Could you explain? I don't use dnsmasq, but I do use unbound. I do block outgoing port 53 (UDP and TCP) and force the use of my unbound server.
Quite a few apps and devices ignore the DNS recommendations provided by radvd (for ipv6) and dhcp (for IPv4).
That way I can block youtube, instagram, netflix, imgur, reddit, and similar services that my kids are addicted to if they are avoiding homework and the like.
How exactly does that "compromise DNS chain"? Unbound is DNSSEC aware, and talks to the same root servers that the ISP, google, opendns, or similar services would talk to.
Quite a few apps and devices ignore the DNS recommendations provided by radvd (for ipv6) and dhcp (for IPv4).
That way I can block youtube, instagram, netflix, imgur, reddit, and similar services that my kids are addicted to if they are avoiding homework and the like.
How exactly does that "compromise DNS chain"? Unbound is DNSSEC aware, and talks to the same root servers that the ISP, google, opendns, or similar services would talk to.
Sadly DoH will make this much more difficult.