Access Control List to prevent users from using alternate DNS
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Thank you to anyone that takes the time to read this, it wouldn't let me select the model I have which is an ac750 archer c2 and I am using OpenDNS. I have set the DNS for the WAN to OpenDNS's servers and I'm trying to follow their instructions on ALLOW TCP/UDP IN/OUT to 208.67.222.222 or 208.67.220.220 on Port 53 and BLOCK TCP/UDP IN/OUT all IP addresses on Port 53. I've added the host as the whole range of ip's availabe (192.168.1.0 - 192.168.1.199) on port 53 and named it "All" and the target is OpenDNS's server #1 (208.67.222.222) named "OpenDNS1". I'm just focusing on getting one working right, then I'll add the second. Then for the schedule I have selected all the time available 24/7.
Here is the table in the router control list now:
| Allow DNS IN | Any Host | OpenDNS... | Any Time | Allow | Enabled | Edit | ||
| Allow DNS out | Any Host | OpenDNS... | Any Time | Allow | Enabled | Edit | ||
| all in | All | Any Host | Any Time | Deny | Enabled | Edit | ||
| all out | All | Any Host | Any Time | Deny | Enabled | Edit |
I've played around with the rules a ton, at one point I had it so I could use the OpenDNS server if my PC was set to auto set the DNS, but if I change it to google's DNS of 8.8.8.8 then it bypasses the OpenDNS and shows adult content and stuff that I don't want. I had ipv6 on before and I was getting weird results, then when I turned ipv6 off it was working as long as I didn't change the DNS.
I've been flushing the DNS Resolver Cache via ipconfig /flushdns, but that doesn't seem to help. I can get a little impatient when trying different rules out, should I try resetting the router/each device after I change the rules? Or will it be near instant like I'm hoping?
My end goal is to only have 2 devices that are allowed to bypass the OpenDNS and use their own/google's DNS.
Thanks for the help!
