I have a Cisco 2600 as my core and connected to my ISP Cable Modem.
My router is acting as a DNS server, which then forwards it to OpenDNS Servers.
My DHCP pools in my Cisco 2600 give out my routers' loopback address as the DNS Servers for ALL my clients.
Now my problems is that i have some tech geek clients, and all they do is change their DNS server to ANY dns server on the web, and they have access to all blocked sites...
I need a way to redirect ALL DNS traffic to MY Loopback address in my router...
Does any one suggest or have working config...it would be really appreciated.
Yes, i tried ACL's, but that's gonna block the traffic. I really want to reroute the traffic to DNS i setup in the config.
Hope that clears, what i am trying to achieve here.
If they can use an DNS server then even modifying with NAT would be problematic.
To be honest there isn't always a technical solution to a problem and I would use acls myself.
Basically if the guys want to use the internet then they know not to change the DNS.
If they want to change the DNS then they know they can't use the internet.
Seems perfectly reasonable to me.
Edit - even if you could send all DNS traffic to your router the sites would still be blocked ie. it is not giving them anything more than using acls would anyway.
I guess you are right. i am trying to do something, which might not be helpful or possible.
Still i wonder, if you have sample config for acl, that would be really appreciate.