Unbound DNS if compiled with --with-libnghttp2 can listen for DoH and your Unbound/Pihole can forward to any destination you desire. This is what it looks like on my firewall:

    # https://doh-int.mydomain.net/dns-query
        interface: [ip of lan port]@443
        interface: [ip of wifi port]@443
        https-port: 443
        http-max-streams: 220
        tls-service-key: "/etc/unbound/keys.d/unbound_server.key"
        tls-service-pem: "/etc/unbound/keys.d/unbound_server.pem"

    ip route add blackhole "${IP}" 2>/dev/null

If the childs account is not able to gain admin privs then their ability to change settings can be disabled.

> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?

The better question is "Why do I need to give up privacy on my devices that no children ever use and are used for all sorts of mundane things that are entirely unrelated to what you're trying to protect your children from to solve this problem?" The solution being proposed here is to require ID checks at the OS installation level; this would be like requiring me to flash my ID when I walk out of my house because kids would have to go outside if they were going to try to buy alcohol.

Well, you can't.

Like no past generation could stop their kids.

> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?

> before they're ready to handle it

You can restrict any access for the network to them. Extra bonus, this will save your child from addiction.

That's an interesting problem. Even if you have full control over your children's devices they can still simply toggle the DoH feature back on unless you do complicated enterprise style device management things.

However DoH isn't obfuscated and in order to operate the list of resolvers that firefox uses must be published somewhere. It follows that you should be able to filter the major DoH providers at your gateway.

Support getting rid of Citizens United and support your representatives to support enforcing antitrust.

This is the main problem that needs to be addressed. Everything else is just a byproduct of it. If you support the by product of what was created by conditions that are not being address, you only make the problem worse.

You but them smartphones, tables, laptops, and internet access and then complain there is too much access?

If your kids are in the smart 1% who can bypass your authority, they will. Be proud. For the rest, we don't need a police atate

You could block the default DoH services for Firefox, I reckon.

You describe a use case for you. That's fine.

Here we talk about use cases for EVERYONE. I don't see how your use case is fine for me, because I personally do not agree with it on any level at all whatsoever. You believe in restriction. I don't. There is no common ground here.

> It's not realistic for me to be watching over their shoulders 24/7

Is this your job? At which age will you stop monitoring them?

> what can I do to keep them away from stuff 99% of people agree isn't for children to see

99%? Where do you get those numbers from?

Besides, what stuff anyway? Even then the issue isn't about your kids. It is about laws for EVERYONE.

> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?

Nothing. VPNs exist (including free ones), some of classmates will have unlocked devices, etc.

Next question?