD Blue聽HDD |
聽|聽Enermax NAXN82+ 650W 80Plus Bronze | Fiio E07K | Grado SR80i |聽Cooler Master XB HAF EVO聽| Logitech G27 | Logitech G600 | CM Storm Quickfire TK | DualShock 4聽|

Link to post
Share on other sites
13 hours ago, rcmaehl said:

Apparently it not manually reviewed. It's a list from a provider

That just shifts the question though.聽 How does that provider make the list?


Solve your own audio issues聽 | 聽First Steps with RPi 3聽 | 聽Humidity & Condensation聽 | 聽Sleep & Hibernation聽 | 聽Overclocking RAM聽 | 聽Making Backups聽 | 聽Displays聽 | 聽4K / 8K / 16K / etc.聽 | 聽Do I need 80+ Platinum?

If you can read this you're using the wrong theme. 聽You can change it at the bottom.

Link to post
Share on other sites

Why is malware filtering not on their normal DNS? Seems like something that should be always on


Judge the product by it's own merits,聽not by the Company that created it.

Link to post
Share on other sites

1.1.1.3 and iv6 is not working currently for me, seems it not being accepted in the settings [wont validate].

I'll just use the 1.1.1.2聽for now until they get that resolved.

I hope they get this feature included in their upcoming Android 1.1.1.1 app updates.


Tech News Posting Guidelines - READ BEFORE POSTING | Community Standards | Forum Staff

LTT Folding Users Tips, Tricks and FAQ | F@H Contribution | My Rig | Project Steamroller

Spoiler

聽鈥

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.聽聽~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.聽 ~ Winston Churchill

Docendo discimus - "the best way to learn is to teach" ~ Benjamin Jantz

I am a StarCitizen are you? My ships: Aegis Eclipse, Aegis Sabre, Aegis Gladius, Aopoa Nox, KI P52 Merlin, KI P72 Archimedes and the RSI Constellation Aquila.

My Phones are聽a Nokia Lumia 925 with WM10 and a聽Microsoft Lumia 950 XL with WM10 running the Fast Ring insider updates.聽Broke :(

Samsung Note 9 and a Samsung S9+

About Myself:聽 聽https://linustechtips.com/main/profile/229093-sansvarnic/?tab=field_core_pfield_46

聽CHRISTIAN MEMBER聽

Link to post
Share on other sites
37 minutes ago, Arika S said:

Why is malware filtering not on their normal DNS? Seems like something that should be always on

Several reasons for it, but here are two.

1) DNS was never meant to provide protection from malware. It's kind of like making a keyboard where you can't type certain words because "they might be dangerous". The default, if you ask me, should be for a DNS to just do its job, which is translating domain names to IP addresses. It shouldn't get in the way and decide which sites I can and can't visit.

2) There is always a risk of false positives. If you switch to the malware free DNS resolver you might run into issues where you can't visit certain sites because your DNS provider THINKS that they are malicious, but they aren't. If that happens to someone slightly less tech literate they will have problems. Just look at the shitstorm the adult filter has caused by blocking some LGBTQ sites (because they talk about things such as sex).

Also, I strongly recommend that you do not read too much of that twitter thread and the replies. It's full off lunatics that believe Cloudflare is doing this to promote nazis and censor LGBTQ people. Because obviously that's the logical explanation and not that those sites are full of keywords related to sex which also happens to be on a lot of porn websites. Nahh, that's totally unreasonable...

Link to post
Share on other sites
56 minutes ago, Ryan_Vickers said:

That just shifts the question though.聽 How does that provider make the list?

I'm guessing they're logging each IP addresses and URLs from their DNS resolver and classify sites as either clean, pornographic or malicious/phishing via an automated classifier.


There is more that meets the eye
I see the soul that is inside

Making Windows Defender as good or even better than paid options

Link to post
Share on other sites
2 minutes ago, captain_to_fire said:

I'm guessing they're logging each IP addresses and URLs from their DNS resolver and classify sites as either clean, pornographic or malicious/phishing via automated classifiers or through an manual review.

Antivirus programs and even the Google Safe Browsing API does something similar via their telemetry.

It was semi-rhetorical.聽 I assume all lists are some combination of AI or other less sophisticated (keyword-based) automated screening, and manual reviews (blacklists).聽 My point is just that whatever the process is, it's important to know since it will impact the issues you experience, and there will be issues.聽 No list I've used has ever had a 100% catch rate or avoided ever having a false positive.


Solve your own audio issues聽 | 聽First Steps with RPi 3聽 | 聽Humidity & Condensation聽 | 聽Sleep & Hibernation聽 | 聽Overclocking RAM聽 | 聽Making Backups聽 | 聽Displays聽 | 聽4K / 8K / 16K / etc.聽 | 聽Do I need 80+ Platinum?

If you can read this you're using the wrong theme. 聽You can change it at the bottom.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now