Business Community > Controllers > Is there any way to prevent clients from changing the DNS servers on their side?
< Controllers

Is there any way to prevent clients from changing the DNS servers on their side?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Is there any way to prevent clients from changing the DNS servers on their side?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Is there any way to prevent clients from changing the DNS servers on their side?
Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-08 13:14:57 - last edited 2024-05-08 13:20:54
Model: OC200  
Hardware Version: V1
Firmware Version: Latest

Is there any way to prevent clients from changing the DNS Servers on their side?

 

CONTEXT:

I am running an AdGuardHome DNS server. All my adblocking and filtering are done in AdGuardHome.

If some "techy" or IT client connects to my network and want to bypass all DNS-level filtering I've configured, then they can just change their DNS servers on their individual devices to any public DNS such as 1.1.1.1.

 

WHAT I WANT TO ACHIEVE:

I want all traffic will pass through my AdGuardHome DNS server, and whoever changes the DNS servers on their side to anything but my AGH DNS servers will lose internet connection.

 

Is this possible in the ACLs?

 

  0      
 
  0      
 
#1
Options
5 Reply
Re:Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-08 13:44:52

  @ceejaybassist 

 

block port 53 from LAN to WAN, and allow adguard server only in router ACL

 

  0  
  0  
#2
Options
Re:Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-08 13:46:33 - last edited 2024-05-08 13:49:08

  @MR.S 

Where should I configure the ACL?

Gateway, Switch, or EAP?

And what order should the ACLs be?

Block first, then allow.

Or allow first, then block?

  0  
  0  
#3
Options
Re:Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-08 14:19:02

  @ceejaybassist 

 

router ACL, allow roule first then block to deny everything else.

 

  0  
  0  
#4
Options
Re:Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-09 00:17:18

  @MR.S 

I tried this, but it is also blocking DoH and DoT in my uplink DNS in AGH.

  0  
  0  
#5
Options
Re:Is there any way to prevent clients from changing the DNS servers on their side?
2024-05-09 06:06:43

  @ceejaybassist 

 

You have to allow AGH. crate a LAN to WAN ACL before block roule and allow AGH 

  1  
  1  
#6
Options

Information

Helpful: 0

Views: 520

Replies: 5

Related Articles
Way to prevent Clients to use Wireguard Tunnel
2257 2
 Easy way to reserve IP's to Clients
459 4
Prevent an ACL being created that blocks management VLAN from itself
188 2
is there way of putting 1gb download limit for each clients
1438 0
 Client Activiy Speed way off (too low)
870 0
Omada OC200 Config: Is there a way to bookmark pages?
420 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.