Disallow dns tunnel
i'm using captive portal over wireless with a WRAP board. now i recognize that some nice people using a dns tunnel with my AP. who to protect against this?
i only allow ports 80, 443 and email. but i have also to activate dns 53 to make dns resolving working. is it possible to use a dns server on the box and to disable the txt records?
Does it make a difference if you only allow DNS to the IP of the pfSense or is the forwarder even forwarding the tunnel traffic?
i have to check if the dns forwarder of pfsense forwards the dns dunnel. at the moment i allow all dns traffic.
hm do you think the forwarder can for example block txt records?
I'm not sure but it's worth a try.
Unless you have reason to believe this is really a DNS tunnel, my bet is that they've just configured OpenVPN to use port 53. Blocking DNS to servers not under your control should fix the problem.