Cloudflare Malware/Adult Content DNS Not Working

GregW

Occasional Visitor
Hello.
I have a RT-AC86U router running Merlin running 384.15

I have entered Cloudflare 1.1.1.3 and 1.0.0.3 for the DNS server entries.
I saved the new entries. I then checked to see if the adult content was being blocked. It was still being allowed through. I rebooted the router. The content was still not being blocked. I manually flushed the DNS on my Windows 10 laptop. This didn't help either.

Has anyone been successful using the new Cloudflare Anti Malware/Adult content DNS filters?

Thanks
 

EmeraldDeer

Very Senior Member
Hello.
I have a RT-AC86U router running Merlin running 384.15

I have entered Cloudflare 1.1.1.3 and 1.0.0.3 for the DNS server entries.
I saved the new entries. I then checked to see if the adult content was being blocked. It was still being allowed through. I rebooted the router. The content was still not being blocked. I manually flushed the DNS on my Windows 10 laptop. This didn't help either.

Has anyone been successful using the new Cloudflare Anti Malware/Adult content DNS filters?

Thanks
I am using DNS over TLS. Cloudflare does not have the filtered DNS setup yet for DoT. I am pointing to the filtered DNS servers but they are providing unfiltered DNS.
 

GregW

Occasional Visitor
I am using DNS over TLS. Cloudflare does not have the filtered DNS setup yet for DoT. I am pointing to the filtered DNS servers but they are providing unfiltered DNS.


Thanks. If I'm reading your reply correctly, you are having the same problem I'm having. Is that correct?
 

det721

Part of the Furniture
It's not a problem. It's simply work in progress it will take some time to get these new servers working at 100%. They are working on it.
 

GregW

Occasional Visitor
It's not a problem. It's simply work in progress it will take some time to get these new servers working at 100%. They are working on it.

I worked with it last night. It's still not working 14 hours later. Hopefully, as you say, it is being worked on and will and will start working soon.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
Hello.
I have a RT-AC86U router running Merlin running 384.15

I have entered Cloudflare 1.1.1.3 and 1.0.0.3 for the DNS server entries.
I saved the new entries. I then checked to see if the adult content was being blocked. It was still being allowed through. I rebooted the router. The content was still not being blocked. I manually flushed the DNS on my Windows 10 laptop. This didn't help either.

Has anyone been successful using the new Cloudflare Anti Malware/Adult content DNS filters?

Thanks
From my understanding , the merlin/cloudflare dev team is working tirelessly on this project. For the time being, a few nuances are to be expected. Stay tuned!
 

intr0

Regular Contributor
I worked with it last night. It's still not working 14 hours later. Hopefully, as you say, it is being worked on and will and will start working soon.

I think (please correct me if I'm mistaken) that there's a breakdown of communication among the OP and the others. If so, and if it's what I think it is. then I don't think the OP is using DoT. Am I correct @GregW ? If yes, then be sure to set the DNS servers in the LAN settings, not only your WAN settings so that they're pushed to your devices directly (esp mobile devices). Also be sure to use the IPv6 versions of the DNS servers in addition to 1.1.1.3 & 1.0.0.3 in question, which are:

2606:4700:4700::1113
2606:4700:4700::1003
 

ColinTaylor

Part of the Furniture
I think (please correct me if I'm mistaken) that there's a breakdown of communication among the OP and the others. If so, and if it's what I think it is. then I don't think the OP is using DoT. Am I correct @GregW ? If yes, then be sure to set the DNS servers in the LAN settings, not only your WAN settings so that they're pushed to your devices directly (esp mobile devices). Also be sure to use the IPv6 versions of the DNS servers in addition to 1.1.1.3 & 1.0.0.3 in question, which are:

2606:4700:4700::1113
2606:4700:4700::1003
The issue was with the Cloudflare service and nothing to do with whether or not DoT was being used. This was later resolved and explained on the Cloudflare blog.

Pushing external DNS server addresses via DHCP is generally not recommended as you loose the benefits of using the router as a local DNS server.
 

intr0

Regular Contributor
The issue was with the Cloudflare service and nothing to do with whether or not DoT was being used. This was later resolved and explained on the Cloudflare blog.

