Cloudflare 1.1.1.1 for Families & How to use it with pfsense

Networking & Firewalls
1

Hello Team,
Just watched the latest video from Tom. " Cloudflare 1.1.1.1 for Families & How to use it with pfsense"
What am I doing wrong?

image
image716×436 15.7 KB

When using command:
dig @1.1.1.3 website.com

Does it use your own DNS or the one specified as a parameter on the command?
Why is this not working when I try it?
Thanks to all for your time and help!

Cheers.

2

I wonder if you might have a problem like the guy in the link below. His “ISP” was hijacking DNS queries. I don’t know if the proposed solution worked for him, but you might give it a look.

EDIT: Maybe not… he said dig returned the expected bogus address but browsing did not.

1 Like
3

My guess is something (perhaps your ISP) is redirecting your DNS queries. I just tested this and it is working fine.

┌─[lawrencet@poptop480]─[~]
└──╼ $dig @1.1.1.3 pornhub.com

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @1.1.1.3 pornhub.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16190
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;pornhub.com.			IN	A

;; ANSWER SECTION:
pornhub.com.		60	IN	A	0.0.0.0

;; Query time: 22 msec
;; SERVER: 1.1.1.3#53(1.1.1.3)
;; WHEN: Tue Apr 07 06:47:39 EDT 2020
;; MSG SIZE  rcvd: 67
1 Like
4

Thanks Tom @LTS_Tom for your kind reply. Will look into it.

5

Okay, I am running into an issue with setting up Cloudflare with pfsense and thought I would tag my question on here…

I have 1.1.1.3 setup in pfsense via the General->System Setup. I can perform a dig command using pfsense Diagnostics->Command Prompt page, using the following command…

dig @1.1.1.3 pornhub.com

and it show exactly what Tom showed… was that is returns 0.0.0.0… great!

However, if I do

dig pornhub.com

without 1.1.1.3, I do not get 0.0.0.0, but the actual IP address! Furthermore, if I go to one of the Microsoft Windows boxes on the network and do

nslookup pornhub.com

I get do not get 0.0.0.0 but the actual IP address!

Any idea what I am doing wrong? It looks like even though I have Cloudflare setup, something is ill configured…

6

Okay, I believe I figured it out by reading some of the comments associated with Tom’s video https://www.youtube.com/watch?v=uNKgnycpZhg&t=314s

A person there mentioned needing to enable DNS Resolver > Enable Forwarding Mode if wanting to use the custom DNS Server defined in System > General. Once I did that, it looks like DNS address are now resolving correctly. I will test this more and report my findings.