Tech Lockdown Tech Lockdown
Free Trial

BETA VERSION

Check Your Device's Connection to your DNS policy

Check your device's connection to your content policy.

techlockdown logo
Tech Lockdown Team
|
Updated December 20, 2024

After you've connected a device to your Content Policy, the next important step is to test it's connection and ensure that filtering is correctly enabled.

By default, your Content Policy allows all requests without any kind of filtering. That could mean that you device is connected correctly, although content won't be filtered as expected.

We recommend adding a block rule of any kind to your Content Policy from the dashboard first. This can be done by going to Content Policy > Create Rule.

We have tools available that can help you properly test your content policy rule without the need to visit blocked websites. We strongly recommend using our tools when possible to avoid visiting blocked websites accidentally.

Testing Domains

Each Content Category has it's own Test Domain associated with it. This test domain will be treated as if it matches it's intended category by your Content Policy, so it's much safer to use these Test Domains when possible.

Our three most popular Test Domains are listed below; clicking on them should open them in a new tab:

If you've added a block rule to your Content Policy, we also have an internal test link that should work, regardless of the content being blocked by that rule. Use this domain if you've just added a block rule:

How do I know the Test Domains are being blocked as expected?

If you try to visit a test domain in your browser, you'll see one three messages:

  1. "This is a test website provided by Cloudflare Gateway"
  2. "This Connection is not Private"
  3. "This Website is Blocked"

If you see either the "This Website is Blocked" or "This Connection is not Private", then that category is being blocked correctly.

If you see the "This is a test website provided by Cloudflare Gateway" message instead, that could mean:

  1. That category is not been added to a block rule yet; make sure the category is correctly added and the block rule is enabled.
  2. An allow rule may be overriding your block rule; make sure that allow rules don't conflict with block rules.
  3. If you've confirmed that you have a block rule and that there are no conflicting allow rules, it could be your device's local DNS cache; try visiting the Test Domain in an incognito mode window on your browser.

If the Test Domain is correctly blocked in an incognito mode window, that means your device is correctly connected and your content policy is working as intended. Reset your device's local DNS cache to apply filtering to the rest of the device.

How do I clear my device's local DNS cache?

For most smartphones:

  1. Turn on Airplane mode
  2. Force close any open browsers
  3. Turn off Airplane mode

For Windows computers, open Command Prompt as an Administrator and enter this command:

ipconfig /flushdns

For Mac computers, open Terminal and enter this command (type your Mac's password when prompted)

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
When entering your Mac's password in Terminal...
Your cursor will not move as you type. This is a security feature that prevents someone from seeing how many characters your password has.

In some rare cases, you may need to completely restart your computer to force your cache to completely clear.

Next Up

Bypass Prevention

Prevent Bypass of DNS Content Policy

Ensure that filtering is not bypassed either intentionally or unintentionally.

Read More

Troubleshooting

Check Connectivity to Cloudflare

If you've manually connected your device using DNS settings or by connecting your Router, you'll need to check for a DNS Leak.

Your results should only pull up results for Cloudflare in the ISP column.

If you see other entries, your connection is likely not configured to point to your content policy properly.

If Cloudflare shows up as your ISP, it means that you likely have an issue with your browser caching web browsing results or your Content Policy does not have block rules that match the test domains.

Try switching to DNS only mode

By default, the Warp client will try to use full VPN tunneling. While this ensures your internet traffic is secure, it may not be supported on some devices or networks.

You can switch to DNS only mode from the Tech Lockdown dashboard:

Check that other VPN programs are not enabled or installed

VPNs tend to conflict with filtering, especially if:

  • You connected your router to your Content Policy. 
  • You are trying to enable multiple VPNs at once.

Some customers have reported that switching to DNS Only mode works with their VPN, but this is not always the case. You will need to have either the Cloudflare One App or Cloudflare Warp program installed for this to work.

Re-install the Client

In some cases, the installation process may not have completed correctly or an update caused an issue. We recommend re-installing the client if possible.

For smartphones:

  1. If you have supervised your iPhone, make sure that the "Prevent Removing Apps", "Preventing Installing Apps", and "Restrict New VPN" Config Presets are removed, if applicable. Learn how to do this here .
  2. Uninstall the Cloudflare One App.
  3. Restart your device.
  4. Re-install the Cloudflare One App.

For Windows or Mac computers:

  1. Remove the Content Policy Enforcer tool, if you've installed it. The instructions are a bit different between  Windows and Mac .
  2. Uninstall the Cloudflare Warp program or application.
  3. Restart your device.
  4. Re-install the Cloudflare Warp program or application.

Check for Errors with the Client

On smartphones, open the Cloudflare One App:

On Windows computers, click on the up arrow on the taskbar (it should be next to Wi-Fi settings on the bottom right). Click the Cloudflare icon:

On Mac computers, click the Cloudflare icon on the top right of your screen:

Open chat