by hnthrow10282910 on 11/24/22, 4:25 PM with 3 comments
For example, typing in Porn yields no porn results.
How is this possible with just DNS if the site uses TLS and the connection is still secure?
For this to be possible, wouldn’t they need to have a valid DV cert impersonating Google?
by josephcsible on 11/24/22, 9:04 PM
For it to be possible without Google's cooperation, they would. But Google does cooperate: their Web servers listen on two sets of IP addresses. The real DNS entries for www.google.com point to the first set, and for forcesafesearch.google.com to the second set. Cloudflare is spoofing DNS responses for www.google.com to point at forcesafesearch.google.com instead. When you connect to Google via the latter, it forces SafeSearch on for all traffic over that connection. Google documents this at https://support.google.com/websearch/answer/186669?hl=en
by ipython on 11/24/22, 4:47 PM