I'm trying to setup iptables rules on my gateway server to force my kids to use opendns (I've recently discovered that 1 of them has manually is using google DNS instead on his local computer).
Here is my conf in /etc/dhcp/dhcpd.conf:
option domain-name-servers 208.67.222.222, 208.67.220.220;
It's working fine because when an IP is assigned to a local computer, the default DNS server is the 1st OpenDNS entry:
$ nslookup
> serverfault.com
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: serverfault.com
Address: 151.101.65.69
Name: serverfault.com
Address: 151.101.129.69
Name: serverfault.com
Address: 151.101.193.69
Name: serverfault.com
Address: 151.101.1.69
Now, if I put the following rules on my server:
#allow dns requests to opendns
sudo iptables -A OUTPUT -p udp --dport 53 -d 208.67.220.220 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 53 -d 208.67.222.222 -j ACCEPT
#block all other dns requests to other servers
sudo iptables -A OUTPUT -p udp --dport 53 -j DROP
sudo ip6tables -A OUTPUT -p udp --dport 53 -j DROP
...it's working fine, but only on the server itself, not on the clients. Indeed, clients are still able to use any other DNS servers than the ones from OpenDNS.
I suspect that as I'm performing NAT (gateway router), there is something wrong with the table I'm reaching in iptables.
Can you please help? Many thanks in advance for your support.
