Dening Unwanted DNS

Solved
DerikA
Getting noticed

Dening Unwanted DNS

We are using 3rd party DNS filtering similar Umbrella. To prevent savey end users from using other DNS services I created a firewall rule on my lab MX allowing traffic to my DNS servers and to the 3rd party servers. I then created rules blocking traffic from any source to any destination on UDP and TCP ports 53 and 443. Testing showed this did not prevent me from resolving address if I manually set my DNS server. I have been searching the forms and it appears others have been able to make this work so what am I missing?

 

Rule summary and order:

1: allow source, any internal network on ports 53 and 443 to destination my DNS and 3rd party DNS servers ports 53 and 443

2: deny source, any on ports 53 and 443 to destination any ports 53 and 443

 

(edited to fix a typo)

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

Your source port need to be any. Its a rondom port. And delete all 443 because you wont be able to browse any website anymore 😛

View solution in original post

4 Replies 4
CptnCrnch
Kind of a big deal

DNS is port TCP/ UDP 53, not 54. Or is that a simple typo?

DerikA
Getting noticed

That is a typo. Sorry, I will correct that in the original post

ww
Kind of a big deal
Kind of a big deal

Your source port need to be any. Its a rondom port. And delete all 443 because you wont be able to browse any website anymore 😛

CptnCrnch
Kind of a big deal

Apart from that, you could use https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-circumvention-of-Cisco-Umbrella-... as a base to also include other means like DoH or DoT.

Get notified when there are additional replies to this discussion.