<![CDATA[Sites still available even with dnsbl]]>I'm trying to block social media and video sites for the kiddos.

I've tried using pfblockerng categories, and explicitly defining DNS entries for specific sites ( with the categories disabled ) pointing to 10.10.10.1.

For some reason I don't understand a handful of specific sites still make it though with the DNS filtering enabled.

Nslookup shows my blocking address on any sites I'm trying to block, but certain large sites (tiktok, Facebook and reddit especially) still load. What am I doing wrong here?

]]>https://forum.netgate.com/topic/163347/sites-still-available-even-with-dnsblRSS for NodeThu, 12 Mar 2026 19:23:13 GMTWed, 28 Apr 2021 03:10:44 GMT60<![CDATA[Reply to Sites still available even with dnsbl on Sun, 02 May 2021 00:57:06 GMT]]>@nollipfsense I saved and reloaded the changes. Im getting the correct 10.10.10.1 address when I attempt dns lookups. Thanks though.

]]>https://forum.netgate.com/post/980902https://forum.netgate.com/post/980902Sun, 02 May 2021 00:57:06 GMT<![CDATA[Reply to Sites still available even with dnsbl on Sat, 01 May 2021 21:40:56 GMT]]>@timbrigham Not sure whether you're still checking your thread; however, you never mentioned saving the changes you had made, then updating and reload pfBlockerNG (data base).

]]>https://forum.netgate.com/post/980893https://forum.netgate.com/post/980893Sat, 01 May 2021 21:40:56 GMT<![CDATA[Reply to Sites still available even with dnsbl on Wed, 28 Apr 2021 05:24:16 GMT]]>I'm certainly no expert on pfblockerng, as I haven't had to work a content filter or anything for a good 10 years or so...but if I go to tiktok and press F12 I see all kinds of junk like the following:
sf16-scmcdn-va.ibytedos.com/goofy/tiktok/blahblahblah
mcs-va.tiktokv.com
mon-va.byteoversea.com

It might say tiktok in the url; but everything inside is coming out of a giant content delivery network. If all the blocker redirects is the 'name brand' webpage; 99.9% of the content might load just fine, especially with side loading bullcrap that isn't using the normal web front end. Applications on phones and stuff will frequently bypass the front end entirely and rely on the CDN.

When I pull up the simple facebook login page I get a million of these:
static.xx.fbcdn.net
scontent.fapa1-1.fna.fbcdn.net

Similar story with reddit being full of:
www.redditstatic.com
v.redd.it
preview.redd.it
i.redd.it

You owe me two bits for making me load tiktok. I watched 4 videos...I am dumber.

]]>https://forum.netgate.com/post/980252https://forum.netgate.com/post/980252Wed, 28 Apr 2021 05:24:16 GMT