10-05-2015 10:32 AM - edited 03-08-2019 02:04 AM
Hello all,
I have a Cisco 2600 as my core and connected to my ISP Cable Modem.
My router is acting as a DNS server, which then forwards it to OpenDNS Servers.
My DHCP pools in my Cisco 2600 give out my routers' loopback address as the DNS Servers for ALL my clients.
Now my problems is that i have some tech geek clients, and all they do is change their DNS server to ANY dns server on the web, and they have access to all blocked sites...
I need a way to redirect ALL DNS traffic to MY Loopback address in my router...
Does any one suggest or have working config...it would be really appreciated.
Thanks
10-05-2015 12:49 PM
Can you write an acl in this order? Might give ir a try. Are you familiar with acl's
allow port 53 tcp and upd to your dns
Block all other port 53
Allow all traffic
10-06-2015 10:03 AM
Thanks Fixitrodd
Yes, i tried ACL's, but that's gonna block the traffic. I really want to reroute the traffic to DNS i setup in the config.
Hope that clears, what i am trying to achieve here.
10-06-2015 10:11 AM
If they can use an DNS server then even modifying with NAT would be problematic.
To be honest there isn't always a technical solution to a problem and I would use acls myself.
Basically if the guys want to use the internet then they know not to change the DNS.
If they want to change the DNS then they know they can't use the internet.
Seems perfectly reasonable to me.
Edit - even if you could send all DNS traffic to your router the sites would still be blocked ie. it is not giving them anything more than using acls would anyway.
Jon
10-08-2015 01:41 PM
Thanks Jon,
I guess you are right. i am trying to do something, which might not be helpful or possible.
Still i wonder, if you have sample config for acl, that would be really appreciate.
Dee
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide