Local Recursive is for when you want to run a recursive DNS server on the same machine with NxFilter. I don't think it's for you.

Which DNS server you want to use as your upstream server? You need to use its IP address only normally as its default port is 53.

In the attached image, I use 8.8.8.8 and 8.8.4.4 as my upstream server. This is what most people do. If you run a recursive DNS server in your network and if it's 192.168.12.1 then you need to add it into Upstream DNS server 1 and the others will be empty.

Actually, I think this is me. I installed NxFilter on this machine, and I have a user account set up on it for the kids. So it would be 192.168.4.55 correct?

NxFilter is basically for network filtering. So, you are supposed to install it on a separated machine and you kids use it as their DNS server. So, we say that it's not a personal DNS filter

However, it sounds like you install it on your kid's machine. In that case, upstream server is not a problem. You can use 8.8.8.8 for that. What you have to do is to use NxFilter IP as your kid's DNS server IP. Set it to 192.168.4.55 if it's your kid's computer IP.

Sorry, I think I'm a little slow. I'm not sure I follow you. Here is what I've done.





Probably way off what it needs to be... but I do now finally see it blocking something:



It doesn't seem to honor the policy I set up though.

These are your situation?

1. 192.168.4.55 is your kid's PC.
2. You run a DNS server on 192.168.12.1.
3. You want to block something from 192.168.4.55.

You don't need other upstream servers than 192.168.12.1. You may have a redundancy by having 8.8.8.8 though. It depends on how stable 192.168.12.1 that is your own DNS server.

However, if I consider your subnet mask that is 255.255.252.0, I am not sure if they can communicate with each other.

127.0.0.1:5353 is not needed unless you have another DNS sever on 192.168.4.55. Do you have it?

Why do you think it's not honoring your policy? Did you block something on Default policy? When something blocked, you need to see the block reason. Those cloudflare-dns.com blocked because of they can by used for DNS over HTTPS to bypass your filtering. So, it's blocked at default.

Thank you for getting back to me. I think I am figuring this out. I removed the newly created "Kids" policy and just checked some categories on the Default policy, and it seems to work now.

I also noticed the whitelist exception domains into "Domains" list didn't seem to work bypass the filter. They did start working when I typed them into the "common bypass" section.

Here is my network config:

192.168.12.1 (ISP Device - T-Mobile 5G Home Internet - I believe this is handing out IP assignments and DNS?)
▲
192.168.4.1 (eero mesh network wi-fi router)
▲
192.168.4.55 (Kid's PC, Has NxFilter Installed on it)

Yes, I want to have dns control on the Kid's PC - because the eero router wants you to pay a monthly subscription to unlock filtering capabilities. The T-mobile router doesn't appear to have the capability. So, I was trying to do it locally on the PC itself. There isn't any other server tools installed on this kids PC. This dns filtering used to be easy to do on my old dlink router that stopped working a decade ago.

I am now trying to get the Block Redirection IP working. Default sends it to 10.0.12.21 (which doesn't exist) and needs to be changed to 127.0.12.21 (which does work), but after I submit changes it reverts to 10.0.12.21

I think you better use 8.8.8.8 and 8.8.4.4 as your upstream DNS servers. Don't use others. It just make things complicated.

When you add a whitelist, you need to set bypass_filter option on its properties to bypass it.

Set Block Redirection IP to 192.168.4.55.

If you want to use multiple policies, you need to enable User Authentication and set policies. However, it's installed on your kid's PC and it only filters its own system then you don't need that.

Ok, great - looks like it is all working. Just one issue. When I put any IP address in the block redirection IP and click submit it does not save the new IP it reverts to the original IP of 10.0.12.21. Is there a way to change it through the browser GUI? Or perhaps a .cfg file?

You probably use v4.6.9.3. There's a bug for updating system setup. Update it to v4.6.9.4.