Cloudflare for Families & How to use it with pfsense

Hello Team,
Just watched the latest video from Tom. " Cloudflare for Families & How to use it with pfsense"
What am I doing wrong?

When using command:
dig @

Does it use your own DNS or the one specified as a parameter on the command?
Why is this not working when I try it?
Thanks to all for your time and help!


I wonder if you might have a problem like the guy in the link below. His “ISP” was hijacking DNS queries. I don’t know if the proposed solution worked for him, but you might give it a look.

EDIT: Maybe not… he said dig returned the expected bogus address but browsing did not.

1 Like

My guess is something (perhaps your ISP) is redirecting your DNS queries. I just tested this and it is working fine.

└──╼ $dig @

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16190
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1452
;			IN	A


;; Query time: 22 msec
;; WHEN: Tue Apr 07 06:47:39 EDT 2020
;; MSG SIZE  rcvd: 67
1 Like

Thanks Tom @LTS_Tom for your kind reply. Will look into it.

Okay, I am running into an issue with setting up Cloudflare with pfsense and thought I would tag my question on here…

I have setup in pfsense via the General->System Setup. I can perform a dig command using pfsense Diagnostics->Command Prompt page, using the following command…

dig @

and it show exactly what Tom showed… was that is returns… great!

However, if I do


without, I do not get, but the actual IP address! Furthermore, if I go to one of the Microsoft Windows boxes on the network and do


I get do not get but the actual IP address!

Any idea what I am doing wrong? It looks like even though I have Cloudflare setup, something is ill configured…

Okay, I believe I figured it out by reading some of the comments associated with Tom’s video…

A person there mentioned needing to enable DNS Resolver > Enable Forwarding Mode if wanting to use the custom DNS Server defined in System > General. Once I did that, it looks like DNS address are now resolving correctly. I will test this more and report my findings.