Home

Forums

Stories

Knowledge Base

Business Community > Controllers > Is there any way to prevent clients from changing the DNS servers on their side?

< Controllers

Is there any way to prevent clients from changing the DNS servers on their side?

Is there any way to prevent clients from changing the DNS servers on their side?

Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-08 13:14:57 - last edited 2024-05-08 13:20:54

Posts: 83

Helpful: 41

Solutions: 1

Stories: 0

Registered: 2023-07-17

Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-08 13:14:57 - last edited 2024-05-08 13:20:54

Model: OC200

Hardware Version: V1

Firmware Version: Latest

Is there any way to prevent clients from changing the DNS Servers on their side?

CONTEXT:

I am running an AdGuardHome DNS server. All my adblocking and filtering are done in AdGuardHome.

If some "techy" or IT client connects to my network and want to bypass all DNS-level filtering I've configured, then they can just change their DNS servers on their individual devices to any public DNS such as 1.1.1.1.

WHAT I WANT TO ACHIEVE:

I want all traffic will pass through my AdGuardHome DNS server, and whoever changes the DNS servers on their side to anything but my AGH DNS servers will lose internet connection.

Is this possible in the ACLs?

0

0

#1

5 Reply

LV5

2024-05-08 13:44:52

Posts: 2090

Helpful: 755

Solutions: 261

Stories: 0

Registered: 2018-08-17

Re:Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-08 13:44:52

block port 53 from LAN to WAN, and allow adguard server only in router ACL

0

0

#2

LV2

2024-05-08 13:46:33 - last edited 2024-05-08 13:49:08

Posts: 83

Helpful: 41

Solutions: 1

Stories: 0

Registered: 2023-07-17

Re:Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-08 13:46:33 - last edited 2024-05-08 13:49:08

Where should I configure the ACL?

Gateway, Switch, or EAP?

And what order should the ACLs be?

Block first, then allow.

Or allow first, then block?

0

0

#3

LV5

2024-05-08 14:19:02

Posts: 2090

Helpful: 755

Solutions: 261

Stories: 0

Registered: 2018-08-17

Re:Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-08 14:19:02

router ACL, allow roule first then block to deny everything else.

0

0

#4

LV2

2024-05-09 00:17:18

Posts: 83

Helpful: 41

Solutions: 1

Stories: 0

Registered: 2023-07-17

Re:Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-09 00:17:18

I tried this, but it is also blocking DoH and DoT in my uplink DNS in AGH.

0

0

#5

LV5

2024-05-09 06:06:43

Posts: 2090

Helpful: 755

Solutions: 261

Stories: 0

Registered: 2018-08-17

Re:Is there any way to prevent clients from changing the DNS servers on their side?

2024-05-09 06:06:43

You have to allow AGH. crate a LAN to WAN ACL before block roule and allow AGH

1

1

#6