ScoutDNS

            Prevent DNS Work-Around for Users

            Some users on your network may try to bypass ScoutDNS resolvers by changing the DNS servers in their device network settings when allowed. This can result in undesired content access on network assets along with increased security risk. The good news is that DNS bypassing can be prevented with proper firewall rules and network configuration.

             

            Setting DNS configuration network wide will prevent most users from trying to bypass the system. Most routers and firewalls allow you to force all DNS traffic over port 53 on the router/firewall. In additional you can create firewall rules that allow only ScoutDNS resolvers while blocking all others.

             

            Firewall Rules

            While exact commands may vary based on device you essentially want to create rules like this:

            ALLOW TCP/UDP IN/OUT to xxx.xxx.xxx.xxx on Port 53

            and

            BLOCK TCP/UDP IN/OUT all IP addresses on Port 53

             

            On some firewalls you may have to create a separate rule for each protocol instead of one for both.

             

            Due to the huge number of devices on the market, ScoutDNS is unable to provide support for your specific firewall/router. Please consult your manufacturer if you require assistance. 

             

             


            Updated: 11 Dec 2018 03:17 PM
            Helpful?  
            Help us to make this article better
            0 0