1

Does NextDNS Web filter stop user from accessing adult sites when Windows TCP/IP setting of DNS server change to 8.8.8.8?

Hi,

I am just wondering how can NextDNS Web filter stop user from accessing adult sites, when DNS setting was tampered and changed to a public free DNS server IP, instead of NextDNS?

Thank you.

4 replies

null
    • Wepee
    • 1 yr ago
    • Reported - view

    Thanks for replying. 

    So in order to force every device in my local LAN, I would need to do either:

    Redirect port 53 & 853 to 443??

    or 

    Just block port 53 & 853 entirely.

    which I can do it at my Firewall. 

    But, let's say a device in my LAN is using DOH on another DNS server, say Google. 

    In order, to block the encrypted traffic, I would need to install the  NextDNS root CA on the device? Right?

    Thanks in advance.

    • Martheen
    • 1 yr ago
    • Reported - view

    Wepee Blocking DoH is much harder than that. The NextDNS CA is only used so the blocked message from NextDNS is still loaded for HTTPS, it doesn't try to analyze your HTTPS traffic (which doesn't go to NextDNS server). There are lists that you can use to block known IPs of DoH providers, but dedicated enough users can just find an obscure DoH provider or create one themselves on Cloudflare Workers etc.

    • edward_a
    • 1 yr ago
    • Reported - view

    Martheen hi there, what lists are these please?

    • Martheen
    • 1 yr ago
    • Reported - view

    Edward https://github.com/dibdot/DoH-IP-blocklists but they're not usable in NextDNS (since they're not domain-based), they will break sites that happen to use the same CDN as a DoH server, and they still won't stop DoH servers created in few clicks like https://github.com/tina-hello/doh-cf-workers

Content aside

  • 1 Likes
  • 1 yr agoLast active
  • 4Replies
  • 365Views
  • 4 Following