This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
How do I block outbound port 53 To block rogue DNS
I’m using Pi-hole for DoH and now want to ensure that rogue apps can’t bypass my DNS. Too do this I need to block outbound port 53 requests or redirect them to my Pi-hole. I believe this is normally done by creating firewall rules. From what I’ve read, this can’t be done on the non-pro Orbi, but I suspect it can be done on the Orbi Pro.
My orbi pro is configured to use my Pi-hole for DNS, but this doesn’t stop rogue apps from ignoring dhcp completely and going direct to external DNS. Blocking or redirecting port 53 prevents these apps from succeeding.
Re: How do I block outbound port 53 To block rogue DNS
Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
Re: How do I block outbound port 53 To block rogue DNS
Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
