CleanBrowsing is a DNS-based resolver. This means it needs fully qualified domain names (FQDN) to work correctly. So when it comes to TOR, we can block this: torproject.org but we can’t block the exit nodes that power TOR. So if TOR is already installed, it will continue to work.
What is TOR?
At its core, TOR is about anonymity and privacy. It ensures that you can access whatever you want on the web have a high degree of confidence that you are not being tracked or watched.
The technology is free and easily consumed by novice and advanced users. It routes its traffic through something known as “nodes”. These nodes make up a massive network that routes and bounces traffic around the world until it arrives at its destination. It’s why it is so effective at anonymous communication.
Blocking TOR on your Network
Blocking TOR on your network has to occur at your router. DNS resolvers like CleanBrowsing, or any of the other options in the market, will not be able to completely block TOR.
The reason is because of the architecture we explained above. Each of the nodes are direct IP values, not domain names, which makes it impossible to block at the DNS resolver. The best solution is to track a TOR Node list and use that list to update your network firewall rules with blocks.
If you’re an enterprise, here are a few articles from different providers that can you help you block TOR on your Firewall appliance / network: