You spent an evening setting up parental controls on your router. CleanBrowsing, OpenDNS, or maybe a fancy "family safe" router. You feel good about protecting your kids online. Then your teenager Googles "how to bypass internet filter" and finds the answer in about 30 seconds.
Your filter is now useless.
This isn’t a hack. It’s not something they downloaded from a dodgy website. It’s a setting built into Chrome, Edge, Firefox, and Safari — marketed as a “privacy feature” that just happens to completely bypass every content filter on your home network.
In Chrome: Settings → Privacy and Security → Security → Turn on "Use secure DNS" → Select Cloudflare.
That's it. No admin password needed. No app to install. No trace for you to find.
What actually happens
When your kid enables “Secure DNS” (technically called DNS-over-HTTPS), their browser stops asking your router which websites to connect to. Instead, it asks Cloudflare or Google directly — through an encrypted connection you can’t see or filter.
How Secure DNS Bypasses Your Filter
Your CleanBrowsing filter? Ignored. Your Pi-hole ad blocker? Bypassed. That $200 “parental control router” you bought? Completely bypassed.
Why does this even exist?
Here’s where it gets frustrating. “Secure DNS” was designed for a legitimate purpose: stopping your internet provider from snooping on which websites you visit.
When you use regular DNS, your ISP (Telstra, Aussie Broadband, whoever) can see every website lookup you make. With Secure DNS, that lookup is encrypted — your ISP can’t see it.
For privacy on public WiFi, this is genuinely useful. If you’re at a coffee shop or airport, you probably don’t want the network owner seeing your browsing.
But at home? The encryption that protects you from ISP snooping also protects your kids from your parental controls. The “secure” in the name makes it sound like a good thing — and that’s exactly the problem.
A feature designed to protect privacy from corporations is being used by children to bypass protection from their parents. The same encryption that stops your ISP snooping also stops you from keeping your kids safe.
Is your child using this right now?
Here’s how to check each device:
Chrome (Most Common)
- Open Chrome → three dots menu → Settings
- Go to Privacy and security → Security
- Look for “Use secure DNS”
Microsoft Edge
- Open Edge → three dots menu → Settings
- Go to Privacy, search, and services
- Scroll to Security → Use secure DNS
Same deal: if it’s on with any provider other than your ISP, the filter is bypassed.
Firefox
- Open Firefox → hamburger menu → Settings
- Search for “DNS” or go to Privacy & Security
- Look for “Enable DNS over HTTPS”
If it’s enabled with Cloudflare, NextDNS, or any custom URL — bypassed.
Safari (iPhone/iPad)
Safari doesn’t have its own Secure DNS setting. Instead, Apple has something called Private Relay that does the same thing:
- Go to Settings → tap your name at top → iCloud
- Look for Private Relay
- If it’s ON — Safari traffic bypasses your home filter
Wondering if your filter is actually working on a device? Try visiting a test page that should be blocked. If it loads, something is bypassing your protection.
What can you do about it?
Option 1: Turn it off on their devices
Go through each device manually and disable Secure DNS.
The problem: They can turn it back on the moment you’re not looking. And they will.
Option 2: Block it at your router
You can configure your network to block connections to known Secure DNS providers like Cloudflare and Google’s DNS-over-HTTPS servers. This forces the browser to fall back to your filtered DNS.
The problem: This requires some technical knowledge. I’ve written a step-by-step guide on how to block DNS-over-HTTPS if you want to tackle it yourself.
Option 3: Use device management
For younger children, Apple’s Screen Time and Google Family Link give you actual control over device settings — including the ability to prevent them changing these settings.
The problem: Teenagers often have devices you can’t fully manage. And they’re the ones most likely to find these workarounds.
The honest truth
Here’s something I tell every parent I work with: determined teenagers will always find workarounds.
Secure DNS is just one method. There’s also VPNs, Tor browser, mobile data (just turn off WiFi), borrowing a friend’s phone, accessing content at their friend’s house…
Content filtering isn’t a lock — it’s a speed bump. It catches casual access and accidental exposure. It stops young kids stumbling onto things they shouldn’t see. It doesn’t stop a motivated 15-year-old with YouTube tutorials and half an hour to spare.
Real online safety comes from multiple layers:
- Technical controls (like DNS filtering) to catch casual access
- Device boundaries around when and where devices are used
- Ongoing conversations about online safety
- Age-appropriate trust as kids demonstrate responsibility
No single tool is the answer. They all work together.
Want someone to check your setup?
If you’re not sure whether your current protection is actually working — or you want someone to check all the bypass methods across your family’s devices — that’s exactly what I do.
Family Network Health Check
$79 normally $159
50% off until 28 February 2026
- Check if your DNS filtering is actually working
- Identify Secure DNS bypass on every browser
- Review VPN and Private Relay settings
- Check mobile data bypass potential
- Plain English summary of what's protected and what isn't
or call 0489 998 445
Related reading
- Block Adult Content on Home WiFi (Free, 5 Minutes) — How to set up DNS filtering in the first place
- What Parents Need to Know About Secure DNS — A calmer explanation of how this technology works
- How to Block DNS-over-HTTPS on Your Home Network — Technical guide for blocking bypass methods
Serving Geelong, Surf Coast, and Bellarine Peninsula.
Why Oh WiFi · 0489 998 445 · hello@whyohwifi.com.au