port 53 traffic redirection

Chris3
Here to help

port 53 traffic redirection

hi,

 

Is it possible to redirect anything on port 53 from a subnet to go through your dns server?

 

that way doesn't matter what settings they have you know upstream it will go through the same server?

 

ie the only available server for dns is the mx internal dns so if they decide to pick 8.8.8.8 or something else it will all get redirected to the same place. 

 

what are your thoughts on this approach?

3 REPLIES 3
BrechtSchamp
Kind of a big deal

The only way you can do this is with umbrella integration. But you can't use your own DNS server.

 

Afaik there's no way to do this and specify your own custom DNS server.

would you still be able to do proxy to upstream? Is this achievable with port forwarding ie all traffic on port 53 from 192.168.128.0/24 force the internal address of 192.168.128.1 (router gateway)

 

I wasn’t sure as the port forward seemed like you had to specify a public address?

 

would be a great feature to stop misconfiguration. 

 

BrechtSchamp
Kind of a big deal

The purpose of port forwarding is different. It's meant to be used for traffic coming in to the MX's WAN interface.

 

Let's say for example you have a webserver running in your local network on port 80 on a server with the local IP address of 192.168.50.1. You would then setup port forwarding like this:

BrechtSchamp_0-1592201936302.png

 

It doesn't work like that for outgoing traffic.

 

You could configure the firewall to only allow DNS traffic to your DNS server and block everything else. Then your users would be obliged to use your DNS server (unless they proxy/VPN their way out).

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels