This is easily circumvented by firefoxes "use dns over https" which then points out to coudflare or other dns even though i have forced DNS to my filtered provider.
Is there a way to either block doh/dns over https, and force only regular dns or is there a way to block contact to these dns providers?
i have ip tables i could add to, i already block all manner of vpn ports.
im only finding info online about using https dns - not stopping it.
if the kids change their local firefox settings to use dns over https then they bypass my filters
Note: The canary domain only applies to users who have DoH enabled as the default option. It does not apply for users who have made the choice to turn on DoH by themselves.