Re: Son bypassed DNS. Can I force DNS on router/modem?
I just noticed this thread so I'm a bit late. I use my Rogers modem in bridge mode, so what I'm going to say is untested.
The modem ("gateway" would be a better term) can operate as a DNS server. (In technical terms, a "recursive DNS server".) This is described in the Hitron manual linked above (starting on page 77).
You need to set "DNS Obtain" to "manual". You need to fill in "Proxy Hostname 1" and "Proxy Hostname 2" to OpenDNS's IP addresses (the field name suggests that a domain name would work, but I doubt that).
You should turn on the proxy server by setting "DNS Proxy Status" to "enabled".
Then just instruct the modem to block all outgoing traffic that is destined for UDP or TCP port 53 (as described in previous replies).
That should force everyone in your LAN to use the modem's DNS server. It, in turn, will use OpenDNS.
This can not and will not stop DNS queries that go through a VPN. Or through a non-traditional port.
I have the CODA-4582U modem and am using open dns as a parental control for my kids. It works like a charm but my oldest boy has figured out how to bypass DNS on his chromebook and switched to google dns. Is there a way to make a rule of some sorts that enforces DNS on my coda modem. I could install a WRT router with DD-WRT and they have a setting to enforce dns but I prefer to not bridge my coda modem especially since I am using the new Rogers MyWifi app and I like some of the functionality in it. Most of the Rogers parental control are not as configurable as open dns so I really want to use that with a rule to enforce dns on the router level. Any ideas anyone?
This is possible, but it's a little bit complicated. You can block Google's DNS from the router level by using Static IP Routing effectively blocking Google's DNS 126.96.36.199 and 188.8.131.52.. though he could keep changing to a different DNS or by using Tor Browser. It's a little bit technical, and requires some configuration through networking and policy settings. You could have the DNS locked to his device so he's not allowed to change it. Depends what hardware he is using and if there are restrictions in place to do so. There are several software programs that are probably much easier to install and configure than trying to use it via the router level.