This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force DNS traffic to 1 set of DNS servers

A few smarter employees have been changing the DNS server settings on their computers. Since they absolutely must have admin access on those pc's I need to be able to force all traffic associated with DNS to go to one pair of DNS servers. (in this case DynDNS.)

What's the best practice for such a thing?

I'm guessing forward all traffic on port 53... but not sure how to do it.

This thread was automatically locked due to age.

Parents

0 BarryG over 13 years ago

Hi,

use Astaro's DNS server and don't allow any other outbound DNS traffic

OR

create a network group for the openDNS resolvers, and a couple of packetfilter rules:
1. allow outbound DNS to the OpenDNS group
2. drop or deny all dns traffic.

#1 will allow the traffic, #2 will deny traffic to any other DNS servers

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 13 years ago in reply to BarryG

Hi,

use Astaro's DNS server and don't allow any other outbound DNS traffic

Barry

This is standard practice at my customer sites, I recommend this method.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 13 years ago in reply to BarryG

Hi,

use Astaro's DNS server and don't allow any other outbound DNS traffic

Barry

This is standard practice at my customer sites, I recommend this method.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data