On 15 Nov 2020, at 13:16, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 13.11.2020 15:55, Tapani Tarvainen wrote:
On Fri, Nov 13, 2020 at 02:23:10PM +0000, Michael Tremer (michael.tremer@ipfire.org) wrote: ...
So what I could come up with is this:
You have a host on your network that does not use your DNS servers.
You have a host on your network that does not allow you to put in custom DNS servers.
I would simply say: Throw them away. That is not network equipment. It simply is a bug, and that should not be fixed by us.
Agreed.
But I guess the situation some people have in mind is that you have *users* in your network you can't really control or trust not to mess up with DNS settings in their machines. As in, children.
Or you have *machines* (in this case, Apps) you can't control, because they don't even have an input field for "DNS".
Do you have any examples?
I have never encountered that, because if they allow static configuration of the IP address, they won’t get a DNS server at all.
For devices that only support DHCP, this might make sense. I have a Philips Hue bridge that does not support static configuration and simply gets a lease from the DHCP server. The intention probably is being all zero-configuration.
But any kid smart enough to change DNS settings in their laptop or whatever is also smart enough to work around such redirection.
I'm curious. How could this be done? I have tested the REDIRECT rules with various arbitrary entries, even with non-existing addresses. So far, DNS queries were always redirected to the DNS servers specified in IPFire until now. I even didn't notice that I tested withirregular or invalid addresses.
Proxies. VPNs. Tor. Remotely logging in to another computer - like RDP, VNC, etc.
...
Best, Matthias