CloudFlare DNS Not Blocking XXX sites

CSDN · December 5, 2024, 6:09pm

Hi

I need help with a Mikrotik HAP AC3 version 7.16.2 latest

I can’t force all the traffic that passes through the ether1 port to block xxx sites using the cloudflare 1.1.1.3 and 1.0.0.3 DNS. The goal is to block everything related to xxx

I check with ipconfig /all and the test computer has Cloudflare DNS assigned / I did a ipconfig /flushdns also

This is the configuration I have at the moment.

IP-Firewall-NAT = Chain :dstnat / Protocol: 17 (udp) / Dst. Port: 53 ------- Action: dst-nat / To Addresses : 1.1.1.3 / To Ports : 53
( I can see that the traffic is going through the nat rule)

IP-DNS-Servers = 1.1.1.3 / 1.0.0.3
(Check/allow remote request)

DHCP Servers - DNS Servers = 1.1.1.3 / 1.0.0.3

DHCP Client = interface ether1

Uncheck/Use Peer DNS

mkx · December 5, 2024, 7:34pm

Some recent versions of some browsers use their own DoH … ignoring system-wide DNS settings.

CSDN · December 5, 2024, 7:52pm

So could it be a browser problem?

How can I try it without an explorer?

anav · December 5, 2024, 8:49pm

/export file=anynameyouwish ( minus router serial number, public WANIP information, keys etc._

CSDN · December 5, 2024, 9:05pm

What is this for, I don’t understand

anav · December 5, 2024, 10:22pm

To ensure there are no other items on your config that may be contributing to the issue.
Basically to look at the evidence and facts, vice just heresay.

mkx · December 6, 2024, 4:29pm

If thus turns to be the case, then … it’s not a problem, it’s a feature … because it works around whatever limitations any ISP (or home owner) - possibly driven by malucious government - might try to enforce. You’re trying to blick your family/employees/tennants from accessing XXX, some governnent might try to block residents from accessing extreme left propaganda … and browser using its own DoH servers works around one possible way.