Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

block all internet DNS services except 3

Hello,

      We want our lan users to not be able to change their dns settings on their computers or browsers to use other dns services available on the web.  We want to only allow access to these two dns servers : 208.67.222.222 and 208.67.220.220 (these are opendns servers).

     How can we setup a firewall rule to block all dns services, except for if that service is reaching to A) the sophos firewall itself, or B) these 2 IP's 208.67.222.222 and 208.67.220.220



This thread was automatically locked due to age.
Parents Reply Children
  • correct, very little outbound traffic is blocked by service type as of now.

    I don't want to specify all the allowed dns servers in the dhcp server.  I want to allow some extra ones that I don't put in the dns server.  

    btw, if firewall says block all dns, but dhcp says use this xyz dns.. which takes precedence?

  • So you're not actually controlling user access with firewall rules that specify certain ports?

    Block DNS would be your top LAN to WAN firewall rule.

    In the XG DNS settings, you select the DNS server you wish to use.

    Ian


    e3-1225v5 - V18.5.x 6GB RAM, 4 USB ports, and a 20W power supply.
    3 AP55s and 2 APX120s are on vacation until a software update is available.
    Use the 'This helped me' link if a post answers your query.