OPEN DNS and NS50
dyounkin last edited by
I would like to set up OPENDNS on my network and prevent people from changing their DNS. We are running Server 2008 DHCP server using DNS forwarding to opendns. For the dummies that don’t know how to do it they are filtered correctly. The issue is that if someone changes their personal devices DNS to static DNS then they can use Google’s DNS to bypass our opendns. I read in an article that you can block port 53 passthrough to prevent this but I am unsure of how to modify the NS50.
Do I just block port 53? Wouldn’t this Kill all DNS traffic using a NS50?
“Is there a way to force devices to use the openDNS servers? Without accessing the devices themself?”
This depends on your router or merely the firmware it is flashed with. You either block port 53 passthrough with an outbound firewall rule, or you configure traffic redirection for port 53 traffic to the OpenDNS resolver addresses. The first is supported by more routers, the latter is rather rarely found. And there are routers which support neither of them. The “user friendly” they are, the less options you have, especially not with ISP supplied devices.