Tech Forum

Earlier this month (April 2020) the company Cloudflare added two new DNS servers with the intention of helping protect families.

Their DNS server 1.1.1.2 (alternate 1.0.0.2) is designed to block malware domain name resolution, and server 1.1.1.3 (alternate 1.0.0.3) is designed to block malware and adult content from domain name resolution. These are free-to-use DNS servers that included the added benefit of encrypting DNS requests from the browser to their DNS servers.

If interested you can read their announcement here https://blog.cloudflare.com/introducing ... -families/

If you choose to use either of these servers, you can use "phishing.testcategory.com" and "nudity.testcategory.com" to test that your settings are correct. If you are setup correctly you will not be able to load the page. If you are not setup correctly you will load a page that says "200 Success. This is a 'test' malicious website provided by cloudflare." The use of Cloudflare's 1.1.1.2 / 1.0.0.2 servers would prevent access to the first test site, but not the second. Alternatively, the use of their 1.1.1.3 / 1.0.0.3 servers would prevent access to both test sites.

JoshStewart wrote:the added benefit of encrypting DNS requests from the browser to their DNS servers.

It's nice that's available, but I think you have to enable it in the browser before it will work. At least it used to be that way.

I believe you're correct. For DNS-over-https or DNS-over-TLS you will still need to enable that at the browser level. However, these cloudflare servers do support those protocols.