Family Filter not always working

I setup Family Filter IP addresses on my DD-WRT router and it only works some of the time. I also have some startup scripts in DD-WRT to force the DNS to re-route to the assigned Family Cleanbrowsing IP addresses. I also have some custom blocks in my command script Firewall as well. My setup is below. I go to DNSLeaktest.com and it usually shows Cleanbrowsing but sometimes includes Google and my ISP DNS addresses as well. I also go to ipleaktest.net and get many leaky IP addresses (57 or so IP addresses show up). Any thoughts why it seems so unstable?

My setup below:
Static DNS 1: 185.228.168.168
Static DNS 2: 185.228.169.168
Static DNS 3: 185.228.168.168
Use DNSMasq for DHCP (checked)
Use DNSMasq for DNS (checked)
DHCP-Authoritative (checked)
Forced DNS Redirection (checked)

DNSMasq
Additional DNSMasq Options
strict-order

(whenever I add anything else besides strict-order here my internet is unstable)

DD-WRT Admin Command Scripts:

Startup
iptables -t nat -A PREROUTING -i br0 -p udp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
iptables -I FORWARD –destination 8.8.8.8 -j REJECT
iptables -I FORWARD –destination 8.8.4.4 -j REJECT

Firewall
iptables -t nat -A PREROUTING -i br0 -p udp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp –dport 53 -j DNAT –to $(nvram get lan_ipaddr)
iptables -I FORWARD –destination 8.8.8.8 -j REJECT
iptables -I FORWARD –destination 8.8.4.4 -j REJECT

iptables -I FORWARD -s badsite.com -j DROP
iptables -I FORWARD -d badsite.com -j DROP (do this for every custom site want to block on router).

This setup works about half the time, but it seems like the router settings only hold for a bit then all of my custom scripts and DNS settings will not hold.

IPLeak.net results show:
Your IP addresses – WebRTC detection
DNS Addresses – 57 servers

DNS Addresses – 57 servers
172.253.9.4
United States
United States – District of Columbia

172.253.210.72
United States
United States – District of Columbia

172.253.210.67
United States
United States – District of Columbia

172.253.210.73
United States
United States – District of Columbia

172.253.210.77
United States
United States – District of Columbia

172.253.214.3
United States
United States – District of Columbia

173.194.168.193
United States
United States – District of Columbia

172.253.9.3
United States
United States – District of Columbia

172.253.214.6
United States
United States – District of Columbia

2607:f8b0:4004:c05::105
United States
United States – District of Columbia

172.253.214.99
United States
United States – District of Columbia

208.54.144.204
United States
United States

208.54.80.125
United States
United States – Minnesota

208.54.144.210
United States
United States

172.253.10.3
United States
United States – District of Columbia

172.253.8.3
United States
United States – District of Columbia

172.253.210.78
United States
United States – District of Columbia

208.54.144.209
United States
United States

172.253.214.8
United States
United States – District of Columbia

172.253.210.71
United States
United States – District of Columbia

172.253.214.104
United States
United States – District of Columbia

74.125.18.67
United States
United States – District of Columbia

172.253.214.16
United States
United States – District of Columbia

172.253.8.1
United States
United States – District of Columbia

172.253.10.1
United States
United States – District of Columbia

172.253.8.2
United States
United States – District of Columbia

74.125.18.66
United States
United States – District of Columbia

172.253.214.110
United States
United States – District of Columbia

172.253.10.4
United States
United States – District of Columbia

172.253.214.101
United States
United States – District of Columbia

208.54.144.200
United States
United States

172.253.8.5
United States
United States – District of Columbia

208.54.144.212
United States
United States

172.253.214.7
United States
United States – District of Columbia

208.54.144.207
United States
United States

172.253.9.2
United States
United States – District of Columbia

172.253.210.66
United States
United States – District of Columbia

172.253.214.4
United States
United States – District of Columbia

172.253.214.14
United States
United States – District of Columbia

172.253.10.5
United States
United States – District of Columbia

172.253.214.1
United States
United States – District of Columbia

208.54.144.221
United States
United States

172.253.214.111
United States
United States – District of Columbia

74.125.18.69
United States
United States – District of Columbia

172.253.214.10
United States
United States – District of Columbia

173.194.168.194
United States
United States – District of Columbia

208.54.144.203
United States
United States

74.125.18.65
United States
United States – District of Columbia

172.253.8.4
United States
United States – District of Columbia

208.54.144.215
United States
United States

172.253.210.74
United States
United States – District of Columbia

172.253.210.68
United States
United States – District of Columbia

208.54.144.219
United States
United States

172.253.214.106
United States
United States – District of Columbia

172.253.10.2
United States
United States – District of Columbia

74.125.18.1
United States
United States – District of Columbia

172.253.210.79
United States
United States – District of Columbia

nslookup -q=TXT mylocation.whois.dnscontest.cleanbrowsing.org 185.228.168.10
Server: adult-filter-dns.cleanbrowsing.org
Address: 185.228.168.10

DNS request timed out.
timeout was 2 seconds.
*** Request to adult-filter-dns.cleanbrowsing.org timed-out

http://www.google.com
Server: NandN1
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: http://www.google.com
Addresses: 2001:4860:4802:32::78
216.239.38.120

C:\Windows\System32>nslookup -type=txt whoami.lua.powerdns.org
Server: NandN1
Address: 192.168.1.1

Non-authoritative answer:
whoami.lua.powerdns.org text =

“38.140.127.218”

C:\Windows\System32>

C:\Windows\System32>nslookup -type=txt -class=chaos version.bind 185.228.168.10
Server: adult-filter-dns.cleanbrowsing.org
Address: 185.228.168.10

version.bind text =

“dnsmasq-2.80”

C:\Windows\System32>

Link to my custom setup instructions in Google Doc here.

DNSleaktest.com Results:
Test complete
Query round Progress… Servers found
1 …… 1
2 …… 2
3 …… 1
4 …… 4
5 …… 2
6 …… 2
IP Hostname ISP Country
147.75.75.137 dns-edge-usa-east-newjersey-p.cleanbrowsing.org. Packet Host Parsippany, United States
208.54.144.198 None T-Mobile USA Seattle, United States
208.54.144.208 None T-Mobile USA Seattle, United States
208.54.144.215 None T-Mobile USA Seattle, United States
38.140.127.218 dns-edge-usa-east-chicago-c-cleanbrowsing.org. Cogent Communications Lombard, United States

• This topic was modified 2 years, 11 months ago by barkena. Reason: Added DNSLeakTest info