I’m configuring a PFSense firewall for my friends.
I want to use Cloudfare’s DNS serves 1.1.1.3 and 1.0.0.3 (and their IPV6 versions) as my final resolver, to filter out malign and adult content from his children.
The problem is that it’s not working.
I get this:
[2.6.0-RELEASE][[email protected]]/root: nslookup www.redtube.com 1.1.1.3
Server: 1.1.1.3
Address: 1.1.1.3#53
Non-authoritative answer:
www.redtube.com canonical name = redtube.com.
Name: redtube.com
Address: 66.254.114.238
And I was expecting this: (different ISP)
[2.6.0-RELEASE][[email protected]]/root: nslookup www.redtube.com 1.1.1.3
Server: 1.1.1.3
Address: 1.1.1.3#53
Non-authoritative answer:
Name: www.redtube.com
Address: 0.0.0.0
Name: www.redtube.com
Address: ::
Is there a way to validate if this server belongs to CloudFare? (it can be a server that belongs to CloudFare inside the ISP infrastructure for speed, or the ISP hijacking the 1.1.1.3 IP)
If its the later, is’it legal? Can something be done?
I used this DNS server spoofability test: www.grc.com/dns/dns.htm
And the public IP of the DNS server, belongs to the ISP.
Thanks