Forum Discussion

Aspirant

Jul 24, 2017

Solved

SRX5308 Block External DNS

I have a small office of engineers. I use OpenDNS as a web filter. Some of them have figured out if they change their DNS settings to point to an external DNS server that they can browes the web...

Solutions

dgordon11
Jul 26, 2017
DaneA,

Thanks for the response.

I found the solution there:
https://community.netgear.com/t5/VPN-Firewalls/Preventing-circumvention-of-OpenDNS-with-firewall-rules/m-p/1331593#M8229

dgordon11

Aspirant

Jul 24, 2017

DaneA
NETGEAR Employee Retired
Jul 26, 2017
Hi dgordon11,

Welcome to the community! :)

Let us try this. Here are the steps below:

1. On the web-GUI of the SRX5308, go to Security > Firewall > LAN WAN Rules.

2. Change the Default Outbound Policy to Block Always then click the Apply button beside it.

3. Based from the screenshot you have posted, delete the Service Names "DNS:TCP" because DNS servers listens to UDP port 53.

4. Enable the Service Names "DNS:UDP" you have configured.

5. Check if it works.

As reference, kindly read pages 145-146 of the SRX5308 reference manual here about Changing the Default Outbound Policy and Existing IPv4 Rules.

Regards,

DaneA
NETGEAR Community Team
- dgordon11
  Aspirant
  Jul 26, 2017
  DaneA,
  
  Thanks for the response.
  
  I found the solution there:
  https://community.netgear.com/t5/VPN-Firewalls/Preventing-circumvention-of-OpenDNS-with-firewall-rules/m-p/1331593#M8229