How to block external access to the DNS service running on a Cisco router?

!Deny DNS from Public 
 ip access-list extended ACL-IN_FROM-WAN
  remark allow OpenDNS lookups
  permit udp 208.67.222.222 0.0.0.0 any eq domain
  permit tcp 208.67.220.220 0.0.0.0 any eq domain
  remark deny all others and log the attempts
  deny   udp any any eq domain log
  deny   tcp any any eq domain log
  permit ip any any

! Apply to WAN interface
 int WAN
  ip access-group ACLIN-TO_WAN in

Tags:

Router

Cisco

Domain Name System

Access Control List

Recent Posts