Correct answers
To do this, set the Firewall on the router to Custom. Then, you'll need to create rules which follow this methodology.
"Allow Port 53 TCP/UDP Outbound to OpenDNS IPs 208.67.220.220 and 208.67.222.222, Source Port Any, Source IP any"
"Deny Port 53 TCP/UDP Outbound to all IP addresses, Source Port Any, Source IP Any"
Although I don't have a FIOS G1100 or MI424WR handy to do a walk-through on this, the rule of thumb is to create your deny rule to precede the rule to only allow OpenDNS. Then, to test as you've done, the changes. Make sure that making queries against the router (192.168.1.1 or whatever you have it's IP set to) continue to work, and also be sure that you can query OpenDNS directly as well (eg: nslookup www.google.com 208.67.220.220). While queries sent to Google DNS for example (eg: nslookup www.google.com 8.8.8.8) time out.
Here's an example of some rules I have set up on Ubiquiti UniFi networks I manage. to restrict DNS traffic to OpenDNS only. I also have rules for IPv6 because these networks are on an IPv6 capable ISP and are IPv6 functional as well.
Thank you very much.
I didn't do all you said but it look like it is working, meaning that when I manualy set 8.8.8.8 as the DNS on my iPad, instead of "Automatic", my iPad doesn't access internet at all, whereas when I let the DNS as "Automatic", it accesses internet but gets blocked by Open DNS where it should.
On the routeur settings, I went to Firewall, Access Control, Add rule, and I created a rule that applies to any device or networked Computer, and which forces any TCP or UDP request, from any port, to go to port 53. It doesn't look like my router allows more "sophisticated" rules where I could specify OpenDNS address here.
Screenshots:
:
I also manualy forced my server to use Open DNS as DNS provider as per the post above. With that, when I do the nslookup queries as you suggest, I time out for 8.8.8.8 and also for 208.67.220.220, but not for my router's IP address. I seem to be able to access the internet fine.