Which ADSL, N router for OpenDNS use?

Don
Joined
21 Oct 2002
Posts
46,830
Location
Parts Unknown
Just had broadband installed, I want to put a router in to replace the BT Homehub.

Needs to be able to force the clients to only be able to use OpenDNS.

Budget, £50-80

I want a single unit, with remote management
 
Any router you can manually input DNS servers works, I know at the very least the netgear DG series ADSL routers have remote access, probably linksys too, you won't really need to spend much.
 
Can you force users to use OpenDNS though? Surely they can just change DNS settings on their computers?
 
Any modem in combo with a DD-WRT router such as the DIR615 can be forced to use OpenDNS with a custom script (change of DNS on local computers won't change it!).
 
Any router you can manually input DNS servers works, I know at the very least the netgear DG series ADSL routers have remote access, probably linksys too, you won't really need to spend much.

Indeed.

Make sure the clients don't have local admin on their machines otherwise they will be able to use custom DNS servers.
 
I'm not sure of the term, but I was sure there is a settings you can tick in some routers so anyone connected to it MUST use the DNS setting provided.

This isn't a corporate environment, rented cottage. Would just like to block certain things
 
I've used tomato on cable and loved it.

Do any ADSL + wireless N routers support it?

I don't want to have the Linksys AM200 + a router
 
Ok

Typically it's going to be randomers on holiday for a week, so most won't even know what DNS is :)
 
Sure. Many ways around it. Fact is you won't be able to stop them from using another DNS server.

Course you can, you just block outbound UDP on port 53 to anything but the OpenDns servers... Then even if they manually change it, the requests will be dropped.
 
Course you can, you just block outbound UDP on port 53 to anything but the OpenDns servers... Then even if they manually change it, the requests will be dropped.

Firefox, PuTTy and DNS requests set to go through the SSH tunnel.
 
Firefox, PuTTy and DNS requests set to go through the SSH tunnel.

Block SSH then.

This is hardly common knowledge and despite being fairly easy to do I can't see it being a major issue.

It's for guest wireless too so I'd lock down outbound ports to limited list anyway.
 
Tunneling DNS through SSH has downsides though... performance impact. DNS was conceived as a UDP based protocol for a reason: to make it lightweight and fast.

Yes you could tunnel DNS via various methods but that's not really the point. You can tunnel just about any traffic if you know how and have the time and resources to set it up.

Fact is, blocking all UDP 53 traffic at firewall level and then only allowing UDP 53 traffic to your desired DNS servers (e.g. OpenDNS, Google DNS, etc) is a decent solution.

The main reason for doing this is so that if a PC inside the network gets infected with malware. That malware can't then change the PC's DNS servers to something else. It is very common that this happens with malware nowadays. As it allows the malware authors to capture your surfing habits and poison your DNS i.e. for blocking access to Windows Updates and AV update servers. Some malware are advanced to capture passwords through logon attempts to popular sites via DNS poisoning.
 
Back
Top Bottom