Help

Prohibit DNS changing

Bentho
New Contributor

Posted on ‎04-22-2024 02:27 AM

Hello, 

sorry for my bad english. 

I'm searching for a solution: students can change DNS setting and skip our UMBRELA configuration.

I'm looking for something that can prohibit DNS changing when they are on our network, but when they are outside, they can do if they want. 

 

Could you help me whit this one? 

Thanks

BR

0 Kudos
Reply
3 REPLIES 3

AJPinto
Honored Contributor III

Posted on ‎04-22-2024 04:46 AM

If you are on macOS, remove admin access. If you are in iOS/iPadOS, not much you can really do beyond blocking the preference pane which can lead to bigger problems when troubleshooting. May be time to implement FAFO.

0 Kudos
Reply

mschlosser
Contributor II

Posted on ‎04-22-2024 06:52 PM

i'd be happy to be corrected. however i don't think there is much you can do on the device level. If this an absolute must, i'd advocate looking into preventing this at the router level. i.e. All tcp/ip / udp traffic sent to port 53 is redirected to whatever IP you choose, regardless of what the device attempts while going through your gateway. best way to approach something like this. if approached in this way, you need to do nothing ot the devices themselves. just a thought.

0 Kudos
Reply

mainelysteve
Valued Contributor II

Posted on ‎04-29-2024 01:23 PM

Used Cisco Umbrella for about 1 1/2 years and what you're looking for is here

You install the Cisco Security Connector app, and either use the custom configuration profile Cisco creates or roll your own in Jamf Pro/School using the DNS proxy payload. 

The little buggers can change the DNS IP addresses all they want and they'll still be filtered.

0 Kudos
Reply