Having just upgraded SRM to 1.3.1 I was looking at what's changed and notice two new settings that address DNS over HTTPS and Apple's iCloud Relay. Both these interfere with Safe Access's ability to apply web filtering.
First, Apple's iCloud Relay gets a Block setting in each Profile within Safe Access...
Prior to this (in SRM 1.2.5) you had to have an internal DNS server that resolved (to nowhere specific) for two addresses: mask.icloud.com; mask-h2.icloud.com. Such as like this:
So DNS Server no longer needs master zones for these two addresses, if you wanted to stop using iCloud Relay at home.
Next it's DNS over HTTPS (DOH). SRM has for some time supported using DOH for DNS resolution from clients requesting it from the router. But there was little to stop clients just using DOH directly and so bypassing Safe Access.
In Network Center's Security configuration there is a new option 'Do not allow client devices to use DOH servers'.
First, Apple's iCloud Relay gets a Block setting in each Profile within Safe Access...
Prior to this (in SRM 1.2.5) you had to have an internal DNS server that resolved (to nowhere specific) for two addresses: mask.icloud.com; mask-h2.icloud.com. Such as like this:
So DNS Server no longer needs master zones for these two addresses, if you wanted to stop using iCloud Relay at home.
Next it's DNS over HTTPS (DOH). SRM has for some time supported using DOH for DNS resolution from clients requesting it from the router. But there was little to stop clients just using DOH directly and so bypassing Safe Access.
In Network Center's Security configuration there is a new option 'Do not allow client devices to use DOH servers'.
Give them a go and see if they work for you.