Meraki

Chris3 · ‎Jun 12 2020

hi,

Is it possible to redirect anything on port 53 from a subnet to go through your dns server?

that way doesn't matter what settings they have you know upstream it will go through the same server?

ie the only available server for dns is the mx internal dns so if they decide to pick 8.8.8.8 or something else it will all get redirected to the same place.

what are your thoughts on this approach?

BrechtSchamp · ‎Jun 14 2020

The only way you can do this is with umbrella integration. But you can't use your own DNS server.

Afaik there's no way to do this and specify your own custom DNS server.

Chris3 · ‎Jun 14 2020

would you still be able to do proxy to upstream? Is this achievable with port forwarding ie all traffic on port 53 from 192.168.128.0/24 force the internal address of 192.168.128.1 (router gateway)

I wasn’t sure as the port forward seemed like you had to specify a public address?

would be a great feature to stop misconfiguration.

BrechtSchamp · ‎Jun 14 2020

The purpose of port forwarding is different. It's meant to be used for traffic coming in to the MX's WAN interface.

Let's say for example you have a webserver running in your local network on port 80 on a server with the local IP address of 192.168.50.1. You would then setup port forwarding like this:

It doesn't work like that for outgoing traffic.

You could configure the firewall to only allow DNS traffic to your DNS server and block everything else. Then your users would be obliged to use your DNS server (unless they proxy/VPN their way out).

Meraki

Community

port 53 traffic redirection

port 53 traffic redirection