Users accessing blocked website by entering DNS!
in my network users can access many secured websites by entering dns 18.104.22.168 / 22.214.171.124
can you tell me how to not to allow them to bypassing my firewall
yeah don't allow outbound on dns udp/tcp 53.. Its really that simple!
Use a proxy with content filtering as the only thing outbound from your network. Doesn't matter if they can look up sites then, no matter what site they want to go to they have to ask the proxy to go get it, etc. Which uses your control list.
Well you could block access to non-approved DNS servers with a firewall rule to force them to use only your approved DNS servers (Interface: LAN, Action: Block, Proto: TCP/UDP, Destination: !DNS_Aprroved_Servers, Port: 53).
Though that approach won't block or prevent access to any web sites. Users can just lookup the address somewhere else and add an entry for it to their host file.
Like John said, you're probably looking at a proxy to do this or some other means of site filtering.
if you really want to piss them off use transparent proxy ;D for http
and pfblockerNG to block https (use hurricane list to find the ip of the sites using https)