does not filter content if queries are made via DoT (DNS over TLS)

based on my test the Cloudflare DNS (No Malware or Adult Content) does not make Adult Content filter if the DNS query is made in DoT (DNS-over-TLS).
So, if I query via UDP port 53 (normal DNS) the Adult Content filter works (I tried www.youporn.com and the answer was
But if I query via TCP port 853 using DoT (DNS-over-TLS) and I lookup for www.youporn.com I have the correct IP of www.youporn.com.

Is it normal?
If yes, when will works with No Malware or Adult Content also for DoT (DNS-over-TLS)?
Thank you.

DoT is not currently supported for Cloudflare for Families.

1 Like

Thank you.
Any plan for implementation?
I hope also and will soon supports DoT and DoH also to benefit of “Android Private DNS” feature.


1 Like

If you’re looking to block adult content while adding security, such as & secure DNS, take a look at Clouldflare for Teams. I’m using a similar setup as listed in the blog post below.

It’s been good so far though it’s still pretty new.

1 Like

Thank you for your suggestion but for now I prefer to wait that Cloudflare will implement DoT also for and needs to stop answering dot queries until this is implemented so Android automatic private DNS stops automatically disabling filtering.

1 Like

+1 Is this going to be impemented? Like, ever?

1 Like filtering over DoT would be awesome +1

1 Like

Any news to support DNS over TLS (DoT) for Cloudflare DNS for Families ( and, and and ?

Hi, we’re actively working on implementing this over the next month or so. Expect this to ship in Q4.


That’s good news. Are CloudFlare planning on changing the DNS-over-TLS URLs to something more sensible at the same time?

1dot1dot1dot1.cloudflare-dns.com” is pretty horrendous. It’s terrible to read, too long and prone to typing errors when manually typing it in to a phone.

one.one.one.one” also isn’t particularly great; it isn’t going to scale well with “ for Families”, as .two and .three aren’t TLDs.

I think it’s something that CloudFlare need to sit down and think hard about now – before DNS-over-TLS and DNS-over-HTTPS become more mainstream and changing it later will be a PITA. Even the following is more readable than what’s currently being used:


Or are you possibly planning on using the same format for DNS-over-TLS that you use for DNS-over-HTTPS? I.E.


Bingo–same format for DoT that we use for DoH. Looking forward to getting this supported this quarter.

1 Like

This is great news. Can’t wait for this!