Blocking Windows Update using DNS Resolver
I have a lot of PC's on family and friends networks that are behind PFSense firewalls and we wanted the ability to block Windows Updates network wide until we chose to run the updates and came up with this solution of blocking domain names in our PFSense Firewalls using DNS Resolver and then locking down network to only use the Firewall for DNS. It works perfectly and I thought I would share here. I realize it can be done with DNS sink holing as well but not all the Firewalls I have setup have PFBlocker running so I thought it just best to stick with this because it's simple and won't affect various setups.
If you want to block Telemetry Data as well here is what you would add...