Cloudflare launches 220.127.116.11 For Families with filter support
Cloudflare launched its DNS service back in 2018 (on April 1) to the public promising a fast, private, and secure service. The company promised that 18.104.22.168 would be privacy-friendly, that it would not sell user data or use it for targeted advertising, and revealed that the service would never log full user IP addresses and erase logs every 24 hours. A recently published audit by independent auditing companyKPMG uncovered some minor issues but backed up Cloudflare's claims.
Yesterday, on April 1, Cloudflare announced an expansion of its DNS service called 22.214.171.124 for Families which adds new DNS Server IP addresses and filters to the service to block certain requests automatically. Users who used OpenDNS and some other DNS providers in the past may recall that these providers offered something very similar for quite some time already.
Filtering functionality was the number one request from home users according to Cloudflare and the main reason why 126.96.36.199 for Families was created.
188.8.131.52 For Families
184.108.40.206 for Families comes in two different versions: the first blocks known malware requests, the second malware and adult requests. Here is the information required to use the new DNS servers on your devices:
Malware Blocking Only
- Primary DNS: 220.127.116.11
- Secondary DNS: 18.104.22.168
- IPv6: 2606:4700:4700::1112
- IPv6: 2606:4700:4700::1002
Malware and Adult Content Blocking
- Primary DNS: 22.214.171.124
- Secondary DNS: 126.96.36.199
- IPv6: 2606:4700:4700::1113
- IPv6: 2606:4700:4700::1003
Cloudflare DNS without Filtering
- Primary DNS: 188.8.131.52
- Secondary DNS: 184.108.40.206
- IPv6: 2606:4700:4700::1111
- IPv6: 2606:4700:4700::1001
The filtering is automated at this point in time; Cloudflare plans to introduce management options in the coming months to whitelist or blacklist sites, schedule filters for certain times of the day, and more.
For now, the only option that you have to bypass filters, e,g. when a non-malware or non-adult site is blocked, is to switch the DNS service.
How to set up 220.127.116.11 for Families
Windows users may do the following to replace the current DNS provider with Cloudflare's:
- Use the keyboard shortcut Windows-R to open the run box.
- Type netcpl.cpl to open the Network and Sharing Center (note that this may not be available in the newest builds of Windows 10)
- If it is not available, right-click on the network icon in the System Tray and select Open Network and Internet settings.
- On the page that opens, click on "change adapter options".
- Right-click on the active connection and select properties from the menu.
- Double-click on "Internet Protocol Version 4 (TCP/IPv4)
- Switch to "Use the following DNS server addresses".
- Enter the primary and secondary DNS server in the respective fields.
- Close the configuration window.
Pro Tip: You may also change DNS servers using PowerShell.
Here is how that is done:
- Use Windows-X to display the "secret" menu.
- Select Windows PowerShell (Admin) from the menu to open an elevated PowerShell console.
- Confirm the UAC prompt.
- Run the command Get-NetIPConfiguration and note the value of InterfaceIndex of the Network Adapter that you are using (use other information, e.g. the InterfaceAlias value to identify the right interface if multiple are available).
- Modify the command Set-DnsClientServerAddress -InterfaceIndex 10 -ServerAddresses 18.104.22.168, 22.214.171.124 and run it afterward. Change the value after -InterfaceIndex to the right one on your device, and the IP addresses behind ServerAddresses to the desired DNS servers (first primary then secondary)
Installation guides are available here for routers, Linux, Windows, and Mac. Cloudflare has created applications for Android and iOS that users may download to use the DNS service on their devices.
You may use a program like Gibson's DNS Bechmark to test the performance of the servers.
Now You: Which DNS service do you use, and why?
I hope they expand the filtering options, as with nextdns’ many options. I still use 126.96.36.199 generally, as it is fastest and nearby with good feedback options for testing.
It all reminds me of when the 14 year old nephew was around, I had to use opendns pr0n and gambling filtering, as he was becoming an “enthusiast”.
NextDNS.io is better, even providing analytics, selectable block lists, and white/black listing as well as logs and device detail.
Supports direct, DoH and DNS over TLS (Stubby), and they have apps to create vpn type filters for devices.
Cloudflare isn’t blocking trackers, facebook libraries in apps trying to grab your phone logs and contacts, and the rest.
What about for IPv6?
I’ve been using OpenDNS since DNS over HTTPS became a thing, with no issues thus far.
For websites I’ve been using Cloudflare for almost a decade now, also without any issues whatsoever. These days I’m somewhat trying to avoid them just out of principle.
more censorship! great!
