I have cleanbrowsing.org for DNS filtering. I'm fairly happy with it, but it blocks some sites that I don't think should be blocked.
How do I redirect DNS request for a specific website to a different DNS server?
I'm also interested in the inverse, how do I block a DNS request for a specific website the default DNS server allows?
Thank you @trendy .
The selective forwarding works in Firefox, but now Chrome seems to be able to get around it. In the firewall I added these custom rules to prevent devices from overriding the router's automatic DNS server:
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 53 -j DNAT --to 192.168.1.1
I did this to test that the DNS filtering was working correctly:
Windows automatically obtains DNS server - Unable to visit badexample.com - PASS
Tell Windows to prefer Google's DNS server - Unable to visit badexample.com with Firefox - PASS
Tell Windows to prefer Google's DNS server - Able to visit badexample.com with Chrome - FAIL
Any idea what is going on?
trendy
January 3, 2021, 7:58pm
4
Quite possible that Chrome is using DNS over HTTPS or TLS to bypass these.