The Cloudflare DNS Internet safety service (Internet filter) is available starting with KeeneticOS 3.5 version.
The Cloudflare DNS service (22.214.171.124 for Families) is designed to protect home devices connected to the router from dangerous sites and to ensure safe surfing on the Internet. The service offers DNS filtering to help parents ensure the safety of their children on the Internet by automatically blocking dangerous sites. This tool makes it easy for parents to protect against malware and adult content throughout their home network. Learn more about the Cloudflare DNS service at the developer's website.
The 'Cloudflare DNS' system component must be installed in your Keenetic to apply the Internet safety service. You can do this on the 'General system settings' page in the 'Component options' section by clicking the 'Component options' button.
Before setting up the service, register your devices according to the instructions: Connected devices registration.
Now on the 'Internet safety' page select 'Cloudflare DNS' in the 'Service' field.
There are three modes (policies) that define access to a particular category of sites:
- 'Standard' — Cloudflare DNS servers are used (address 126.96.36.199 — standard profile).
- 'No malware' — protects against malicious sites, blocks resources containing viruses (address 188.8.131.52 — malware profile).
- 'Family-friendly' — Cloudflare DNS servers are used to block malicious resources + block adult sites + safe search (address 184.108.40.206 — family profile).
- 'No protection' — no traffic filtering is provided.
The section 'Assignment of protection policies to devices' will appear. The setting in this section is to assign a policy described above to regular home network devices (registered on the router) and to periodically appearing devices (guest network and unregistered devices).
In the 'Default policy' field, you can specify the policy that will be applied to all unregistered devices, including devices connected to the guest network.
From a registered device through a web browser, we will try to access a resource that may contain prohibited content. Access to this resource will be blocked, and the corresponding message will be displayed.
NOTE: Note: If the Cloudflare DNS is not blocking a site, you can report it directly to the Cloudflare support.
Besides Internet filtering, Cloudflare DNS supports DoT and DoH protocols for additional privacy.
You can check DoT/DoH support from the command line interface (CLI) of the router, enter the command: show cloudflare-dns availability
For more information, see the instructions Setting up DNS over TLS and DNS over HTTPS protocols to support the use of encrypted DNS queries.
When Cloudflare DNS is enabled, the service status check is fails on the page https://220.127.116.11/help. When you turn on the Internet filter, the blocking of DoT/DoH transit traffic is enabled by default.
TIP: Tip: If Cloudflare DNS is not blocking a site, you can report it directly to Cloudflare support.