DNS Questions

tadpole · Tue Aug 18, 2015 10:56 am

Hi all,
I have a DNS question/maybe problem im not sure but my current setup for the DNS is as follows

add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=udp \
    src-address-list=local to-ports=53

Nothing crazy and i have the dns as

set allow-remote-requests=yes cache-size=4096KiB max-udp-packet-size=512 \
    servers=1.2.3.4, 5.6.7.8

As it is everything works, I would like to use Norton Connectsafe on a PC so that i can restrict access to naughty pictures but for some reason when i put the DNS numbers on the PC it can still access them...Is this because of my DNS rules redirecting to the router?

Would setting the action to accept be better or would i just end up breaking everything?

Tue Aug 18, 2015 2:40 pm

Block port 53 in forward chain except to your favourite dns servers.