You spent an evening setting up parental controls on your router. CleanBrowsing, OpenDNS, or a “family safe” router. You feel good about protecting your kids online. Then your teenager Googles “how to bypass internet filter” and finds the answer in about 30 seconds. I see this in Geelong homes constantly.
The time it takes a teenager to flip one browser setting and silently route around every parental-control filter on your home WiFi. No admin password, no app, no trace.
Real online safety isn’t a single magic switch. It’s layered controls plus ongoing conversations. A WiFi filter is a speed bump for younger kids — useful, just not a substitute for actually talking with them.
Your filter is now useless.
This isn’t a hack. It’s not something they downloaded from a dodgy website. It’s a setting built into Chrome, Edge, Firefox, and Safari — marketed as a “privacy feature” that just happens to completely bypass every content filter on your home network.
In Chrome: Settings → Privacy and Security → Security → Turn on “Use secure DNS” → Select Cloudflare.
That’s it. No admin password needed. No app to install. No trace for you to find.
What actually happens
When your kid enables “Secure DNS” (technically called DNS-over-HTTPS), their browser stops asking your router which websites to connect to. Instead, it asks Cloudflare or Google directly — through an encrypted connection you can’t see or filter.
How Secure DNS Bypasses Your Filter
Your CleanBrowsing filter? Ignored. Your Pi-hole ad blocker? Bypassed. That $200 “parental control router” you bought? Completely bypassed.
Why does this even exist?
Here’s where it gets frustrating. “Secure DNS” was designed for a legitimate purpose: stopping your internet provider from snooping on which websites you visit.
When you use regular DNS, your ISP (Telstra, Aussie Broadband, whoever) can see every website lookup you make. With Secure DNS, that lookup is encrypted — your ISP can’t see it.
For privacy on public WiFi, this is genuinely useful. If you’re at a coffee shop or airport, you probably don’t want the network owner seeing your browsing.
But at home? The encryption that protects you from ISP snooping also protects your kids from your parental controls. The “secure” in the name makes it sound like a good thing — and that’s exactly the problem.
A feature designed to protect privacy from corporations is being used by children to bypass protection from their parents. The same encryption that stops your ISP snooping also stops you from keeping your kids safe.
Is your child using this right now?
Here’s how to check each device:
Chrome (Most Common)
- Open Chrome → three dots menu → Settings
- Go to Privacy and security → Security
- Look for “Use secure DNS”
If it says “Off” or “With your Internet service provider” — your filter is working
If it says “With Cloudflare” or “With Google” or any custom provider — they’re bypassing your filter
Microsoft Edge
- Open Edge → three dots menu → Settings
- Go to Privacy, search, and services
- Scroll to Security → Use secure DNS
Same deal: if it’s on with any provider other than your ISP, the filter is bypassed.
Firefox
- Open Firefox → hamburger menu → Settings
- Search for “DNS” or go to Privacy & Security
- Look for “Enable DNS over HTTPS”
If it’s enabled with Cloudflare, NextDNS, or any custom URL — bypassed.
Safari (iPhone/iPad)
Safari doesn’t have its own Secure DNS setting. Instead, Apple has something called Private Relay that does the same thing:
- Go to Settings → tap your name at top → iCloud
- Look for Private Relay
- If it’s ON — Safari traffic bypasses your home filter
Wondering if your filter is actually working on a device? Try visiting a test page that should be blocked. If it loads, something is bypassing your protection.
What can you do about it?
Option 1: Turn it off on their devices
Go through each device manually and disable Secure DNS.
The problem: They can turn it back on the moment you’re not looking. And they will.
Option 2: Block it at your router
You can configure your network to block connections to known Secure DNS providers like Cloudflare and Google’s DNS-over-HTTPS servers. This forces the browser to fall back to your filtered DNS.
The problem: This requires some technical knowledge. I’ve written a step-by-step guide on how to block DNS-over-HTTPS if you want to tackle it yourself.
Option 3: Use device management
For younger children, Apple’s Screen Time and Google Family Link give you actual control over device settings — including the ability to prevent them changing these settings.
The problem: Teenagers often have devices you can’t fully manage. And they’re the ones most likely to find these workarounds.
The honest truth
Here’s something I tell every parent I work with: determined teenagers will always find workarounds.
Secure DNS is just one method. There’s also VPNs, Tor browser, mobile data (just turn off WiFi), borrowing a friend’s phone, accessing content at their friend’s house…
Content filtering isn’t a lock — it’s a speed bump. It catches casual access and accidental exposure. It stops young kids stumbling onto things they shouldn’t see. It doesn’t stop a motivated 15-year-old with YouTube tutorials and half an hour to spare.
Real online safety comes from multiple layers:
- Technical controls (like DNS filtering) to catch casual access
- Device boundaries around when and where devices are used
- Ongoing conversations about online safety
- Age-appropriate trust as kids demonstrate responsibility
No single tool is the answer. They all work together.
Want someone to check your setup?
If you’re not sure whether your current protection is actually working — or you want someone to check all the bypass methods across your family’s devices — that’s exactly what I do.
Family WiFi Safety - $149
- Check if your DNS filtering is actually working
- Identify Secure DNS bypass on every browser
- Review VPN and Private Relay settings
- Check mobile data bypass potential
- Plain English summary of what’s protected and what isn’t
or call 0489 998 445
Related reading
- Block adult content on home WiFi (free, 5 minutes) — How to set up DNS filtering in the first place
- What parents need to know about Secure DNS — A calmer explanation of how this technology works
- How to block DNS-over-HTTPS on your home network — Technical guide for blocking bypass methods
- Family Network Health Check — The $149 service that audits all the bypass paths
Common questions
What is Secure DNS / DNS-over-HTTPS?+
Secure DNS (technically DNS-over-HTTPS or DoH) is a feature built into modern browsers that encrypts the lookup of website addresses. Instead of asking your home router (and your filter) where a site is, the browser asks a third-party server like Cloudflare directly. The lookup is hidden, which means your router-based filter can't see what's being requested.
Why is Secure DNS turned on by default in some browsers?+
Browser vendors enable it for genuine privacy reasons — to stop ISPs and public WiFi operators from logging which websites users visit. The same encryption that helps in a coffee shop unfortunately also helps a teenager bypass parental controls at home.
Can I just turn off Secure DNS on my child's device?+
Yes, but only as a starting point. They can re-enable it in 30 seconds the moment you turn around. Long-term you need a router-level approach (block the well-known DoH servers) plus device management like Apple Screen Time or Google Family Link.
Does turning off Apple Private Relay break iCloud or iPhone features?+
No — Private Relay is a Safari-and-Mail feature, not a core iCloud function. Turning it off keeps your storage, photos, backups and everything else working exactly the same.
If determined teenagers can always find a workaround, is filtering even worth doing?+
Yes. Most kids who land on adult content do so accidentally — a misclicked ad, a redirect, a curious search. DNS filtering and Secure DNS blocking shut down 90% of the casual and accidental stuff, even if a determined teenager will eventually route around it.
What does the Family Network Health Check actually test for?+
Every bypass I know about: each browser's Secure DNS state, Apple Private Relay status, VPN apps installed, mobile data fallback, guest networks, and more. You walk away with a written summary of what's actually filtered vs what isn't.
Serving Geelong, Surf Coast, and Bellarine Peninsula.
Why Oh WiFi · 0489 998 445 · hello@whyohwifi.com.au