NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How do I block outbound port 53 To block rogue DNS
I’m using Pi-hole for DoH and now want to ensure that rogue apps can’t bypass my DNS. Too do this I need to block outbound port 53 requests or redirect them to my Pi-hole.
I believe this is normally done by creating firewall rules. From what I’ve read, this can’t be done on the non-pro Orbi, but I suspect it can be done on the Orbi Pro.
My orbi pro is configured to use my Pi-hole for DNS, but this doesn’t stop rogue apps from ignoring dhcp completely and going direct to external DNS. Blocking or redirecting port 53 prevents these apps from succeeding.
Can someone tell me how to do this
I believe this is normally done by creating firewall rules. From what I’ve read, this can’t be done on the non-pro Orbi, but I suspect it can be done on the Orbi Pro.
My orbi pro is configured to use my Pi-hole for DNS, but this doesn’t stop rogue apps from ignoring dhcp completely and going direct to external DNS. Blocking or redirecting port 53 prevents these apps from succeeding.
Can someone tell me how to do this
- Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
2 Replies
- Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
