Comment by VTimofeenko
3 days ago
Why not forbid going outside on port 53 and (optionally) redirect to the local DNS servers:
(nftables syntax)
ip saddr != @lan_dns ip daddr != @lan_dns udp dport 53 counter dnat ip to numgen inc mod 2 map { 0 : 192.168.1.1, 1 : 192.168.1.2 } comment "Force all DNS traffic to go through local DNS servers"
No comments yet
Contribute on Hacker News ↗