cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OpenDNS with dhcp on MX WAN uplink

Here to help

OpenDNS with dhcp on MX WAN uplink

Our uplink is DHCP. I would like to override the dns settings for the WAN port and instead use OpenDNS servers. (I don't particularly like or trust the ISP's dns servers)  It looks like I can only specify the dns servers for the MX65 WAN uplink if I purchase a static IP assignment?

7 REPLIES 7
Kind of a big deal

Re: OpenDNS with dhcp on MX WAN uplink

You can just change the DNS servers used on the DHCP configuration of your MX (which is given to the clients) rather than the MX itself.

Here to help

Re: OpenDNS with dhcp on MX WAN uplink

I have already done that, but I don't want the MX to use dns results from dns servers I don't trust.

Kind of a big deal

Re: OpenDNS with dhcp on MX WAN uplink

On the MX side, I don't think you can statically configure DNS servers which at the same time having DHCP enabled.

Here to help

Re: OpenDNS with dhcp on MX WAN uplink

Thanks, I made it a wishlist.

Kind of a big deal

Re: OpenDNS with dhcp on MX WAN uplink

We have a similar setup but don't need to change the DNS on the WAN port.  We just make sure their DHCP goes to either OpenDNS or our local DNS server and it has forwarders setup to OpenDNS.  Even if you could change the WAN DNS it wouldn't stop someone from statically setting their computers DNS to a public DNS.  The only way to prevent that is to block all DNS queries via firewall to anything except OpenDNS.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Here to help

Re: OpenDNS with dhcp on MX WAN uplink

That is exactly one of my actions, block egress udp & tcp port 53 to limit exposure to things like:

 

https://blog.talosintelligence.com/2017/03/dnsmessenger.html

 

For small branch offices, it would be nice to additionally use the mx as a dns proxy, but that only works if uses dns servers I trust.

Kind of a big deal

Re: OpenDNS with dhcp on MX WAN uplink

Makes sense, can you order a static IP for your WAN connection?  Not a huge deal but I see your dilemma of not being able to just set static DNS on the WAN port.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.