What I did:
- set up a guest network
- disabled 'Use DNS servers advertised by peer' on WAN
- removed items from 'Use custom DNS servers' on WAN (no idea if it was really necessary)
- added 1.1.1.1 (cloudflare) to 'lan' interface
- added 1.1.1.3 (cloudflare, family friendly) to 'guest' interface
Now, p***hub. com still loads like a charm on all networks.
Adding 6,1.1.1.3,... to 'guest interface | DHCP server | Advanced | DHCP options' with or without setting 1.1.1.3 to 'guest' interface didn't make any difference, tried all four combinations. I've settled with setting 1.1.1.3 in both places for guest network.
However if I set 1.1.1.3 for the original network too, family friendliness just gets magically (and immediately) granted everywhere...
Looks like a crosstalk to me.
What did I miss?
Update.
I had a sudden idea googling whether such thing as "flushing DNS cache" exists. It does. Flushing DNS cache on the client side didn't make any (instant?) difference. I silently assume nothing must be done on router side after clicking save&apply
However, testing further on a massive collection of adult sites :), the family friendly DNS perfoms quite well on links that were surely never clicked. But p***hub. com still loads, of course.
Could someone explain this behavior to me, and possibly how to set the router properly?