Thank you very much for your answers. It's a shame that your answers missed the point. My wording was slightly bad: I wanted to ask everyone in the team to ask the questions themselves. If you do that, the question will change like: Why did we / I decide to do this?
I don't need to know the answer and I don't want to know it either. So please leave it, even if you find it difficult. Please don't answer me!
For everyone who is not very familiar with IT, I would like to clarify something in this regard: If you used a DNS resolver instead of a DNS forwarder, and also installed Hyperlocal, the behavior of Pi-Hole changes. Pi localhost would become Pi-Hole's upstream DNS searver.
Upstream DNS servers
Custom 1 (IPv4): 127.0.0.1 # 5353
Custom 3 (IPv6): :: 1 # 5353
Accordingly, the query would be faster, more secure, and would have no problems with DNSSEC, ECS. With these prerequisites, Let's Encrypt is given a new importance.
And if the "Interface listening behavior" is set to "Listen on all interfaces", you have nothing to fear from other people's interventions. If you use a firewall you could even close or block the DNS port in my opinion.
But!
By the way. These questions are only examples. They can also be different and have nothing to do with the original topic of this discussion. And again: Please don't answer me! Not for this.
We are in beta anyway, so you shouldn't be providing any help anyway. This is not helpful for creative further development and is therefore not useful. Except you mend mistakes and close gaps (of course).
To come back to the original topic. It might be helpful for the moment to assign a block RegEx (. | ^) $ For "Unassociated" or new "Default" and to instruct the users:
- Transfer only clinics with IPv4 to another group.
- Only this block RegEx should be in the "Default" group.
This is certainly not functional for everyone, but probably better for the moment. How do you think about it?