Recent content by peiskos

Y'all are the best. @ColinTaylor, adding the Chrome cloudlfare dns to /jffs/configs/dnsmasq.conf.add did the trick. Chrome no longer circumvents my router DNS settings. Thanks for all your help! @SomeWhereOverTheRainBow - thanks! I think I'll add these addresses to...

Thanks for figuring it out! This is helpful. Would the solution then be to find out what Cloudflare's ip resolves to and add those addresses to my firewall-start blocking script? If so, how can I go about doing that? Or is there a way to block DoH domains?

@ColinTaylor Both actually. I have my router use the DNS servers of the DNS filter company to implement blocking of sites. And then I have the Asus router DNS filter enabled to prevent circumventing the router settings. Other settings that might be relevant

Chrome test in incognito I'm setting the DNS servers to the cloudflare addresses in the network settings of my laptop. With the DNS filter enabled through the router settings and the firewall-start script, these settings on my macbook should be ignored/blocked (for DoH or not) and the router...

I'm using MacOS. Dnsleaktest results from when I'm not trying to use 1.1.1.1 and 1.0.0.1. Chrome Firefox Dnsleaktest results from when I do try to use 1.1.1.1 and 1.0.0.1. Chrome Firefox Chrome is using the Cloudflare ISP, while Firefox is not. If I true to use another DoH provider...

I'm not using a VPN. It seems like using a different browser makes a difference. On Chrome, 1.1.1.1 and 1.0.0.1 are not blocked, but all the others are. On Firefox everything is blocked and working as intended. Not sure why Chrome treats Cloudflare's public DNS differently.

@ColinTaylor Not sure how to interpret the output. Here are a few screenshots. The first shows the table header, the second a portion of the table and the third has the DNS addresses that are giving me grief (1.1.1.1 and 1.0.0.1). Screenshot #1 Screenshot #2 Screenshot #3

Do you have any suggestions on how I can run the iptables command on my macbook? It doesn't seem like MacOS supports iptables commands.

I have a DNS filter to block certain websites. If I set my laptop's DNS to the Cloudflare DNS, I'm able to access those websites. If I set it to any other DNS (e.g., Google's) or just the default, the website blocking works as intended.

@eibgrad - you had a couple of comments on the last thread (copied below); however, I just didn't understand much of what you said. Do you think this issue is related?

Thanks to this forum's help a while back, I've got a janky little setup on my router to block DoH providers using the router's DNS filter settings and a firewall-start script. The script looks like this: #!/bin/sh touch /tmp/000firewall-start # Repeat for each DOH provider iptables -I FORWARD -s...

Figured out how to block a large list of DOH providers using a firewall-start script (without diversion or an ipset script). The template of the script is: #!/bin/sh touch /tmp/000firewall-start # Repeat for each DOH provider iptables -I FORWARD -s x.x.x.x -j DROP iptables -I FORWARD -d x.x.x.x...

Thanks @ColinTaylor; you were right. Disabling "Use secure DNS" on Chrome made the router's DNSFilter settings work. Now I'd like to block as many DoH providers as I can. I found this useful publicly-maintained list: https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt...

Apparently it does have the option, thanks for pointing out its location Colin. @L&LD it's the latest compatible firmware for my router according to the asus merlin page. So I've been twiddling with the DNSFilter options, but I can't get it to work or do anything. Am I missing something here...

I don't believe my router has that option. Here's a screenshot of the LAN page (notice there's no DNSFilter tab):