Firewall configuration question

I'm trying to force all devices to use opendns as their dns server for child control reasons. I recently read a forum where someone said setting the below firewall rule would prevent people setting a manual dns server on their devices.


My expectation was that if they set a manual dns server, their page requests would be blocked. However when I manually set a dns server on a test device, and tried to send nslookup commands, it kept timing out(as expected).

What suprised me is that the test device was still able to make page requests albeit to the dns server set on my home-router. My question is as follows:
Say I block LAN to WAN dns requests using the above firewall rule, does that force clients to use the default gateway as a dns server?

It is better if you hijack the DNS requests. So rather than blocking the queries and getting connection time outs, the router will forward the query to the dns of your choice and get the answer back.
Read the following:
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/forced_dns_redirection
https://openwrt.org/docs/guide-user/services/dns/intercept
Also some enhancements to the rules above we discussed in this thread:

2 Likes