Orbi WiFi 7 RBE973
Reply

SRX5308 Block External DNS

dgordon11
Aspirant

SRX5308 Block External DNS

 

I have a small office of engineers.  I use OpenDNS as a web filter.  Some of them have figured out if they change their DNS settings to point to an external DNS server that they can browes the web unfiltered.  I would like to block all port 53 traffice outbound, and allow only port 53 traffic to OpenDNS servers (208.67.222.222 & 208.67.220.220).  Not all PCs are added to the domain to forcing a GPO will not work.  I would like to do this on the router.

 

I have created the attached rules, but they are not working (I know in the screen shot they are disabeld.)

 

What am I missing?

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 4

Accepted Solutions
dgordon11
Aspirant

Re: SRX5308 Block External DNS

Message 4 of 4

All Replies
dgordon11
Aspirant

Re: SRX5308 Block External DNS

OpenDNS Rules.JPG

Message 2 of 4
DaneA
NETGEAR Employee Retired

Re: SRX5308 Block External DNS

Hi dgordon11,

 

Welcome to the community! 🙂 

 

Let us try this.  Here are the steps below:

 

1. On the web-GUI of the SRX5308, go to Security > Firewall > LAN WAN Rules.  

2. Change the Default Outbound Policy to Block Always then click the Apply button beside it.

3. Based from the screenshot you have posted, delete the Service Names "DNS:TCP" because DNS servers listens to UDP port 53.  

4. Enable the Service Names "DNS:UDP" you have configured.

5. Check if it works.

 

As reference, kindly read pages 145-146 of the SRX5308 reference manual here about Changing the Default Outbound Policy and Existing IPv4 Rules.

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 3 of 4
dgordon11
Aspirant

Re: SRX5308 Block External DNS

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 3815 views
  • 0 kudos
  • 2 in conversation
Announcements