dns interception

ewing
ewing Posts: 17  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hi,
I want to force users to use specified DNS server, I need redirect all dns request to the zyxel . Is it possible?

Comments

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    You can play a trick :) 
    To use NAT rule to redirect all tcp/udp port 53 traffic into USG.
    Note: put this rule as the first rule, on top of the others

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Thanks for lan31's nice solution.
    Hello ewing,
    You can follow lan31's way to forcing all lan1 users do DNS query via USG DNS server.

    Charlie
  • ewing
    ewing Posts: 17  Freshman Member
    First Anniversary Friend Collector First Comment


    if necessary, the firewall rule

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    The firewall rule need to allow clients to DNS server port in USG.
    In general case, the device firewall rule "LAN_to_Device" already cover it. 
    So you don't need to add another rule.

    Of course, if you want to restrict the client to device access permission.
    Then add the rule to allow to access the DNS ports(tcp/udp port 53) to USG.


  • kelmi
    kelmi Posts: 29  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Sorry, I'm not so educated with IP stuff. Why the User Defined Mapped IP address in the above example is 192.168.1.1? Why not the USG LAN1 IP address, if the purpose was to redirect all the queries from LAN1?

    Regards
    Kelmi

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    You are right.  ;)
    I forgot to note the screenshot was based on my USG setting which the lan1 ip address is 192.168.1.1

Security Highlight