I’ve setup 1.1.1.1 for Families as my DNS for both IPV4, IPV6 in my router. It blocks adult and phishing sites.

However, when I use Firefox instead of Chrome/ Edge, I was able to access adult/ phishing sites. This was because I’ve had “Enable DNS over HTTPS” checked in Firefox and selected Cloudflare (default). Only when I set it t custom and added https://family.cloudflare-dns.com/dns-query to the DoH, Firefox started blocking.

Thereby, even if the router configuration is set to 1.1.1.1 for Families, one can easily bypass it using Firefox DoH something other than 1.1.1.1 for Families.

There’s not really a solution for this. This behavior you’re describing “a client that sets its DNS to the non-default resolver will bypass the default resolver” is how client applications work, and it’s the same story whether you set the DoH endpoint to CF, Google, etc.

This topic was automatically closed after 14 days. New replies are no longer allowed.