I have a simple network with a domain controller that also does DHCP and DNS.
I am going to implement a SaaS application for web filtering.
Basically I set the DSL modem DNS settings to the filtering service DNS box.
What about users manually setting their DNS settings to an open DNS box.
My thought is this
1. Users have to be local admins on their machine or this would be a moot point
2. Group policy can be set to prevent access to the properties of the lan connection
Downside to this option is I would have to kill it for admins on the box, which includes me. I guess I would exclude the policy from hitting my user account or domain admins.
Possible quick solution - create a firewall rule that only allows DNS requests from the internal DNS server. Would this work?
DNS is set up to use forwarders that points to the DSL modem.