CleanBrowsing

Last updated March 20, 2024

CleanBrowsing is a free public DNS resolver with content filtering, founded by Daniel B. Cid and Tony Perez. It supports DNS TLS over port 853 and DNS over HTTP over port 443 in addition to the standard DNS over port 53. CleanBrowsing filters can be used by parents to protect their children from adult and inappropriate content online.

Services

CleanBrowsing has three standard filters accessible via the following anycast IP addresses:^[1]^[2]

	Filters domains	Passes ECS	Validates DNSSEC	Via IPv4	Via IPv6	Via DoH	Via DoT
Family Filter	Yes	Unknown	No	185.228.168.168 185.228.169.168	2a0d:2a00:1:: 2a0d:2a00:2::	https://doh.cleanbrowsing.org/doh/family-filter/	family-filter-dns.cleanbrowsing.org
Adult Filter	Yes	Unknown	Yes	185.228.168.10 185.228.169.11	2a0d:2a00:1::1 2a0d:2a00:2::1	https://doh.cleanbrowsing.org/doh/adult-filter/	adult-filter-dns.cleanbrowsing.org
Security Filter	Yes	Unknown	Yes	185.228.168.9 185.228.169.9	2a0d:2a00:1::2 2a0d:2a00:2::2	https://doh.cleanbrowsing.org/doh/security-filter/	security-filter-dns.cleanbrowsing.org

Family Filter

Blocks access to adult content, proxy and VPNs, phishing and malicious domains. It enforces Safe Search on Google, Bing and YouTube.

Adult Filter

Less restrictive than the Family filter and only blocks access to adult content and malicious/phishing domains.

Security Filter

Blocks access to malicious and phishing domains.^[3]^{[ better source needed ]}^[4]

Related Research Articles

An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software determines what content will be available or be blocked.

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

Various anti-spam techniques are used to prevent email spam.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Ad blocking or ad filtering is a software capability for blocking or altering online advertising in a web browser, an application or a network. This may be done using browser extensions or other methods.

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

DNS rebinding is a method of manipulating resolution of domain names that is commonly used as a form of computer attack. In this attack, a malicious web page causes visitors to run a client-side script that attacks machines elsewhere on the network. In theory, the same-origin policy prevents this from happening: client-side scripts are only allowed to access content on the same host that served the script. Comparing domain names is an essential part of enforcing this policy, so DNS rebinding circumvents this protection by abusing the Domain Name System (DNS).

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements, except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked until an additional step is performed.

Google Public DNS is a Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server. Google Public DNS was announced on December 3, 2009, in an effort described as "making the web faster and more secure." As of 2018, it is the largest public DNS service in the world, handling over a trillion queries per day. Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

Norton ConnectSafe was a free public DNS service offered by Symantec Corporation that claimed to offer a faster and more reliable web browsing experience while blocking undesirable websites. The service was retired on November 15, 2018.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

Domain Name System blocking, or DNS blocking / filtering, is a strategy for making it difficult for users to locate specific domains or websites on the Internet. It was first introduced in 1997 as a means to block spam email from known malicious IP addresses.

Web filtering in schools blocks students from inappropriate and distracting content across the web, while allowing sites that are selected by school administrators. Rather than simply blocking off large portions of the Internet, many schools utilize customizable web filtering systems that provide them with greater control over which sites are allowed and which are blocked. Schools will typically block social media websites, games, pornography, other distracting websites, websites that harm academic integrity, websites that bypass web filtering, etc.

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver. By March 2018, Google and the Mozilla Foundation had started testing versions of DNS over HTTPS. In February 2020, Firefox switched to DNS over HTTPS by default for users in the United States.

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

Quad9 is a global public recursive DNS resolver that aims to protect users from malware and phishing. Quad9 is operated by the Quad9 Foundation, a Swiss public-benefit, not-for-profit foundation with the purpose of improving the privacy and cybersecurity of Internet users, headquartered in Zürich. Quad9 is entirely subject to Swiss privacy law, and the Swiss government extends that protection of the law to Quad9's users throughout the world, regardless of citizenship or country of residence.

<span class="mw-page-title-main">AdGuard</span> Ad blocking and privacy protection software

AdGuard is an ad blocking service for Microsoft Windows, Linux, MacOS, Android and iOS. AdGuard is also available as a browser extension.

References

↑ "CleanBrowsing List of IP Addresses". CleanBrowsing. Retrieved 2020-07-23.
↑ Wallen, Jack (2018-08-23). "How to enable DNS over TLS in Android Pie". TechRepublic . CBS Interactive. Archived from the original on 2018-09-11. Retrieved 2018-10-11.
↑ Z, Nykolas (31 May 2018). "Phishing Protection — Comparing DNS Security Filters". Medium . Archived from the original on 2018-09-16. Retrieved 2018-10-11.^{[ self-published source ]}
↑ Inc, CleanBrowsing. "Free DNS Filtering | Block Online Porn with CleanBrowsing". CleanBrowsing. Retrieved 2023-07-29.{{cite web}}: |last= has generic name (help)

External links

Official website

This Internet-related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "CleanBrowsing List of IP Addresses". CleanBrowsing. Retrieved 2020-07-23.

[techrepublic-dot-android-pie-2] Wallen, Jack (2018-08-23). "How to enable DNS over TLS in Android Pie". TechRepublic . CBS Interactive. Archived from the original on 2018-09-11. Retrieved 2018-10-11.

[3] Z, Nykolas (31 May 2018). "Phishing Protection — Comparing DNS Security Filters". Medium . Archived from the original on 2018-09-16. Retrieved 2018-10-11.^{[ self-published source ]}

[4] Inc, CleanBrowsing. "Free DNS Filtering | Block Online Porn with CleanBrowsing". CleanBrowsing. Retrieved 2023-07-29.{{cite web}}: |last= has generic name (help)

[1]

[2]

[3]

[4]