Block DNS requests
wkearney99 last edited by
I've got a bunch of gizmos (with DHCP leases) apparently trying to skirt using a DHCP-assigned internal DNS and use external servers. Chromecasts, camera gateways and other IoT-sort of gizmos.
What are the downsides to blocking/redirecting them? As in, would it be workable to set up an alias of the device IPs and set up a firewall rule to handle them? Would setting up a passive port forward redirect back to an internal DNS server work?
I've set up one rule with an alias for a group of hosts allowed DNS access. Seems to work nicely. They're successfully making direct external DNS queries.
Also set up a rule with another alias of blocked hosts, without logging. This to at least temporarily cut down on their spamming the log.
Leaving a generic all other hosts blocked rule in place, to at least see what, if anything, else tries to make DNS queries directly.
Any downsides to setting up a NAT port forward rule to redirect LAN requests on port 53 to an internal DNS server? Do the port forward rules come after the regular firewall rules?
Unless the DNS requests made by said gizmo can only come from their custom DNS server, there isn't really a downside to redirecting them.
This is what I prefer to do:
Any client that requests DNS from a remote address other than the firewall, gets redirected to the DNS service on the firewall (resolver or forwarder, pick your poison)