Good evening everyone,
my network is configured like this:
In my network I have a dns server
ipfire is configured to give, using dhcp, as the dns address of my server
My question is:
How do I make ipfire reject all DNS requests that we don’t have as addresses from my DNS Server?
Basically I want to avoid setting a DND Server different from my server by hand, of course I could do it with windows rules, put users in a group that does not have the possibility to make these changes, but I would like to understand how to do it with ipfire.
If the systems are all in the same network, you can not avoid such a misuse. All devices can communicate without routing by IPFire. So IPFire can’t control this.
DHCP distributes the address of the DNS server. But if this server isn’t IPFire itself, there are no means to force the sole use of this server.
Usage of outside DNS servers can be denied by firewall rules, because the traffic flows through IPFire.
Thus, the only way is to do this config on each device in your network.
