Share via

Windows Firewall Allowed and Blocked Dns Servers

Anonymous
2025-01-06T16:20:39+00:00

I want to allow only certain dns server through windows firewall. I created two outbound custom rules. With one I tried to block all connections via UDP protocol on remote port 53 and on the other I allowed only specific dns servers. I thought allowed rule would have a priority over the blocked one. Am I doing something wrong, or is there no way to block everything except for several dns servers?

***moved from Windows / Windows 11 / Internet and connectivity***

Windows for business | Windows Client for IT Pros | Networking | Software-defined networking

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-01-08T06:21:25+00:00

    Hello,

    Thank you for posting in Microsoft Community forum.

    This issue involves the LAN (Local Area Network) not connecting, while the Wi-Fi connection works fine. Based on your description, you've attempted several common troubleshooting steps, but the problem persists. The issue could be caused by one of the following:

    Solution:

    1. Create a Block Rule: First, create a block rule to block all outbound traffic on UDP port 53. This will ensure that all DNS requests are blocked by default.

    Steps:

    Open Windows Firewall with Advanced Security.

    Under Outbound Rules, click New Rule.

    Choose Custom rule type.

    In Protocol and Ports, select UDP and specify the remote port as 53.

    In Action, select Block the connection.

    Name the rule and save it.

    1. Create an Allow Rule: Next, create an allow rule to permit only specific DNS servers to communicate through UDP port 53. This rule should be more specific and target the IP addresses of the DNS servers you want to allow.

    Steps:

    Go back to Outbound Rules and click New Rule.

    Choose Custom rule type.

    In Protocol and Ports, select UDP and specify the remote port as 53.

    In the Which remote IP addresses does this rule apply to? section, select These IP addresses and input the IP addresses of the DNS servers you wish to allow.

    In Action, choose Allow the connection.

    Name the rule and save it.

    1. Rule Order:

    Ensure that the Allow rule is placed above the Block rule. Although Windows Firewall typically processes the most specific rule first, it’s a good idea to manually adjust the order to ensure that the allow rule takes precedence. Right-click on the rule and select Move Up or Move Down to adjust the order.

    1. Testing:

    After applying the rules, use tools like nslookup to test whether the allowed DNS servers are reachable, and verify that all other DNS requests are being blocked as expected.

    Summary:

    By creating two rules—one to block all UDP traffic on port 53 and another to allow specific DNS servers—you can ensure that only the specified DNS servers are allowed through Windows Firewall while blocking all other DNS traffic. This approach should work as expected and resolve the user's issue.

    If the issue persists, check the firewall logs to see if other unforeseen rules are interfering with traffic.

    0 comments