F5F Stay Refreshed Power Users Networks Check logs and DNS resolution tools to confirm usage.

Check logs and DNS resolution tools to confirm usage.

Check logs and DNS resolution tools to confirm usage.

T
theonlyraider
Member
Find
166
04-01-2025, 08:01 AM
#1
I have two queries about the title of this discussion. 1.) I’m uncertain about where DNS configurations are set—whether on a server, router, or switch. 2.) If an employee sets up their own DNS settings in their personal network, would those override the company’s system settings? Could it be possible to ensure the personal configuration takes precedence? Are there specific commands or ways to verify which DNS settings are being used?
Reply
Reply
T
theonlyraider
04-01-2025, 08:01 AM #1

I have two queries about the title of this discussion. 1.) I’m uncertain about where DNS configurations are set—whether on a server, router, or switch. 2.) If an employee sets up their own DNS settings in their personal network, would those override the company’s system settings? Could it be possible to ensure the personal configuration takes precedence? Are there specific commands or ways to verify which DNS settings are being used?

Reply
Reply
K
kevisi
Junior Member
Find
19
04-01-2025, 09:13 AM
#2
Relies on network configuration but typically in enterprise environments it's managed through DHCP servers and the L3 switch or router, which routes DHCP requests according to VLAN. This applies similarly to the second point, which is heavily influenced by how the organization sets up its systems. If you access the machine using corporate credentials within the domain, they can restrict changes and lock settings. When modifications are possible, they generally won't block them, but if they allow, adding access lists to block non-authorized DNS requests to specific servers can be straightforward.
Reply
Reply
K
kevisi
04-01-2025, 09:13 AM #2

Relies on network configuration but typically in enterprise environments it's managed through DHCP servers and the L3 switch or router, which routes DHCP requests according to VLAN. This applies similarly to the second point, which is heavily influenced by how the organization sets up its systems. If you access the machine using corporate credentials within the domain, they can restrict changes and lock settings. When modifications are possible, they generally won't block them, but if they allow, adding access lists to block non-authorized DNS requests to specific servers can be straightforward.

Reply
Reply
R
Retsu
Member
Find
59
04-01-2025, 10:29 AM
#3
You can check the active DNS servers using tools like `nslookup` or `dig`. Run `nslookup yourdomain.com` to see which servers are being queried. To verify configurations, ensure commands like `ifconfig` or `ipconfig` aren’t restricted by firewall rules or system settings.
Reply
Reply
R
Retsu
04-01-2025, 10:29 AM #3

You can check the active DNS servers using tools like `nslookup` or `dig`. Run `nslookup yourdomain.com` to see which servers are being queried. To verify configurations, ensure commands like `ifconfig` or `ipconfig` aren’t restricted by firewall rules or system settings.

Reply
Reply
T
Tuetme
Senior Member
Find
418
04-07-2025, 09:30 AM
#4
You can run nslookup from the command prompt to get the server's FQDN and IP address. For instance, nslookup google.com shows the IPs and the DNS server used in the query. Non-authoritative answer gives details like name, addresses, and server information.
Reply
Reply
T
Tuetme
04-07-2025, 09:30 AM #4

You can run nslookup from the command prompt to get the server's FQDN and IP address. For instance, nslookup google.com shows the IPs and the DNS server used in the query. Non-authoritative answer gives details like name, addresses, and server information.

Reply
Reply
C
Clareesuh
Member
Find
245
04-13-2025, 11:56 PM
#5
When working on a work machine, avoid changing DNS settings as it might disrupt internal operations. What specific issue are you encountering that you're attempting to resolve?
Reply
Reply
C
Clareesuh
04-13-2025, 11:56 PM #5

When working on a work machine, avoid changing DNS settings as it might disrupt internal operations. What specific issue are you encountering that you're attempting to resolve?

Reply
Reply
B
bubble321
Junior Member
Find
3
04-16-2025, 06:19 AM
#6
There isn't a specific issue I'm addressing. My focus was on DNS setup and whether DNS settings on a user's machine can be restricted manually.
Reply
Reply
B
bubble321
04-16-2025, 06:19 AM #6

There isn't a specific issue I'm addressing. My focus was on DNS setup and whether DNS settings on a user's machine can be restricted manually.

Reply
Reply
S
SuperTigresss
Posting Freak
Find
768
04-16-2025, 09:32 AM
#7
Assuming the computer is company managed, and AD joined (and the user is not given local administrative permission), then yes you can block access to those settings using AD GPO. However, if the user is a local administrator, there's really not much you can block that they can't just change back, if they know how.
Reply
Reply
S
SuperTigresss
04-16-2025, 09:32 AM #7

Assuming the computer is company managed, and AD joined (and the user is not given local administrative permission), then yes you can block access to those settings using AD GPO. However, if the user is a local administrator, there's really not much you can block that they can't just change back, if they know how.

Reply
Reply
X
xScabs
Junior Member
Find
3
04-16-2025, 01:40 PM
#8
Based on common practices, you can restrict settings changes in Windows using a GPO policy. You may also disable DNS traffic at the network level, like blocking UDP/TCP 53 to only allow your company's DNS servers. However, this doesn't work for users who move off-network, such as those using laptops. Many organizations deploy security tools on laptops that proxy requests and filter websites or DNS, providing consistent protection even when away from the network, including solutions like zScaler or Sophos.
Reply
Reply
X
xScabs
04-16-2025, 01:40 PM #8

Based on common practices, you can restrict settings changes in Windows using a GPO policy. You may also disable DNS traffic at the network level, like blocking UDP/TCP 53 to only allow your company's DNS servers. However, this doesn't work for users who move off-network, such as those using laptops. Many organizations deploy security tools on laptops that proxy requests and filter websites or DNS, providing consistent protection even when away from the network, including solutions like zScaler or Sophos.

Reply
Reply