I recently read a blog post on the How-To Geek about setting up OpenDNS and the options it gives you to secure your internet browsing. I have found I love the OpenDNS service and the filtering control it gives me. But I tend to try and fight the system. Rather, I try to figure out ways to bypass the filtering service. This way I can find out ways that others would be able to get around services I set up.
Well OpenDNS is fairly straightforward. You add their DNS Server IP’s to your static IP’s in your router, then any computer behind that router will automatically use those DNS servers. So what if you were to change the DNS servers on your local machine? It would bypass your router for those queries and in turn bypass OpenDNS. This doesn’t cut it for me. It is way to easy to change that, and enough people know how to change their IP settings that this is too unsecure for me. So I did some research online and found an easy way to bypass that. Block port 53 on your router. Some routers may not have this functionality by default, so I can highly recommend checking out if your router is supported by DD-WRT. They support quite a few routers, and I personally love their firmware.
Since I am running DD-WRT that is what this guide will be based on, but it should apply for any router based on linux that you can have it run your own code.
Once you login into your router, go to Administration -> Commands.
From here you just need to paste this in:
[code]iptables -I FORWARD 1 -p tcp –dport 53 -j DROP; iptables -I FORWARD 2 -p udp –dport 53 -j DROP[/code]
Then at the bottom hit the Run Command button. This should block any attempts for the computer to go to another server to resolve names.
This should apply to any router that uses iptables and allows you to run your own code. This is also able to be done through ssh/telnet if your router supports it.