Prevent users from defining DNS servers on client devices.
I've always wondered how to do this:
My university utilizes a system that routes ALL traffic through OpenDNS regardless of what DNS servers are defined on client devices. For example, if I change the DNS servers on my laptop to 22.214.171.124, 126.96.36.199, my traffic still goes through OpenDNS. How are they accomplishing this? And is this possible on pfSense?
Probably via outbound firewall/NAT rules they are simply redirecting all outbound requests to UDP 53 to OpenDNs. This should be easily accomplished on pfSense as well.