Ask HN: How does Cloudflare DNS filter Google results?

4 points | by hnthrow10282910 8 days ago

2 comments

  • josephcsible 8 days ago
    > For this to be possible, wouldn’t they need to have a valid DV cert impersonating Google?

    For it to be possible without Google's cooperation, they would. But Google does cooperate: their Web servers listen on two sets of IP addresses. The real DNS entries for www.google.com point to the first set, and for forcesafesearch.google.com to the second set. Cloudflare is spoofing DNS responses for www.google.com to point at forcesafesearch.google.com instead. When you connect to Google via the latter, it forces SafeSearch on for all traffic over that connection. Google documents this at https://support.google.com/websearch/answer/186669?hl=en

    • hnthrow10282910 8 days ago
      Wow awesome, thanks a lot. I was second guessing my understanding of MITM DNS attack knowledge
  • ipython 8 days ago
    Most likely it uses googles safe search feature. I force it at home using Pi-hole. See https://support.google.com/websearch/answer/186669?hl=en