Using ZS like Router/Firewall in my company, I want to redirect all DNS querys to my DNS Server (OpenDNS 188.8.131.52), even if the client has configured a static DNS server (ej 184.108.40.206). It´s a way to secure and filter web contents.
I´ve configured DNS forwarder ANY (Server:220.127.116.11) but is not enough.
That won’t stop people from trying to use external DNS on nonstandard ports, assuming they’re running a resolver that supports it. I wonder if there’s a Layer 7 filter for DNS.
Is this a corporate network or a public access network, or something along those lines? I would have expected blocking everything and then using some kind of proxy server (transparent or otherwise) would be standard procedure.
If you’re using DHCP you control the DNS settings for clients already. If someone really needs a static address you can do reservations or even hand-configure a device and still specify a local DNS server.
I guess I don’t understand why a company network would even give the illusion of letting its users use external services directly.
If you’re trying to get around geofencing though, keep me away from that.