-
How to block the TikTok app on the router?
Blocking the TikTok app on the router with a DNS block list has been evasive for some people. There were multiple block lists available and the list of domains seemed to be changing over time. A recent reddit post reported that none of the available block lists worked. There were even rumors that TikTok was using DNS-over-HTTPS to avoid being blocked by DNS filters. If this were true, it is impossible for DNS blocking techniques such as pi-hole and OpenDNS to block the TikTok app.In this post, I’m reporting our findings using the pcWRT router to block the TikTok app.
So is TikTok using DNS-over-HTTPS (DOH) to avoid DNS filtering? Our testing on the Samsung S7 showed otherwise. We’ve successfully blocked the TikTok app on the Samsung phone with DNS blocking only.
We entered three domains in our block list to block the TikTok app. And that’s all it took.
But surely it can’t be that easy? Of course not.
Block domains on the pcWRT router are not single domains. For example, when you enter
tiktokv.comin the block list, the router blocks all domains that ends withtiktokv.com, which includemon.tiktokv.com,mon-va.tiktokv.com,frontier-va.tiktokv.com, etc., etc.
The hard part is, if you have to list every single domain to block on your router, it is an almost impossible task. The list of domains to block may be large, and it may be changing over time.
But if you are using pi-hole, the following regular expression list basically does the same thing:
(\.|^)tiktok\.com$
(\.|^)tiktokcdn\.com$
(\.|^)tiktokv\.com$So in conclusion, it is possible to block the TikTok app with DNS only. But it might be challenging if you have to list each and every domain on your router.
Update for Android Private DNS
For phones with Android 9 and above, the user can choose to use DNS-Over-TLS (DoT). Android offers two options, Automatic or manual setup.
When the user chooses “Automatic”, DNS blocking alone suffices to block the TikTok app. Because the DNS server handed out to the smartphone is that of the router, and the router doesn’t support DOH.
When the user enters a Private DNS provider hostname, DNS blocking alone does not block the TikTok app. On the pcWRT router, you’ll need to turn on “Enforce Access Control” on the profile for the smartphone.
If you have another router, you need to block TCP port 853 (the DoT port) in order to block TikTok. But that also blocks all DNS name resolution from the device. Basically you are forcing the user not to use a manually configured DoT server.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
For the record, here’s the list of domains tried by the TikTok app during our test.
api16-core-c-alisg.tiktokv.com
api16-core-c-useast1a.tiktokv.com
api16-core-va.tiktokv.com
api19-core-c-useast1a.tiktokv.com
api19-core-va.tiktokv.com
api19-normal-c-useast1a.tiktokv.com
api21-core-c-alisg.tiktokv.com
api22-core-c-useast1a.tiktokv.com
api22-normal-c-useast1a.tiktokv.com
dm16-alisg.tiktokv.com
dm16-useast1a.tiktokv.com
frontier-va.tiktokv.com
gecko16-normal-c-useast1a.tiktokv.com
log16-normal-c-useast1a.tiktokv.com
mon.tiktokv.com
mon-va.tiktokv.com
pull-cmaf-f16-ab.tiktokcdn.com
pull-cmaf-f16.tiktokcdn.com
pull-cmaf-f5.tiktokcdn.com
pull-f5-ab.tiktokcdn.com
pull-f5.tiktokcdn.com
pull-flv-f11-ab.tiktokcdn.com
pull-flv-f11.tiktokcdn.com
pull-flv-f1-ab.tiktokcdn.com
pull-flv-f1.tiktokcdn.com
pull-flv-l11.tiktokcdn.com
pull-flv-l1.tiktokcdn.com
pull-hls-f11-ab.tiktokcdn.com
pull-hls-f11.tiktokcdn.com
pull-hls-f1-ab.tiktokcdn.com
pull-hls-f1.tiktokcdn.com
pull-hls-f5-ab.tiktokcdn.com
pull-hls-f5.tiktokcdn.com
pull-hls-l11.tiktokcdn.com
pull-hls-l1.tiktokcdn.com
pull-hls-q5.tiktokcdn.com
pull-hls-w5.tiktokcdn.com
pull-q5.tiktokcdn.com
pull-rtmp-f11-ab.tiktokcdn.com
pull-rtmp-f11.tiktokcdn.com
pull-rtmp-f1-ab.tiktokcdn.com
pull-rtmp-f1.tiktokcdn.com
pull-rtmp-l11.tiktokcdn.com
pull-rtmp-l1.tiktokcdn.com
pull-w5.tiktokcdn.com
tiktok.com
webcast16-normal-c-useast1a.tiktokv.com
xlog-va.tiktokv.com
pcWRT supports regular expression. Can i write these ones below in the block list?
(\.|^)tiktok\.com$
(\.|^)tiktokcdn\.com$
(\.|^)tiktokv\.com$
Yes you can use regular expressions with pcWRT. But in this case it is not needed. You can simply enter the three domains as shown in the post, without needing to use regular expressions.
Thanks. Can you give us a way to do a thread subscription to to the blog too?
I want to be notified when there is a new reply.