Need help with DNS filtering

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

d0g

Occasional Visitor
I'm trying to block porn etc from kids devices. Sorry if noob question!

In WAN I have DNS set to AdGuard (because I want to block ads for all devices), with DoT set to "CleanBrowsing 1 security"

1605132601035.png


In LAN - DHCP Server I have:
1605132668192.png


In DNSFilter I have:
1605132692255.png


And yet browsing to all porn sites still works.

www.dnsleaktest.com shows DNS server as "209.120.187.67 GTT Communications Inc." no matter what I do.

I've tried flushing DNS cache at system level as well as via chrome://net-internals/#dns

What am I missing?
Thanks!

(RT-AC87U, Merlin Version:384.13_1)
 

dave14305

Part of the Furniture
DoT and WAN settings are irrelevant because you have DNSFilter global mode set to “Cleanbrowsing Security” which will bypass any WAN DNS selections.

You also need to take into account browsers that use DNS over HTTPS now, as well as MAC address privacy in iOS 14, so your MAC-based filter rules for Alex and Leo might not be accurate anymore.
 

Martinski

Occasional Visitor
I'm trying to block porn etc from kids devices. Sorry if noob question!

In WAN I have DNS set to AdGuard (because I want to block ads for all devices), with DoT set to "CleanBrowsing 1 security"

And yet browsing to all porn sites still works.
...

You can try a possible solution to your scenario by taking the reverse approach of what you've done:

1) Select & add *only* the Preset Servers for "Cleanbrowsing 1/2 (adult filter)" on the "DoT Server List" configuration, and set those same IP addresses for DNS Server 1 & 2 in the "WAN DNS Setting" section.

2) Now, set the "Global Filter Mode" option in the "DNS Filter" tab to "Router."

3) Finally, add each of the devices for which you want to have *less* restricted internet access to the "Client List (Max Limit: 64)" and select the "Cleanbrowsing Security" server (or whatever you prefer for the "adult" devices in the house) for each device from the "Filter Mode" menu.

This way, the default setup is to have the most restricted internet access (i.e. Adult Filter) *except* for those devices you specifically add to the Client List. This configuration is not as convenient because for each new "adult" device you will have to add it to the list individually, but at least the kids will have a more difficult time accessing porn sites, which is your primary goal.

Note: I have not done this myself, but logically I think it should work, assuming that I have understood correctly the inter-dependency and mechanism between DoT & DNS Global Filter Mode set to "Router" along with the "Client List" additions.

Good Luck!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top