Way to force Open-DNS

  • I want all querries for DNS to go through Open-DNS only, I have set up dhcp to assign correctly but my kids are still able to manually assign their own dns in thrir individual network configuration page on their windows vista.

    Is there a way to completely lock it down where they have to due my default dhcp settings?

  • Create two firewall rules on the pfSense interface(s) through which your children access the Internet.
    Assuming you have pfSense configured to act as a DNS on the interface(s):

    • Allow, protocol=TCP/UDP, source=Any, port=any, destination=pfSense interface IP address, port=53

    • Block, protocol=TCP/UDP, source=Any, port=any, destination=any, port=53

    Frewall rules are processed top down, processing stops when the packet matches a rule. First rule allows access to DNS on your pfSense box, second rule blocks access to any other DNS. (DNS uses port 53.)

    After adding these rules, go to Diagnostics -> States, click on the Reset states tab, read what it says and click on the Reset button so your new rules take immediate effect.

  • Thank you so much, this worked perfectly!

    No computer on my network now can bypass using http://OpenDNS.com now!

    I have control over what kind of sites the local computers can visit now due to OpenDNS's dashboard

    I am very impressed on what categories I can now filter with OpenDNS's control

    Tanks again!


  • LAYER 8 Global Moderator

    Your not really filtering access, your filtering lookup of the address is all..  If they are smart enough to change the local machines DNS, then they are smart enough to use a host file or a proxy to bypass lookup filter.

    You might want to look at the squidguard package if your really interested in content filtering.

Log in to reply