from Hacker News

Ask HN: How does Cloudflare DNS filter Google results?

by hnthrow10282910 on 11/24/22, 4:25 PM with 3 comments

Upon testing Cloudflare for families on 1.1.1.3, which filters explicit contents, I noticed Google results are obfuscated as well.

For example, typing in Porn yields no porn results.

How is this possible with just DNS if the site uses TLS and the connection is still secure?

For this to be possible, wouldn’t they need to have a valid DV cert impersonating Google?

  • by josephcsible on 11/24/22, 9:04 PM

    > For this to be possible, wouldn’t they need to have a valid DV cert impersonating Google?

    For it to be possible without Google's cooperation, they would. But Google does cooperate: their Web servers listen on two sets of IP addresses. The real DNS entries for www.google.com point to the first set, and for forcesafesearch.google.com to the second set. Cloudflare is spoofing DNS responses for www.google.com to point at forcesafesearch.google.com instead. When you connect to Google via the latter, it forces SafeSearch on for all traffic over that connection. Google documents this at https://support.google.com/websearch/answer/186669?hl=en

  • by ipython on 11/24/22, 4:47 PM

    Most likely it uses googles safe search feature. I force it at home using Pi-hole. See https://support.google.com/websearch/answer/186669?hl=en