Hi
I am using the opendns.com service.
I'm trying to make a rule(s) in my router firewall so that someone can't manually change the dns servers on their pc using this method OpenDNS Community > Forums > IF A USER USE MANUEL DNS, HE PASSES ALL BLOCKING CATS
To see if I am working with the right port I blocked all outbound traffic through port 53 on my router but I can still access websites
What am I doing wrong? I thought port 53 was the DNS port?
TIA
DNS is port 53 TCP/UDP
I have port 53 TCP/UDP blocked but I can still surf the internet
DNS If you use an HTTP(S) proxy then the proxy handles name resolution for you. Also your machine might be using a local DNS server with forwarding configured. In either case if those machines are permitted outbound 53 UDP access then you would still be able to resolve names to IP's when browsing.
Don't know if that helps any.
not sure I understand what you've done.
I'm assuming you've got a network with workstations configured to point to a server as the DNS server and then that is forwarding requests to OpenDNS? What you're trying to do is stop users connecting directly to a DNS server by blocking port 53 outbound on your router? Presumably you're allowing port 53 for requests from the server?
If this is the case then it's not going to work - when you type (eg) EduGeek.net on the workstation, it passes that to your server DNS. It doesn't know the answer and so it goes out through your router to OpenDNS (or whoever).
You could stop your internal DNS from forwarding but then you won't be able to do any web browsing from any machine.
You can set forwarding so that it forwards for a whitelist of domains and drops everything else but that's quite a hard way to do web filtering.
Hi
I will try and explain better this time.
There are 10 pc's which are connected to an ADSL router via a 12 port switch. All 10 pc's are set to get ip & dns servers automatically.
In the router the DNS servers are set to the opendns.com servers.
I noticed the other day that to get past this someone had manually set the DNS servers on a couple of the pc's to something else to bypass the opendns filtering.
This is what I want to stop.
Which router?
Netgear something. I will get the exact model number tomorrow.
On my netgear I did the following and it works perfectly.
Block Services
TCP/UDP 53-53 all IPs
Enable the "Always" as Shedule.
So, now, I can query my router for DNS which gets its answers from upstream DNS provider BUT I cannot from my laptop directly contact any dns servers outside of the network because the router won't allow it.
I believe this is what you're trying to achieve?
Just to confirm these pc's are not connected to a server. They just take there ip & dns settings from the router (apart from when people are manually changing the dns settings on indicidual pc's to bypass the opendns servers)!
What I can't understand is that I have outgoing traffic to port 53 blocked in the router firewall, yet I can still surf the internet
Forget the server, that's not relevant.
If your PC is using the router IP for DNS then of course you can still browse the net, but if you are using 'external' DNS servers then no it shouldn't work which suggests your firewall rule is wrong.
Perhaps a screenshot of the rule would be useful as there is something wrong.
Sorry if I'm not explaining things very well
I will post some screen shots when I get home but to confirm yes all the pc's are using the dns addresses from the router which are set to:-
208.67.222.222
208.67.220.220
If you look at this example picture the outbound rule set on my router is
ENABLE=YES
SERVICE NAME=DNS(:53)
ACTION=BLOCK ALWAYS
LAN USERS=ANY
WAN USERS=ANY
LOG=ALWAYS
I've got it working now but not with my netgear even though it has the latest firmware. On my router blocking the dns port doesn't stop dns traffic so I tried it with another model netgear I had and it works fine.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
