Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




16090 posts

Uber Geek

Trusted
Subscriber

#269698 2-Apr-2020 21:04
Send private message quote this post

CloudFlare has introduced "1.1.1.1 for families". This provides additional DNS servers as follows

 

Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2

 

Malware and Adult Content
Primary DNS: 1.1.1.3
Secondary DNS: 1.0.0.3

 

These seem like useful features for families. They also offer secure DNS, DNS over TLS and DNS over HTTPS.

 

Question

 

I currently use ISP DNS servers (2degrees in my case), to make sure I use ISP caches. If you switch to one of the CloudFlare DNS servers is it still true that you miss out on using the ISP caches and get lower performance for things like Netflix, or is there some system in place to mitigate that?


Create new topic
3121 posts

Uber Geek

Trusted
Lifetime subscriber

  #2453378 2-Apr-2020 22:05
Send private message quote this post




and


BDFL - Memuneh
67447 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2453384 2-Apr-2020 22:10
Send private message quote this post

Possibly, as they use the same providers of lists as Google SafeSearch.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


 
 
 
 


'That VDSL Cat'
12324 posts

Uber Geek

Trusted
Spark
Subscriber

  #2453414 3-Apr-2020 00:02
Send private message quote this post

BarTender:

 

I wonder if they will block the revenge p.rn sites they protect?

 

https://www.vice.com/en_us/article/pke3j7/someone-is-trying-to-revive-the-infamous-revenge-porn-site-anon-ib

 

 

Just those? not the chans too?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


801 posts

Ultimate Geek

Trusted
Full Flavour

  #2453415 3-Apr-2020 00:03
Send private message quote this post

On Full Flavour - confirmed using Cloudflare DNS screws up Akamai with traffic being served off a congested Vocus path rather than uncongested AKL-IX.

'That VDSL Cat'
12324 posts

Uber Geek

Trusted
Spark
Subscriber

  #2453416 3-Apr-2020 00:03
Send private message quote this post

timmmay:

 

I currently use ISP DNS servers (2degrees in my case), to make sure I use ISP caches. If you switch to one of the CloudFlare DNS servers is it still true that you miss out on using the ISP caches and get lower performance for things like Netflix, or is there some system in place to mitigate that?

 

 

Most CDN providers have moved to options that it doesnt matter too much, there are a few out there still though so yes, you possibly could get a worse experience on some services.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


BDFL - Memuneh
67447 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2453485 3-Apr-2020 08:09
Send private message quote this post

I have personally moved to a different service than my ISP (no, not a DNS unblocked) for our network and have had no problems with the services we use here.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


3121 posts

Uber Geek

Trusted
Lifetime subscriber

  #2453501 3-Apr-2020 08:37
Send private message quote this post

myfullflavour: On Full Flavour - confirmed using Cloudflare DNS screws up Akamai with traffic being served off a congested Vocus path rather than uncongested AKL-IX.

 

That is because Cloudflare doesn't use EDNS0 and send through the source IP address for privacy reasons. So Akamai returns the default Akamai CDN cluster based on the source IP address of the DNS Server, which in your case is the Vocus Akamai CDN. Unfortunately that is the way the Akamai works (DNS Based CDN resolution) and the fact that very few DNS providers will forward on the client IP address using EDNS0 for privacy reasons.





and


 
 
 
 


1241 posts

Uber Geek

Subscriber

  #2453511 3-Apr-2020 08:59
Send private message quote this post

I’ve used OpenDNS Family Shield, now Cisco Umbrella, for years. Had no problems with streaming.

BDFL - Memuneh
67447 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2453518 3-Apr-2020 09:12
Send private message quote this post

OpenDNS is a good service and it is easily configurable - more so than 1.1.1.1 for Families and Cloudflare Gateway. It allows you to turn on/off different categories.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


Human
2978 posts

Uber Geek

Subscriber

  #2456702 7-Apr-2020 19:53
Send private message quote this post

Is there really much a reason to use an alternative DNS service these days, aside from some home-filtering? 

 

I'm trying to understand if there is really a net positive to using Google, Cloudflare or any other DNS service. It seems to be it was marketed as a more "reliable" DNS service. In the US I could see this being true, because generally speaking, their ISP's over there suck from what I hear. 

 

The only other benefit I could potentially see, which may be off-set by not being able to use cache content for some requests, is the ability to get around some geo-blocking rules.






689 posts

Ultimate Geek

Subscriber

  #2456753 7-Apr-2020 22:54
Send private message quote this post

@timmmay - did i read on another thread you're running a piHole? in which case you can use that to filter malware/adult stuff and still reap the benefits of ISP dns? 




16090 posts

Uber Geek

Trusted
Subscriber

  #2456774 8-Apr-2020 06:48
Send private message quote this post

Yes I'm running PiHole. If you can find a list, Pi Hole can block based on it. I just use the default lists, the key thing I'm trying to achieve with Pi Hole is blocking advertising. If there was an easy way to block malware and adult sites I'd do that, but it's not a problem for me so no need right now. I'll need parental control software eventually though.


'That VDSL Cat'
12324 posts

Uber Geek

Trusted
Spark
Subscriber

  #2456894 8-Apr-2020 09:09
Send private message quote this post

tanivula:

 

@timmmay - did i read on another thread you're running a piHole? in which case you can use that to filter malware/adult stuff and still reap the benefits of ISP dns? 

 

 

Quite a few providers actually silently filter the worst of the malware traffic, possibly not every little gem of it like you get via pihole though.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


BDFL - Memuneh
67447 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2456895 8-Apr-2020 09:14
Send private message quote this post

I am using OpenDNS as it offers a more granular selection of categories to block.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


mdf

2591 posts

Uber Geek

Trusted
Subscriber

  #2457001 8-Apr-2020 12:04
Send private message quote this post

timmmay:

 

Yes I'm running PiHole. If you can find a list, Pi Hole can block based on it. I just use the default lists, the key thing I'm trying to achieve with Pi Hole is blocking advertising. If there was an easy way to block malware and adult sites I'd do that, but it's not a problem for me so no need right now. I'll need parental control software eventually though.

 

 

We use PiHole for the kids. Easiest way is to add the appropriate DNS servers to the upstream DNS servers (we use cleanbrowsing.org, but no reason why Cloudflare wouldn't work as well). I had one issue with block lists where www.p***hub.com was filtered but p***hub.com was not (or vice versa?) and it took longer than two minutes to resolve so I didn't bother. Cleanbrowsing also has the option of forcing safe search on Google + Youtube.

 

We've got the home network segmented into VLANs. The kids VLAN goes via the PiHole + Cleanbrowsing, but other devices can go to ISP DNS servers, Cloudflare, Quad9, Google etc. as appropriate. Depending on your router/WAP, some offer assigning DNS servers on the basis of WLAN SSID without needing VLANs.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

National Institute for Health Innovation develops treatment app for gambling
Posted 6-Jul-2020 16:25


Nokia 2.3 to be available in New Zealand
Posted 6-Jul-2020 12:30


Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53


Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48


Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44


Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41


Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07


New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58


Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10


Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30


Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14


Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17


Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56


Apple introduces new features for iPhone iOS14 and iPadOS 14
Posted 23-Jun-2020 08:28


Apple announces Mac transition to Apple silicon
Posted 23-Jun-2020 08:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.