What Parents Need to Know About Secure DNS

If you've set up content filtering on your home network — CleanBrowsing, OpenDNS, or a parental control router — there's a browser feature you need to know about. It's called "Secure DNS" and it's designed to protect privacy. The unintended consequence? It can completely bypass your home content filters.

This isn’t about panic. It’s about understanding what the technology does, why it exists, and how to make informed decisions about your family’s online safety.

What is DNS?

Before we talk about “Secure DNS,” let’s cover the basics.

DNS stands for Domain Name System. It’s like a phone book for the internet. When you type “google.com” into your browser, your device needs to find Google’s actual address (a number like 142.250.70.142). DNS looks up that address for you.

By default, your home network uses DNS provided by your internet service provider — Telstra, Aussie Broadband, TPG, or whoever. They look up addresses for you automatically.

How DNS filtering works

DNS filtering services like CleanBrowsing work by replacing your ISP’s DNS with their own. When someone on your network tries to visit an adult website, CleanBrowsing’s DNS simply refuses to provide the address. The website won’t load.

This works brilliantly — as long as every device on your network uses your chosen DNS. And by default, they do.

Enter “Secure DNS”

Here’s where it gets complicated.

Traditional DNS requests are sent in plain text. Your internet provider can see every website lookup you make. So can anyone else monitoring the network (like a coffee shop owner, or a hacker on public WiFi).

Secure DNS (technically called DNS-over-HTTPS or DoH) encrypts these lookups. Instead of sending requests in plain text, they’re wrapped in the same encryption used for online banking. No one can see what you’re looking up — not your ISP, not your employer, not anyone monitoring the network.

Why browsers added this feature

Browser makers — Google, Mozilla, Microsoft, Apple — added Secure DNS for legitimate privacy reasons:

1. Protecting users on public WiFi — At a coffee shop or airport, you don’t want the network owner seeing your browsing
2. Preventing ISP tracking — Some ISPs sell browsing data to advertisers
3. Stopping DNS hijacking — Malicious networks can redirect you to fake websites

These are real problems, and Secure DNS genuinely solves them.

The parental control problem

Here’s the unintended consequence: when a browser uses Secure DNS, it bypasses your router entirely. It doesn’t ask your CleanBrowsing-filtered DNS for website addresses — it asks Cloudflare or Google directly.

Your content filter never sees the request. It can’t block what it doesn’t see.

This isn’t a hack or a bug. It’s how the feature is designed to work. The browser makes its own encrypted connection to a DNS provider of its choice, and your home network has no visibility into what’s happening.

How easy is it to enable?

Very easy. In Chrome:

1. Go to Settings → Privacy and Security → Security
2. Turn on “Use secure DNS”
3. Select a provider (Cloudflare is the default option)

No admin password required. No special permissions. Just three clicks.

Any teenager who Googles “how to bypass internet filter” will find instructions within seconds.

What you can do

Understand the limitations

First, accept that content filtering has never been perfect. Kids have always been able to use mobile data, borrow a friend’s device, or access content elsewhere. Secure DNS is just another potential bypass method.

Check devices regularly

Know what to look for in each browser’s settings. This article shows you exactly how to check.

Consider network-level blocking

It’s possible to block connections to Secure DNS providers at your router. This forces browsers to fall back to your filtered DNS. Here’s a technical guide if you’re comfortable with router configuration.

Use device management for younger kids

Apple Screen Time and Google Family Link give you control over device settings. For younger children whose devices you manage, you can prevent them from changing these settings in the first place.

Have conversations

The most tech-savvy kids will always find workarounds. Content filtering buys you time and catches casual access, but it’s not a substitute for ongoing conversations about online safety.

When Secure DNS is actually useful

This isn’t all bad news. There are situations where Secure DNS makes sense:

• Public WiFi — At cafes, airports, hotels, you absolutely want this protection
• Privacy-conscious adults — If you don’t want your ISP tracking your browsing
• Avoiding ISP DNS issues — Some ISPs have unreliable DNS that causes slowdowns

For adults managing their own devices, it’s a legitimate privacy feature. The challenge is when it conflicts with parents trying to protect younger users.

Getting help

If you’re not sure whether your current setup is actually protecting your family, or you want a professional assessment of bypass vulnerabilities, that’s something I help with.

Related reading

• Is Your Child Bypassing Your Internet Filter Right Now? — The quick version with step-by-step device checks
• Block Adult Content on Home WiFi (Free, 5 Minutes) — How to set up DNS filtering
• How to Block DNS-over-HTTPS on Your Home Network — Technical guide for blocking bypass methods

Serving Geelong, Surf Coast, and Bellarine Peninsula.

Why Oh WiFi · 0489 998 445 · hello@whyohwifi.com.au