Ask HN: How does Cloudflare DNS filter Google results?

4 points | by hnthrow10282910 8 days ago


  • josephcsible 8 days ago
    > For this to be possible, wouldn’t they need to have a valid DV cert impersonating Google?

    For it to be possible without Google's cooperation, they would. But Google does cooperate: their Web servers listen on two sets of IP addresses. The real DNS entries for point to the first set, and for to the second set. Cloudflare is spoofing DNS responses for to point at instead. When you connect to Google via the latter, it forces SafeSearch on for all traffic over that connection. Google documents this at

    • hnthrow10282910 8 days ago
      Wow awesome, thanks a lot. I was second guessing my understanding of MITM DNS attack knowledge
  • ipython 8 days ago
    Most likely it uses googles safe search feature. I force it at home using Pi-hole. See