- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
SRX5308 Block External DNS
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a small office of engineers. I use OpenDNS as a web filter. Some of them have figured out if they change their DNS settings to point to an external DNS server that they can browes the web unfiltered. I would like to block all port 53 traffice outbound, and allow only port 53 traffic to OpenDNS servers (208.67.222.222 & 208.67.220.220). Not all PCs are added to the domain to forcing a GPO will not work. I would like to do this on the router.
I have created the attached rules, but they are not working (I know in the screen shot they are disabeld.)
What am I missing?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Block External DNS
Hi dgordon11,
Welcome to the community! 🙂
Let us try this. Here are the steps below:
1. On the web-GUI of the SRX5308, go to Security > Firewall > LAN WAN Rules.
2. Change the Default Outbound Policy to Block Always then click the Apply button beside it.
3. Based from the screenshot you have posted, delete the Service Names "DNS:TCP" because DNS servers listens to UDP port 53.
4. Enable the Service Names "DNS:UDP" you have configured.
5. Check if it works.
As reference, kindly read pages 145-146 of the SRX5308 reference manual here about Changing the Default Outbound Policy and Existing IPv4 Rules.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content