Edit iptables firewall rules via the iptables.conf file or shell commands to transparently redirect outbound DNS traffic, which can prevent ISPs from transparent proxying DNS traffic or end-users from utilizing 3rd-party DNS servers to circumvent DNSFilter filtering policies.

Apply this logic to any firewall make/model.

iptables.conf

*nat
    :PREROUTING ACCEPT [2:143]
    :INPUT ACCEPT [2:143]
    :OUTPUT ACCEPT [0:0]<br>:POSTROUTING ACCEPT [2:134]
    -A OUTPUT -p udp -m udp --dport 53 -j DNAT --to-destination 103.247.36.36:5353
    -A OUTPUT -p tcp -m tcp --dport 53 -j DNAT --to-destination 103.247.37.37:5353

Shell commands

iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 103.247.36.36:5353 
 iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 103.247.37.37:5353