Hi. On Thu, 24 Aug 2017 22:21:04 +0200 Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
> Le 24/08/2017 à 11:30, Reco a écrit : > > > > Somewhat hackish, but straightforward way to achieve this is to redirect > > DNS requests from your LAN to correct DNS. Something like this should do > > the trick: > > Not so straightforward because you still need to get the ISP's DNS and > update the iptables rules whenever the DNS change. Appropriate dhclient hook should do this trick. I'd start with copying and modifying resolvconf one. > > iptables -t nat -A OUTPUT -i <LAN Port> -p udp --dport 53 \ > > -j DNAT --to-destination <ISP DNS>:53 > > > > iptables -t nat -A OUTPUT -i <LAN Port> -p tcp --dport 53 \ > > -j DNAT --to-destination <ISP DNS>:53 > > You mean "-A PREROUTING". My mistake indeed. OUTPUT is unsuitable here. Reco
