Further problems with systemd-resolved on xubuntu 17.04
Xen
list at xenhideout.nl
Wed Jun 7 11:17:15 UTC 2017
Chris Green schreef op 07-06-2017 13:09:
>>
>> I don't know why you would have a fallback DNS in any case.
>>
>> You could remove it?
>>
> Yes, I could, but guest users on my network can't access the local DNS
> server (they only have access to the outside world) but they *do* get
> DHCP services from the local server (an oddity of the firewall). Thus
> they need a fallback DNS that will work for them, that's why I added
> it.
You don't have to share this info of course,
but you could create a firewall rule.... I know, I am suggesting things
you don't want.
Since your guest wifi ssid is on a different subnet you could disallow
input from that subnet to the local dns server.
Routing does not work using the input chain. Your router could be hidden
from the guest network /while routing it/, ie. they could not portscan
it or get any kind of contact with it other than routing.
At least this works if the wifi access point is the primary router for
the guest subnet and forwards the traffic to the real router.
The guests then are able to access the access point itself, but the
router further ahead, including the entire subnet it is part of, is
going to be invisible.
Anyway, that is probably not what you want.
Good luck battling that thing.
More information about the ubuntu-users
mailing list