Our uplink is DHCP. I would like to override the dns settings for the WAN port and instead use OpenDNS servers. (I don't particularly like or trust the ISP's dns servers) It looks like I can only specify the dns servers for the MX65 WAN uplink if I purchase a static IP assignment?
You can just change the DNS servers used on the DHCP configuration of your MX (which is given to the clients) rather than the MX itself.
On the MX side, I don't think you can statically configure DNS servers which at the same time having DHCP enabled.
We have a similar setup but don't need to change the DNS on the WAN port. We just make sure their DHCP goes to either OpenDNS or our local DNS server and it has forwarders setup to OpenDNS. Even if you could change the WAN DNS it wouldn't stop someone from statically setting their computers DNS to a public DNS. The only way to prevent that is to block all DNS queries via firewall to anything except OpenDNS.
That is exactly one of my actions, block egress udp & tcp port 53 to limit exposure to things like:
For small branch offices, it would be nice to additionally use the mx as a dns proxy, but that only works if uses dns servers I trust.
Makes sense, can you order a static IP for your WAN connection? Not a huge deal but I see your dilemma of not being able to just set static DNS on the WAN port.