Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
How do I block outbound port 53 To block rogue DNS
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-08-20
10:56 AM
2021-08-20
10:56 AM
I’m using Pi-hole for DoH and now want to ensure that rogue apps can’t bypass my DNS. Too do this I need to block outbound port 53 requests or redirect them to my Pi-hole.
I believe this is normally done by creating firewall rules. From what I’ve read, this can’t be done on the non-pro Orbi, but I suspect it can be done on the Orbi Pro.
My orbi pro is configured to use my Pi-hole for DNS, but this doesn’t stop rogue apps from ignoring dhcp completely and going direct to external DNS. Blocking or redirecting port 53 prevents these apps from succeeding.
Can someone tell me how to do this
I believe this is normally done by creating firewall rules. From what I’ve read, this can’t be done on the non-pro Orbi, but I suspect it can be done on the Orbi Pro.
My orbi pro is configured to use my Pi-hole for DNS, but this doesn’t stop rogue apps from ignoring dhcp completely and going direct to external DNS. Blocking or redirecting port 53 prevents these apps from succeeding.
Can someone tell me how to do this
Solved! Go to Solution.
Model: SRK60B03|Orbi Pro Tri-Band Business WiFi System
Message 1 of 3
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-08-22
08:49 PM
2021-08-22
08:49 PM
Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
Message 3 of 3
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-08-22
11:03 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021-08-22
08:49 PM
2021-08-22
08:49 PM
Thanks for the “RTFM” advice. But the manual talks about blocking services from the Internet (ingress). I want to block egress services - processes in the intranet that try to use port 53 outbound.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
The Orbi series of routers dumbs down that level of configuration from users, which makes it challenging to figure it what’s really going on when using the GUI. Instructions on “how to block services from the Internet” need disambiguating from “how to block services to the Internet”.
At any rate, I already blocked port 53, UDP/TCP, outbound, but needed to specify a range of IP addresses so that my Pi-hole could still use port 53 while all other addresses couldn’t.
Message 3 of 3