Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Way to force Open-DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      georgeberz
      last edited by

      I want all querries for DNS to go through Open-DNS only, I have set up dhcp to assign correctly but my kids are still able to manually assign their own dns in thrir individual network configuration page on their windows vista.

      Is there a way to completely lock it down where they have to due my default dhcp settings?

      1 Reply Last reply Reply Quote 0
      • W Offline
        wallabybob
        last edited by

        Create two firewall rules on the pfSense interface(s) through which your children access the Internet.
        Assuming you have pfSense configured to act as a DNS on the interface(s):

        • Allow, protocol=TCP/UDP, source=Any, port=any, destination=pfSense interface IP address, port=53

        • Block, protocol=TCP/UDP, source=Any, port=any, destination=any, port=53

        Frewall rules are processed top down, processing stops when the packet matches a rule. First rule allows access to DNS on your pfSense box, second rule blocks access to any other DNS. (DNS uses port 53.)

        After adding these rules, go to Diagnostics -> States, click on the Reset states tab, read what it says and click on the Reset button so your new rules take immediate effect.

        1 Reply Last reply Reply Quote 0
        • G Offline
          georgeberz
          last edited by

          Thank you so much, this worked perfectly!

          No computer on my network now can bypass using http://OpenDNS.com now!

          I have control over what kind of sites the local computers can visit now due to OpenDNS's dashboard

          I am very impressed on what categories I can now filter with OpenDNS's control

          Tanks again!

          George

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            Your not really filtering access, your filtering lookup of the address is all..  If they are smart enough to change the local machines DNS, then they are smart enough to use a host file or a proxy to bypass lookup filter.

            You might want to look at the squidguard package if your really interested in content filtering.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.