Family Filter not always working

Forums Service Issues Setups & Configurations Family Filter not always working

  • October 20, 2020 at 1:45 pm

    I setup Family Filter IP addresses on my DD-WRT router and it only works some of the time. I also have some startup scripts in DD-WRT to force the DNS to re-route to the assigned Family Cleanbrowsing IP addresses. I also have some custom blocks in my command script Firewall as well. My setup is below. I go to DNSLeaktest.com and it usually shows Cleanbrowsing but sometimes includes Google and my ISP DNS addresses as well. I also go to ipleaktest.net and get many leaky IP addresses (57 or so IP addresses show up). Any thoughts why it seems so unstable?

    My setup below:
    Static DNS 1: 185.228.168.168
    Static DNS 2: 185.228.169.168
    Static DNS 3: 185.228.168.168
    Use DNSMasq for DHCP (checked)
    Use DNSMasq for DNS (checked)
    DHCP-Authoritative (checked)
    Forced DNS Redirection (checked)

    DNSMasq
    Additional DNSMasq Options
    strict-order

    (whenever I add anything else besides strict-order here my internet is unstable)

    DD-WRT Admin Command Scripts:

    Startup
    iptables -t nat -A PREROUTING -i br0 -p udp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
    iptables -t nat -A PREROUTING -i br0 -p tcp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
    iptables -I FORWARD –destination 8.8.8.8 -j REJECT
    iptables -I FORWARD –destination 8.8.4.4 -j REJECT

    Firewall
    iptables -t nat -A PREROUTING -i br0 -p udp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
    iptables -t nat -A PREROUTING -i br0 -p tcp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
    iptables -I FORWARD –destination 8.8.8.8 -j REJECT
    iptables -I FORWARD –destination 8.8.4.4 -j REJECT

    iptables -I FORWARD -s badsite.com -j DROP
    iptables -I FORWARD -d badsite.com -j DROP (do this for every custom site want to block on router).

    This setup works about half the time, but it seems like the router settings only hold for a bit then all of my custom scripts and DNS settings will not hold.

    IPLeak.net results show:
    Your IP addresses – WebRTC detection
    DNS Addresses –
    57 servers

    DNS Addresses – 57 servers
    172.253.9.4
    United States
    United States – District of Columbia

    172.253.210.72
    United States
    United States – District of Columbia

    172.253.210.67
    United States
    United States – District of Columbia

    172.253.210.73
    United States
    United States – District of Columbia

    172.253.210.77
    United States
    United States – District of Columbia

    172.253.214.3
    United States
    United States – District of Columbia

    173.194.168.193
    United States
    United States – District of Columbia

    172.253.9.3
    United States
    United States – District of Columbia

    172.253.214.6
    United States
    United States – District of Columbia

    2607:f8b0:4004:c05::105
    United States
    United States – District of Columbia

