September 26, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CloudFlare Gateway DNS Filtering

With some downtime over the holidays, I was checking in to see if my ISP has added IPv6 support yet. But sadly nothing had changed in months. So just for fun, I reset up a 6 in 4 tunnel to Hurricane Electric from my router.

Sending traffic in a tunnel to HE rather than directly to its destination isn’t exactly going to speed things up. I’ve also heard of issues with Netflix where they decide you’re using a proxy to evade their geolocation restrictions. I didn’t run into that issue with Netflix, checking the Netflix access logs, I only saw a connection from my IPv4 address. But I did find that my Amazon Prime video quality was significantly degraded. So I went into the TV network settings, and disabled IPv6.

Years ago, I’d used an HE tunnel to verify this site was working correctly with IPv6, and after that the ISP I had at the time deployed IPv6 so I tore down my HE tunnel. No real reason to run it now, but for fun.

The next thing I ran into is OpenDNS lets you configure custom filters from your IPv4 address, but they dont provide this service for IPv6. There are specific DNS servers you can point to for specific categories (porn). But no ability to customize what categories are blocked. I believe they only provide this for IPv6 to their paid Umbrella customers.

Over the weekend, I learned that Cloudflare has a DNS filtering service with their Cloudflare Gateway product. Its free for up to 50 users. Unlike OpenDNS, it apparently can identify my client, even on a changing home IP address, via a DNS over TLS. So not only am I introducing an element of DNS privacy, I add in the ability to perform *custom* DNS based filtering even for IPv6 sites.

For my 6 in 4 HE tunnel to continue working, I need dnsomatic to update HD correctly. I’m not 100% that I’ve configured that right. But time will tell.

The post CloudFlare Gateway DNS Filtering appeared first on Roger’s Information Security Blog.