Reply
New Member
Posts: 6
Registered: ‎07-22-2017

Re: How to prevent circumvention of Open DNS with USG?


@citizenconn wrote:

I did exactly what you did, but the settings seem to have no impact. I restarted the controller after modifying the config.gateway.json file but still it doesn't seem to work. Is there a way to test that the file is being picked up?


Actually, the file must be being picked up, because when I save the file and force provision the USG, then it looks like my dns servers are not the ones specified for my VLAN at all. So it's not going through OpenDNS at all. Anyone know what I could be doing wrong?

New Member
Posts: 6
Registered: ‎07-22-2017

Re: How to prevent circumvention of Open DNS with USG?

I did do a force provision, as my comment above says, without this file, the dns seem to be set as they are set in the VLAN since OpenDNS responds ccordingly, but with it I have no idea where the dns are pointing but definitely not OpenDNS.

 

 

New Member
Posts: 1
Registered: ‎03-18-2016

Re: How to prevent circumvention of Open DNS with USG?

it is not that at all. it is a dumb machine. one and zeros. everything has to be exact and correct or it has no effect whatsoever. it cannot learn, it cannot predict, it is only as good as it's structions. that goes every peice of technology out there with the exception of things i have no knowledge of like AI

New Member
Posts: 37
Registered: ‎08-09-2017
Kudos: 1

Re: How to prevent circumvention of Open DNS with USG?

[ Edited ]

I used this and it works, I have users pointing to internal DNS that forwards to OpenDNS but the firewall policy I have the OpenDNS IP addressesScreen Shot 2018-06-22 at 10.57.35 PM.png

 

 

New Member
Posts: 13
Registered: ‎01-12-2016
Kudos: 152

Re: How to prevent circumvention of Open DNS with USG?

Emerging Member
Posts: 92
Registered: ‎11-13-2013
Kudos: 9
Solutions: 4

Re: How to prevent circumvention of Open DNS with USG?

Hi these settings have stopped working for me, i'm not sure for how long it quit working.

 

I'm wondering if someone else is experiencing that?

 

It seems like i can bypass the opendns server with googles ip servers of 8.8.8.8 ,4.4.4.4

Reply