    172.253.214.99
    United States
    United States – District of Columbia

    208.54.144.204
    United States
    United States

    208.54.80.125
    United States
    United States – Minnesota

    208.54.144.210
    United States
    United States

    172.253.10.3
    United States
    United States – District of Columbia

    172.253.8.3
    United States
    United States – District of Columbia

    172.253.210.78
    United States
    United States – District of Columbia

    208.54.144.209
    United States
    United States

    172.253.214.8
    United States
    United States – District of Columbia

    172.253.210.71
    United States
    United States – District of Columbia

    172.253.214.104
    United States
    United States – District of Columbia

    74.125.18.67
    United States
    United States – District of Columbia

    172.253.214.16
    United States
    United States – District of Columbia

    172.253.8.1
    United States
    United States – District of Columbia

    172.253.10.1
    United States
    United States – District of Columbia

    172.253.8.2
    United States
    United States – District of Columbia

    74.125.18.66
    United States
    United States – District of Columbia

    172.253.214.110
    United States
    United States – District of Columbia

    172.253.10.4
    United States
    United States – District of Columbia

    172.253.214.101
    United States
    United States – District of Columbia

    208.54.144.200
    United States
    United States

    172.253.8.5
    United States
    United States – District of Columbia

    208.54.144.212
    United States
    United States

    172.253.214.7
    United States
    United States – District of Columbia

    208.54.144.207
    United States
    United States

    172.253.9.2
    United States
    United States – District of Columbia

    172.253.210.66
    United States
    United States – District of Columbia

    172.253.214.4
    United States
    United States – District of Columbia

    172.253.214.14
    United States
    United States – District of Columbia

    172.253.10.5
    United States
    United States – District of Columbia

    172.253.214.1
    United States
    United States – District of Columbia

    208.54.144.221
    United States
    United States

    172.253.214.111
    United States
    United States – District of Columbia

    74.125.18.69
    United States
    United States – District of Columbia

    172.253.214.10
    United States
    United States – District of Columbia

    173.194.168.194
    United States
    United States – District of Columbia

    208.54.144.203
    United States
    United States

    74.125.18.65
    United States
    United States – District of Columbia

    172.253.8.4
    United States
    United States – District of Columbia

    208.54.144.215
    United States
    United States

    172.253.210.74
    United States
    United States – District of Columbia

    172.253.210.68
    United States
    United States – District of Columbia

    208.54.144.219
    United States
    United States

    172.253.214.106
    United States
    United States – District of Columbia

    172.253.10.2
    United States
    United States – District of Columbia

    74.125.18.1
    United States
    United States – District of Columbia

    172.253.210.79
    United States
    United States – District of Columbia

    nslookup -q=TXT mylocation.whois.dnscontest.cleanbrowsing.org 185.228.168.10
    Server: adult-filter-dns.cleanbrowsing.org
    Address: 185.228.168.10

    DNS request timed out.
    timeout was 2 seconds.
    *** Request to adult-filter-dns.cleanbrowsing.org timed-out

    http://www.google.com
    Server: NandN1
    Address: 192.168.1.1

    DNS request timed out.
    timeout was 2 seconds.
    Non-authoritative answer:
    Name: http://www.google.com
    Addresses: 2001:4860:4802:32::78
    216.239.38.120

    C:\Windows\System32>nslookup -type=txt whoami.lua.powerdns.org
    Server: NandN1
    Address: 192.168.1.1

    Non-authoritative answer:
    whoami.lua.powerdns.org text =

    “38.140.127.218”

    C:\Windows\System32>

    C:\Windows\System32>nslookup -type=txt -class=chaos version.bind 185.228.168.10
    Server: adult-filter-dns.cleanbrowsing.org
    Address: 185.228.168.10

    version.bind text =

    “dnsmasq-2.80”

    C:\Windows\System32>

    Link to my custom setup instructions in Google Doc here.

    DNSleaktest.com Results:
    Test complete
    Query round Progress… Servers found
    1 …… 1
    2 …… 2
    3 …… 1
    4 …… 4
    5 …… 2
    6 …… 2
    IP Hostname ISP Country
    147.75.75.137 dns-edge-usa-east-newjersey-p.cleanbrowsing.org. Packet Host Parsippany, United States
    208.54.144.198 None T-Mobile USA Seattle, United States
    208.54.144.208 None T-Mobile USA Seattle, United States
    208.54.144.215 None T-Mobile USA Seattle, United States
    38.140.127.218 dns-edge-usa-east-chicago-c-cleanbrowsing.org. Cogent Communications Lombard, United States

    • This topic was modified 2 years, 11 months ago by barkena. Reason: Added DNSLeakTest info
    October 20, 2020 at 1:51 pm

    Just ran this command again and got different results than above:

    C:\Windows\System32>nslookup -q=TXT mylocation.whois.dnscontest.cleanbrowsing.org 185.228.168.10
    Server: adult-filter-dns.cleanbrowsing.org
    Address: 185.228.168.10

    DNS request timed out.
    timeout was 2 seconds.
    Non-authoritative answer:
    mylocation.whois.dnscontest.cleanbrowsing.org text =

    “CleanBrowsing: dns-edge-usa-east-chicago-c, 185.228.168.168”