How to block YouTube and Netflix?

[rwmopn2019]

Hi Opnsense community, I'm a new user of Opnsense, I need some help on how to block YouTube and Netflix from clients access. Any previous topic would help. Thank you.

[jimk2048]

On the OPNsense web gui
Services\Unbound DNS\Overrides
Add Domain Overrides for youtube.com and netflix.com and point them to a bogus DNS server, such as 10.1.1.1
Workstations may have DNS cached for youtube.com and netflix.com and may have access until the cache expires

Alternatively;
setup an account at opendns.com
setup custom dns filtering and block youtube.com and netflix.com
configure OPNsense to use OpenDNS in Services\OpenDNS

[rwmopn2019]

Hi jimk2048,

Thank you for your reply, we'll try your suggestion and do some configuration in our OPNsense server.

[donatom3]

The Sensei plugin could pull this off as well. Blocking at unbound would only block it if the users don't figure out they can just change their dns settings. Sensei would inspect the packets and block them even if they use a different dns server.

[mimugmail]

Via IPS and App detection rules it should also work

[hbc]

Blocking at unbound would only block it if the users don't figure out they can just change their dns settings. Sensei would inspect the packets and block them even if they use a different dns server.

You can block any 3rd party dns and just allow your own ones or redirect queries to foreign dns servers to your campus dns. Then people have to use the assigned dns. I would never allow foreign dns server - not only for filtering, but also due to split dns. Even some malware changes dns settings to hijack connections. Better to force the use of the own server.
But with DoH the control over dns is lost anyway.  :(

[tomstephens89]

Use the web proxy and just block the URL?