Blocking remote office DNS



  • Hello,

    We've been blocking DNS from our main office so only DNS requests from our domain controllers can do lookups which are filtered through OpenDNS.

    What I need to do now is blocking DNS from our remote office so the DC's at remote office can only do lookups over the OpenVPN's to the main office.

    Example:

    Remote office 1 DC IP is 10.10.0.4 and it needs to be able to do DNS lookups over the VPN to 192.168.1.19

    Block any other DNS lookups.

    Attached is what I have set for head office and it works perfectly.



  • LAYER 8 Netgate

    On remote office LAN

    Pass TCP/UDP port any source 10.0.0.4 port any dest 192.168.1.19 port 53
    Reject TCP/UDP port any source LAN net port any dest any port 53


Log in to reply