Hi,

On 13.11.2020 15:55, Tapani Tarvainen wrote:
> On Fri, Nov 13, 2020 at 02:23:10PM +0000, Michael Tremer (michael.tremer(a)ipfire.org) wrote:
> ...
>> So what I could come up with is this:
>> 
>> * You have a host on your network that does not use your DNS servers.
>> 
>> * You have a host on your network that does not allow you to put in custom DNS servers.
>>
>> I would simply say: Throw them away. That is not network equipment.
>> It simply is a bug, and that should not be fixed by us.
> 
> Agreed.
> 
> But I guess the situation some people have in mind is that you have
> *users* in your network you can't really control or trust not to mess
> up with DNS settings in their machines. As in, children.

Or you have *machines* (in this case, Apps) you can't control, because
they don't even have an input field for "DNS".

> But any kid smart enough to change DNS settings in their laptop or
> whatever is also smart enough to work around such redirection.

I'm curious. How could this be done? I have tested the REDIRECT rules
with various arbitrary entries, even with non-existing addresses. So
far, DNS queries were always redirected to the DNS servers specified in
IPFire until now. I even didn't notice that I tested withirregular or
invalid addresses.

...

Best,
Matthias