> On 15 Nov 2020, at 13:16, Matthias Fischer wrote: > > Hi, > > On 13.11.2020 15:55, Tapani Tarvainen wrote: >> On Fri, Nov 13, 2020 at 02:23:10PM +0000, Michael Tremer (michael.tremer(a)ipfire.org) wrote: >> ... >>> So what I could come up with is this: >>> >>> * You have a host on your network that does not use your DNS servers. >>> >>> * You have a host on your network that does not allow you to put in custom DNS servers. >>> >>> I would simply say: Throw them away. That is not network equipment. >>> It simply is a bug, and that should not be fixed by us. >> >> Agreed. >> >> But I guess the situation some people have in mind is that you have >> *users* in your network you can't really control or trust not to mess >> up with DNS settings in their machines. As in, children. > > Or you have *machines* (in this case, Apps) you can't control, because > they don't even have an input field for "DNS". Do you have any examples? I have never encountered that, because if they allow static configuration of the IP address, they won’t get a DNS server at all. For devices that only support DHCP, this might make sense. I have a Philips Hue bridge that does not support static configuration and simply gets a lease from the DHCP server. The intention probably is being all zero-configuration. >> But any kid smart enough to change DNS settings in their laptop or >> whatever is also smart enough to work around such redirection. > > I'm curious. How could this be done? I have tested the REDIRECT rules > with various arbitrary entries, even with non-existing addresses. So > far, DNS queries were always redirected to the DNS servers specified in > IPFire until now. I even didn't notice that I tested withirregular or > invalid addresses. Proxies. VPNs. Tor. Remotely logging in to another computer - like RDP, VNC, etc. > ... > > Best, > Matthias