> On 4 Mar 2020, at 06:00, Tapani Tarvainen <ipfire(a)tapanitarvainen.fi> wrote:
> 
> On Tue, Mar 03, 2020 at 06:32:00PM +0000, Peter Müller (peter.mueller(a)ipfire.org) wrote:
> 
>> I like your suggestion, and see something like "reject any client
>> connecting to any other DNS server on the internet" similar to blocking
>> outbound connections to port 25 in order to prevent spamming.
>> 
>> In both cases and for most SOHO networks, there is little legitimate
>> reason to do so. Regarding external DNS servers, IoT and similar things
>> come to my mind, which have their resolvers hard-coded in the firmware.
> 
> Thinking about those, how about an option to *redirect* connections
> to port 53 of external servers to IPFire rather than rejecting them?

Yes, we could do that for 53 UDP and TCP, but not for 853 obviously.

> 
> -- 
> Tapani Tarvainen