Blocking A DNS server

anon79457100 · June 25, 2020, 3:13pm

Hello,
I have a simple question if there is any way to block a DNS server?
Thanks

trendy · June 25, 2020, 3:17pm

To block the DNS from whom?

anon79457100 · June 25, 2020, 3:33pm

OpenDNS's DNS server

trendy · June 25, 2020, 3:36pm

From whom ?

Nocte · June 25, 2020, 3:38pm

To be precise... "no there is no way to block A DNS server"
But you can block traffic by MAC address or by IP address or by traffic from or to a subnet or even by port 53 blocking basically all DNS traffic.

Regarding OpenDNS as long as google is not mistaken. (https://www.google.com/search?client=firefox-b-d&q=opendns+ip+address)
You go to luci -> network -> firewall -> Traffic Rules -> add -> set: {Destination Address = 208.67.222.222, Action = Block} -> Save -> Save & Apply

Fine tune depending on your needs !

\edit:
message was not intended to reply to @trendy. Sorry for miss click.

lleachii · June 25, 2020, 6:43pm

Sure there is...just block the IP addresses.

You forgot to add destination port 53/udp.

Nocte · June 25, 2020, 7:03pm

I was just referring to semantics here. You can not block "myDnsServer" but its IP as you said. (Maybe you can by doing DNS lookup but getting of the track a bit...)

That's something I was not aware of. Do you explicitly need to set a port? I was intending to just block all the traffic to that particular machine.

lleachii · June 25, 2020, 8:33pm

Oh. In that case, it can be omitted. Use "Any" as the protocol instead.

anon79457100 · June 26, 2020, 1:56pm

I am confused at which category after traffic rules do I block OpenDNS?

lleachii · June 26, 2020, 3:14pm

What category?

Just hit "Add".

anon79457100 · June 26, 2020, 3:16pm

I have 3 different things I can add, I don't know which one to use.

lleachii · June 26, 2020, 3:19pm

Wow...I honestly can't recall the previous version now...lol

New forward rule. You will add and edit, blocking traffic from - Any, to - the IP in question, protocol Any.

anon79457100 · June 26, 2020, 3:20pm

Ok thank you

anon79457100 · June 26, 2020, 3:24pm

Would this be correct?

lleachii · June 26, 2020, 3:31pm

No.

(First, it's an IPv4 address, but the default should work)
Again:

Source can be LAN; but I suggested:

Destination zone can be WAN; but my suggestion:

Meaning, any zone.

Hope this helps.

(You may want to note to others, that for some reason you also have another thread - trying to understand dsnmasq or disable/remove it...it seems you may not know why or how you configured OpenDNS into your router. You can always reset your router to defaults.)

anon79457100 · June 26, 2020, 3:43pm

Edit: I just want to say, that to put into context of what is going on, is that recently, the reason for this is, is because of the software on my router called dnsmasq and I barely have any SSH or have any idea as to how do I configure OpenDNS out of dnsmasq. So if possible, I would like a step-by-step process on how to do it, if through SSH or through LuCI. Thanks! Link to the dnsmasq thread I made What does dnsmasq do?

lleachii · June 26, 2020, 3:58pm

Your terminology seem like you're still not clear...but no worries:

Under Network > Interfaces > WAN > Edit

(This doesn't mean that the SSH command you entered related to this. Also, you asked how to add, but unless I misunderstand, you've been asking how to remove/block...perhaps I'm still missing the context of your use case.)

system · July 6, 2020, 3:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.