Pushing external DNS server addresses via DHCP is generally not recommended as you loose the benefits of using the router as a local DNS server.

You can have it both ways by setting the router to include its IP for DHCP. I'm actually logged into my CloudFlare account right now sifting through my CloudFlare for Teams' Gateway DNS requests and blocking access to domains I know are ad, tracking, phishing, or malware servers. As well as social networks for certain locations during certain times. I'd not read their blog recently.
 

ColinTaylor

Part of the Furniture
You can have it both ways by setting the router to include its IP for DHCP.
You could, but it would be mostly pointless. You either want to use your local caching DNS server or you don't.
 

intr0

Regular Contributor
You could, but it would be mostly pointless. You either want to use your local caching DNS server or you don't.

The solution I offered was strictly for the OP's issue. Quick and dirty, yes, but it would've helped. It's especially useful for mobile devices as stated. I didn't mean it's a substitution for a complete proper setup. :)
 

GregW

Occasional Visitor
The solution I offered was strictly for the OP's issue. Quick and dirty, yes, but it would've helped. It's especially useful for mobile devices as stated. I didn't mean it's a substitution for a complete proper setup. :)

Thank you. Adding the Cloudflare dns to the LAN did work. I still don't understand why it won't work when entered in the WAN settings, but then again, my knowledge about this is very limited.

Adding the dns to the LAN does enable filtering, however, it's still a bit like whack a mole. It's impossible to filter everything.
 

dave14305

Part of the Furniture
I still don't understand why it won't work when entered in the WAN settings
What do you see if you run this command on the router over ssh?
Code:
nslookup nudity.testcategory.com 1.1.1.3
my output is:
Code:
# nslookup nudity.testcategory.com 1.1.1.3
Server:    1.1.1.3
Address 1: 1.1.1.3

Name:      nudity.testcategory.com
Address 1: ::
Address 2: 0.0.0.0
 

intr0

Regular Contributor
Thank you. Adding the Cloudflare dns to the LAN did work. I still don't understand why it won't work when entered in the WAN settings, but then again, my knowledge about this is very limited.

Adding the dns to the LAN does enable filtering, however, it's still a bit like whack a mole. It's impossible to filter everything.

You're welcome. I'm happy it's working for you. And you're correct, whack-a-mole is a great analogy. If I may make a suggestion, try out AdGuard's Family Protection DNS.

IPv4:
176.103.130.132
176.103.130.134

IPv6:
2a00:5a60::bad1:0ff
2a00:5a60::bad2:0ff

Their GitHub Team's main page is here: https://github.com/AdguardTeam
From there you can find all the info you need including links to their standard website and forum. There are some who believe that since the developers are Russian-born and began the company in Russia - it's now Cyprus based however the founder, Andrey, as well as a majority of devs still have residences in Moscow (mainly) - that the services they provide must somehow be tainted, to state it politely.
However, relative to any other DNS providers within but not limited to the U.S. and it's (n)Eyes parter nations, it's simply not true. Excepting one OpenNIC provider (luggs) who only accepts whitelisted connections and has logging disabled on the two servers they run out of Canada. Note that their may be others within OpenNIC but I've known them since they first put the servers online in 2014 so I personally trust them. And that's what it comes down to unless you run a LAN DNS server. That in addition to Provider's complete privacy policies as well as their actual privacy track records. Take Google as a main example, but CloudFlare itself cannot be excluded either, despite the public claims regarding "privacy". Take the time to read their entire Privacy Policy and you'll see that what's on the front if the box doesn't match what's on the back.
I've been a beta tester for a few products they offer and currently beta test AdGuard iOS which offers DoT, DoH, and DNSCrypt plus system wide "adblocking". It's the only product for iOS / iPadOS that offers DoT with adblocking. I sound like a salesman here but it's just my way of preemptively halting any possible anti-anything-Russian trolling.
Give it a try to compare the effectiveness. The results will speak volumes for you to make an informed decision.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top