blocking changing the DNS for internal networks only on an iPad

blackholemac
Valued Contributor III

This is me basically grasping at a straw, and I likely already know the answer...but I'll ask anyway.

Question: On an iPad, is there any way we can prevent a student from changing the DNS for our internal WiFi connection by going into the WiFi settings and manually specifying an external DNS such as Google's?

Background: 1 to 1 iPad deployment to 1200 middle schoolers, We currently have the kids manually connect to the WiFi using their AD creds.

Basically, when kids do that, they don't get proper access to certain internal creds and typically a teacher doesn't know why. Thus having to send a kid to the help room, only to see that someone has overrode their DNS settings.

While this problem can be solved on the discipline side, it's not effectively solved there and the kids continue to do it despite punishments. We're tired of wasting time on it.

I'm happy to provide more context to folks if this can help, but bottom line, while on campus, the kids need to stay on the internal DNS (as provided through DHCP) and ideally the DNS settings could be locked down.

I can see by going through every payload reference that this is not easily possible. How would other admins here consider dealing with this problem?

1 REPLY 1

psliequ
Contributor III

Is there a way to segment the WLAN students are on to a specific VLAN where you could block all outbound DNS traffic not going to your DNS servers? Students can still edit the entries of course but with lack of any internet access that might nudge them in the right way.