Does the Synology RT6600AX block a particular adult site?

[road hazard]

Thinking about buying a Synology RT6600AX but was wondering something. On my ASUS AX86U (with web/content filtering enabled and the adult category blocked) ..... and when using 3rd party programs.... I'm shocked/surprised that the 'adult' category doesn't block some sites that are obviously pornographic in nature. Can anyone with the RT6600AX block adult content and try to access these pages and tell me if they load just fine or get blocked?:

playboy . com
hustler . com
xhamster . com

Don't block the specific url's, just turn on the blocking of adult content and see if those sites get blocked by that policy.

Thanks

 

[Samuel_1975]

Yes, it is possible to block to a certain extent with dns 1.1.1.3, but as I said, you can unfortunately bypass it with software, but if you don't

https://www.asuswrt-merlin.net/sites/default/files/pictures/DNS_Director.png

 

[sfx2000]

they have their tools...

 

[road hazard]

Yes, it is possible to block to a certain extent with dns 1.1.1.3, but as I said, you can unfortunately bypass it with software, but if you don't

https://www.asuswrt-merlin.net/sites/default/files/pictures/DNS_Director.png

It seems every time I mess around with alternative firmware for my AX86U, I end up with weird problems and always move back to the official firmware.

I forgot to mention this originally, but another category that failed basic testing was when I enabled blocking of gambling sites. Vegasworld . com still loaded.

When using the filtering built into my AX86U, Adguard Home, Open DNS (and a few others), none of them (on their own) were able to correctly block the following sites with the adult and gambling filtering active:

playboy . com
hustler . com
xhamster . com
vegasworld . com

Not directed to you but if anyone could please go into your RT6600AX and block adult content and gambling and let me know if those sites worked or were blocked, I'd really appreciate it.

 

[road hazard]

they have their tools...

View attachment 62494

If you have an RT6600AX, could you please carry out my test?

 

[Tech9]

When using the filtering built into my AX86U, Adguard Home, Open DNS (and a few others), none of them (on their own) were able to correctly block the following sites with the adult and gambling filtering active:

Most likely because your clients go around on-router blocking using different and/or encrypted DNS or VPN/proxy. In order to ensure better blocking efficiency you have to use DNS interception and redirection plus block port 853 (DoT), known DoH servers (additional blocklist) and known VPN/proxy services (additional blocklist). Some private DNS services like iCloud Private Relay use QUIC and you need to block port 80/433 UDP. This will make DPI engine based App traffic recognition better as well, but will slow down Google services using QUIC. Just one blocking method is not enough. Everything above becomes useless if we are talking about mobile device with mobile network access. Android and iOS have built-in parental control on-device.

If you have an RT6600AX, could you please carry out my test?

The test will probably pass/fail depending on the client because of the above. The result is not directly applicable to your clients.

 

[RMerlin]

People wanted things like DoH? Well, this is the consequence.

So many people thought I was just a hater when I warned about DoH being a potential nightmare for network management, as it was explicitly designed to work around firewalls and network management. Now people realize that it also applies to their own LAN management, not just at the ISP level.

 

[Tech9]

People wanted things like DoH? Well, this is the consequence.

Indeed. Now the clients fight for own “privacy” without even asking. Good thing we know where they go most of the time.

 

[sfx2000]

If you have an RT6600AX, could you please carry out my test?

Not really interested, as this runs my primary network...

The Threat Prevention and Safe Access Packages can be a bit rough on the internal storage...

Anyways - I would suggest going for an DNS-based solution - OpenDNS, Cloudflare Public DNS and others have solutions there.

@RMerlin - yeah, I'm on your side regarding DoH - mostly due to malware if nothing else...

 

[kuchkovsky]

People wanted things like DoH? Well, this is the consequence.

Actually, DoH support (via nextdns-cli) was the main reason I started using Merlin a few years ago. I like DoH because it blends seamlessly with other HTTPS traffic, giving me more privacy and fewer ways for anyone to track, control, or restrict my online activities. I wouldn’t call those restrictions “management”; it’s more like “censorship”. If DoH is bad because it makes it much harder for third parties to mess with your traffic, then HTTPS is bad for the same reason, and everyone should just install a certificate from the government to let the Big Guy watch you. Maybe you’re a terrorist - who knows?

Just my IMHO, of course.

 

[RMerlin]

Actually, DoH support (via nextdns-cli) was the main reason I started using Merlin a few years ago. I like DoH because it blends seamlessly with other HTTPS traffic, giving me more privacy and fewer ways for anyone to track, control, or restrict my online activities. I wouldn’t call those restrictions “management”; it’s more like “censorship”. If DoH is bad because it makes it much harder for third parties to mess with your traffic, then HTTPS is bad for the same reason, and everyone should just install a certificate from the government to let the Big Guy watch you. Maybe you’re a terrorist - who knows?

Just my IMHO, of course.

Except in the case mentioned here, the problem isn't with third parties - it's with your own network. It makes it harder to protect children against harmful websites, as you can no longer properly restrict access to adult sites.

 

[kuchkovsky]

It makes it harder to protect children against harmful websites, as you can no longer properly restrict access to adult sites.

I agree, but I don’t think DoH is the biggest problem here. What if children install VPN apps? What if they enable iCloud Private Relay? What if they switch to mobile data? If they don’t know how to do any of this, you can easily disable DoH on their devices, and everything will work as expected. But if they do know how… well, I don’t think anything will stop them from bypassing these restrictions, apart from more advanced measures like using MDM profiles. And even if the device is completely locked down, a child’s friend might still bring a phone with some naughty stuff to watch together...

 

[sfx2000]

If you have an RT6600AX, could you please carry out my test?

Done...

 

[sfx2000]

Done...

View attachment 62548View attachment 62549View attachment 62549View attachment 62550View attachment 62551View attachment 62552

Here's the deal though - tech is not a replacement for good parenting or policies...

Every one of these items can be bypassed by application of services to get around the great firewalls of certain states like China, Iran, Russia, North Korea...

Most of them are a click over in the Android App Store...

Android App Store - generally this means a mobile phone - I say Android as these can be found fairly cheap as OpenMarket devices, so it needs a cheap sim card...

Tello there is interesting, as Data over there is incredibly cheap - enough so that a 12-yearold male can buy one...

There are others...

 

[sfx2000]

What if they enable iCloud Private Relay?

Well - I have to ask here - iPhone's aren't cheap, esp ones that can run iCloud Private Relay...

Knowing of course that with iCloud and services, one can do some policy management for minors...