Fortunately, you don’t have to use the one with filtering. So no censorship!
I have been using the Cloudflare DNS for a long time. I only had a problem with it once. I was trying to connect to the internet in a hotel. I set the DNS back to automatic, and I got a connection. When I showed it to the hotel IT support guy, he told me that he would make sure it works the next time I stay with them.
Yandex on PC, Adguard on phone.
188.8.131.52 and 184.108.40.206. Check. Just added to my router at the top of the list.
Every little bit helps.
This was added to my pfSense / pfBlockerNG blocking of a large number of sites. Pihole also works well for those with retail routers and a spare device for pihole.
I use Adguard DNS with ad blocking …it does very good job.
malware blocking seems nice (not really interested in adult content censorship).
but even with 220.127.116.11, i’m curious, who gets to decide what is malware?
meaning, there is nothing to stop cloudflare from flagging some website as malware for example on grounds of some business interests conflict between them..
so i will continue using 18.104.22.168 for now
Is it just me? When I used the adware and adult DNS it caused all of the YouTube comment and playlist etc. stuff to disappear. All I was left with was just the video.
It blocks a lot of Youtube videos: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
I don’t believe it has much to do with safe search. Innocent stuff like organ music is blocked.
If you set manual DNS in your router then you might see a third DNS resolver field. I suggest filling this in as leaving it blank lets devices use default resolvers if the first two don’t work.
For the third entry either put in OpenDNS normal DNS of 22.214.171.124 or any one of the following filtering DNS servers (I’m sure other folks will list others too). Some of these have varying degrees logging of DNS requests so do your research for what you need.
OpenDNS: 126.96.36.199 (their free version)
Norton ConnectSafe (Malware, Phishing and Scam sites): 188.8.131.52
Comodo Secure: 184.108.40.206
A nice thing about the 220.127.116.11 service is that cloudflare has a “tester” page at
where you can verify that 18.104.22.168 is actually being used. They do not seem to have an equivalent thing for the two new services.
Martin, youâ€™ve missed out the IPs for malware and adult content blocking.
Seems stupid & pointless by Cloudflare, if they allow LGBTQXYZ sites on the “Adult filter” 22.214.171.124.
“The Mistake that Caused 126.96.36.199 to Block LGBTQIA+ Sites Today”
So you’re telling parents their children are safe on 188.8.131.52, but Cloudflare allows sites will show underaged an underaged dancing in drag to stripper music, while LGBTQXYZ people throw money at him & tell children how “stunning & brave” the child is.
So tranny dick porn is okay (because it’s LGBTQXYZ), but regular porn is forbidden.
That’s the pseudo liberals for you. It’s a messed up world.
Your have forgotten the DOH addresses in the article
Q: Does 184.108.40.206 for Families support DNS over HTTPS?
R: Yes, to block malware, use https://security.cloudflare-dns.com/dns-query
to block malware & adult content, usehttps://family.cloudflare-dns.com/dns-query.
Q: Does 220.127.116.11 for Families support DNS over TLS ?
R: No. But our team is working on it.
@Notanon. Yes. Sick world.
Had to stop using Cloudflare DNS a while ago because many sites simply wouldn’t load or load correctly with Cloudflare.
For example, if you’re using Cloudflare right now, try loading archive.is and I bet you it still doesn’t work…
Anonee, — https://twitter.com/archiveis/status/1018691421182791680
Next time do some research before you run your ignorant mouth on the Internet.
@Anonee2, uhh yeah, exactly.
Thanks for posting that tweet showing that archive.is doesn’t work with Cloudflare dns. There are many other sites I had problems with as well until I got fed up and finally just dumped cloudflare.
Having a lot of issues with the 18.104.22.168 variant with YouTube videos blocked or prompting to log in.
Could anyone tell me if DNS over HTTPS works on all sites even if they are HTTP or does it only work on sites that are HTTPS?
DNS lookups are independent and work regardless of the protocol a site uses.
Good morning Martin,
I tested yesterday the 1 1 1 3 and 1 0 0 3 and they worked fine.
Except that today, problem, it doesn’t work anymore, pornographic sites are not filtered anymore (I wanted to protect my children).
I wanted to contact them to ask them if there was a technical problem, they deleted all my messages from the comments area, someone tested them today?
Yandex DNS 4 Life, USA dns go to Hell !!
Yandex sucks. Cloudflare is an independent company, allowing them to not store users’ records, and they remove all logs every 24 hours. If you trust Yandex does that better than Cloudflare, fine. Personally, I don’t trust trust anything connected to mother Russia.