Hi,
On 4 Mar 2020, at 10:56, Tapani Tarvainen ipfire@tapanitarvainen.fi wrote:
On Mar 04 10:11, Michael Tremer (michael.tremer@ipfire.org) wrote:
Regarding external DNS servers, IoT and similar things come to my mind, which have their resolvers hard-coded in the firmware.
Thinking about those, how about an option to *redirect* connections to port 53 of external servers to IPFire rather than rejecting them?
Yes, we could do that for 53 UDP and TCP, but not for 853 obviously.
Right. But if some IoT thingy relies on a hard-coded DNS-over-TLS server there's little we can do about it, but redirection could save the day with those that use good old 53.
I would never expect any IoT product to use DNS-over-TLS.
-- Tapani Tarvainen