DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Forcing PCs to use a specific DNS server?

More
31 Dec 2007 10:28 #46581 by lesd

louis-m wrote: if not using dhcp, set the dns etc on your windoze box. a limited user should not be able to change an network settings on the box./quote]

Thanks but I am trying to find a solution that will work even if the Windows user a/c is not limited so the firewall filtering sounds the way to go - I just need to get my head round it.


Les

Please Log in or Create an account to join the conversation.

More
01 Jan 2008 09:43 #46586 by louis-m
Replied by louis-m on topic Forcing PCs to use a specific DNS server?
the only way i can see you doing what you want is to specify a filter that will only allow dns to a certain address.

2820 = 3.3.2_RC5
2950 = 3.2.4

Please Log in or Create an account to join the conversation.

More
01 Jan 2008 11:10 #46587 by lesd

louis-m wrote: the only way i can see you doing what you want is to specify a filter that will only allow dns to a certain address.



Accepted. I would appreciate some guidence for setting up such a filter on the 2910. To date I have only used simple router firewalls such as on the Netgear D834.

I do not find the manual of too much help. For example I do not understand whether my requirement needs to use the Call or the Data filter. What exactly is "initiating a call". Is a DNS request "initiating a call"?

Les

Please Log in or Create an account to join the conversation.

More
02 Jan 2008 08:34 #46598 by stoney_sjl
Replied by stoney_sjl on topic Forcing PCs to use a specific DNS server?
Sorry Les, but from your original question, I'd have thought louis-m's suggestion about setting the OpenDNS servers on the router and letting the PCs pick this up from DHCP would seem to do precisely what you want (this is what I have done in my set-up) without very much complication.
Cheers
Simon

Please Log in or Create an account to join the conversation.

More
02 Jan 2008 13:09 #46605 by lesd
Agreed. That is what I have done. But I also want to ensure that no one can bypass the setting and use an alternative DNS.

I could achieve that via Windows security but that is not a route that is very practical in this case.

Using the firewall to stop all other DNS requests, if I can get it to work, would be the ideal.

I have tried to do it but it is not working yet.

Les

Please Log in or Create an account to join the conversation.

More
02 Jan 2008 15:00 #46606 by louis-m
Replied by louis-m on topic Forcing PCs to use a specific DNS server?
what router do you have?

how much control do you want? eg just web browsing, ftp etc

under data filter:

1. create a "block if no further match" rule for port 53 to any address

2. create an ALLOW rule for requests on port 53 to 208.67.222.222 & 208.67.220.220

now, when a request comes in on 53 (dns), the router will drop the dns requests if they don't match the 2nd ALLOW rule.

2820 = 3.3.2_RC5
2950 = 3.2.4

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami