Prohibit DNS changing

Bentho
New Contributor

Hello, 

sorry for my bad english. 

I'm searching for a solution: students can change DNS setting and skip our UMBRELA configuration.

I'm looking for something that can prohibit DNS changing when they are on our network, but when they are outside, they can do if they want. 

 

Could you help me whit this one? 

Thanks

BR

3 REPLIES 3

AJPinto
Honored Contributor III

If you are on macOS, remove admin access. If you are in iOS/iPadOS, not much you can really do beyond blocking the preference pane which can lead to bigger problems when troubleshooting. May be time to implement FAFO.

mschlosser
Contributor

i'd be happy to be corrected. however i don't think there is much you can do on the device level. If this an absolute must, i'd advocate looking into preventing this at the router level. i.e. All tcp/ip / udp traffic sent to port 53 is redirected to whatever IP you choose, regardless of what the device attempts while going through your gateway. best way to approach something like this. if approached in this way, you need to do nothing ot the devices themselves. just a thought.

mainelysteve
Valued Contributor II

Used Cisco Umbrella for about 1 1/2 years and what you're looking for is here

You install the Cisco Security Connector app, and either use the custom configuration profile Cisco creates or roll your own in Jamf Pro/School using the DNS proxy payload. 

The little buggers can change the DNS IP addresses all they want and they'll still be filtered.