I added a rule called Block Google DNS, specified the Remote IP (18.104.22.168) and UDP port 53. I also move it to the top of my chain as shown below.
Once the rule is applied at the workstation, It shown at the top of the custom rules but below the McAfee default rules. The problem is there is a default rule called McAfee - Allow DNS Resolution which, when I browse to the Internet with DNS of 22.214.171.124, is allow through because that rule allows it and my rule is never used (see below).
I search the webs for answers to no avail. Does anybody know something I don't?
Lastly, I understand I can block the domain however, I am looking to block potential DNS tunneling using the port. I also understand that DNS traffic can be routed over different ports as well. I am trying to trigger as much as I can at the host level before it gets to the net. engineer's side.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.