How to Debug DNS Filtering with Browser DevTools

Use your browser's built-in Developer Tools to diagnose blocked requests, capture network traffic, and troubleshoot DNS filtering issues with CleanBrowsing.

Step 1: Open Developer Tools

Every modern browser includes Developer Tools (DevTools) for inspecting network activity. This is the fastest way to see exactly what your browser is requesting and what gets blocked by DNS filtering.

Keyboard Shortcuts
BrowserWindows / LinuxmacOS
Google ChromeF12 or Ctrl + Shift + ICmd + Option + I
Mozilla FirefoxF12 or Ctrl + Shift + ICmd + Option + I
Microsoft EdgeF12 or Ctrl + Shift + ICmd + Option + I
SafariN/ACmd + Option + I (enable first — see below)

Safari: DevTools must be enabled manually. Go to Safari → Settings → Advanced and check "Show features for web developers". After that, the Develop menu appears in the menu bar.

You can also right-click any element on a page and select "Inspect" or "Inspect Element" to open DevTools directly.

Step 2: Network Tab Basics

The Network tab records every request the browser makes — HTML pages, scripts, images, API calls, and DNS-related lookups. This is where you can see the effect of DNS filtering in real time.

What to Look For
  1. Open the Network tab and reload the page (Ctrl + R / Cmd + R). Check "Preserve log" so entries persist across page loads.
  2. Filter by domain: Use the filter bar to search for a specific domain (e.g., ads.example.com). This helps isolate requests to domains that should be blocked.
  3. Check status codes: Blocked domains may show:
    • Failed / (failed) — DNS resolution returned NXDOMAIN (domain doesn't exist), which means CleanBrowsing blocked it
    • 301 / 302 redirects — The request was redirected to a CleanBrowsing block page
    • ERR_NAME_NOT_RESOLVED — The browser could not resolve the domain (DNS block)
  4. Timing waterfall: Click any request and open the Timing tab. A long "DNS Lookup" time may indicate DNS resolution issues. Normal DNS lookups complete in under 50ms.

Tip: Right-click the column headers to add a "Domain" column for easier sorting and filtering.

Step 3: Capture a HAR File

A HAR (HTTP Archive) file is a JSON-formatted log of all network requests your browser made, including URLs, headers, response codes, timing data, and DNS resolution details. HAR files are the gold standard for sharing network diagnostics.

Chrome / Edge
  1. Open DevTools and go to the Network tab
  2. Check "Preserve log" to keep entries across navigations
  3. Reproduce the issue (visit the page or trigger the blocked request)
  4. Click the download icon (down arrow) or right-click in the request list and select "Save all as HAR with content"
Firefox
  1. Open DevTools → Network tab
  2. Enable "Persist Logs" from the gear icon
  3. Reproduce the issue
  4. Click the gear icon and select "Save All As HAR"
Safari
  1. Open the Network tab in Web Inspector
  2. Reproduce the issue
  3. Click "Export" in the top-right corner of the Network tab
What a HAR File Contains
  • Every HTTP/HTTPS request and response (URL, method, status code)
  • Request and response headers
  • Timing breakdowns (DNS lookup, TCP connect, TLS handshake, time-to-first-byte)
  • Response body content (if captured)

Step 4: Analyze a HAR File

Once you have a HAR file, you can analyze it to pinpoint DNS filtering issues.

Online HAR Viewers
  • Google Admin Toolbox HAR Analyzer — paste or upload your HAR file for a visual timeline
  • HAR Viewer (softwareishard.com) — open-source HAR visualizer
What to Look For
  1. Blocked domains: Look for requests with 0 bytes transferred and (failed) status. These indicate DNS-level blocks.
  2. Redirect chains: Multiple 301/302 redirects leading to a block page confirm CleanBrowsing intercepted the request.
  3. Slow DNS resolution: In the timing breakdown, DNS lookup times over 200ms may indicate network issues or misconfiguration.
  4. DoH bypass indicators: Search the HAR for requests to DNS-over-HTTPS endpoints like dns.google, cloudflare-dns.com, or mozilla.cloudflare-dns.com. If you see these, the browser or an extension may be bypassing your network's DNS settings. See our Harden Chrome or Harden Edge guides to fix this.

Step 5: Console & DNS Debugging

The Console tab in DevTools shows errors and warnings that can reveal DNS filtering in action.

Common Console Messages
  • net::ERR_NAME_NOT_RESOLVED — The domain was blocked at the DNS level (NXDOMAIN response). This is expected for domains on your block list.
  • net::ERR_CONNECTION_REFUSED — The connection was rejected, possibly by a block page or firewall rule.
  • Failed fetch() or XMLHttpRequest calls — JavaScript making API calls to blocked domains will log errors here. Check the domain in the error message.
  • Mixed-content warnings — If a blocked resource was loaded over HTTP on an HTTPS page, the browser may block it independently of DNS filtering.
Identifying Unexpected DNS Queries

Some apps, browser extensions, or embedded scripts make DNS queries you may not expect. To identify them:

  1. Open the Network tab and clear all entries
  2. Browse normally for a few minutes
  3. Sort by Domain and look for unfamiliar domains
  4. Right-click a suspicious request and select "Copy → Copy as cURL" to investigate it further

Common culprits include analytics trackers, ad networks, telemetry endpoints, and browser extensions making background requests.

Step 6: Share Diagnostics With Support

When contacting CleanBrowsing support, sharing a HAR file and relevant details helps us diagnose issues faster.

What to Include
  1. HAR file captured while reproducing the issue
  2. Browser and version (e.g., Chrome 122 on Windows 11)
  3. The domain or URL that was unexpectedly blocked or allowed
  4. Your CleanBrowsing filter (Free Family, Free Adult, Free Security, or paid plan with account email)
  5. Screenshots of the block page or error message
  6. Console errors (right-click in Console → "Save as..." to export the log)
Privacy Warning

HAR files may contain sensitive data including cookies, authentication tokens, session IDs, and form data. Before sharing:

  • Review the HAR file in a text editor and remove any Set-Cookie, Authorization, or Cookie headers you don't want to share
  • Use a HAR sanitizer tool to strip sensitive headers automatically
  • Only capture the specific requests relevant to the issue rather than a full browsing session

Email your HAR file and details to support@cleanbrowsing.org and we'll investigate.

Related Guides

Common Questions & Troubleshooting
Verify Your DNS Configuration
Clear DNS Cache (Browser)
Harden Google Chrome
Command-Line DNS Tools

Need more help?

Contact our support team for assistance.

Contact Support