On my network, DHCP serves a DNS address of 10.0.0.1 to users, which is the firewall. This sends DNS queries to the OpenDNS servers I have configured. However, users can set their own DNS addresses and it bypasses what I have configured. I need to configure things so users cannot bypass my DNS configuration. I realize I can set a firewall rule to BLOCK any port 53 which is not 10.0.0.1 but I had rather redirect any port 53 traffic which is not 10.0.0.1 to 10.0.0.1. It looks as if I can do that through inbound NAT to the LAN, but it looks as if it redirects ALL port 53 traffic, even traffic already set to 10.0.0.1. Is this correct? Is there a better way?
I have never found a way to do this I really like. And inbound NAT rules are from the outside in, not the inside out. The best way I hove found it to block it, or use the traffic shaper to shape it to 1K.