• I set up a CP for a guest WiFi and I use DNS resolver in order to redirect traffic the login page using https. The problem with this setup is that the DNS resolver will also resolve names of devices in my LAN and other restricted subnets.

    Is there a way to prevent clients on the CP subnet (authenticated or not) from resolving names from restricted subnets?

  • Banned

    Nothing like inventing problems where there's none… What's exactly top secret about the names? Other than that, no, not with unbound or dnsmasq. Use bind and views for your top secret LAN hostnames.

  • Added to that:
    A Portal should be on its own interface.
    So, its has its own firewall - which should enable Internet access, and forbid any access the private lans or any  other interfaces.