forbid lan dns queries

Originally created by Tails on #5852 (Redmine)

According to the The State of the DNS and Tor Union (also: a DNS UDP - >TCP shim)" thread on or-talk:

Many commercial Linux based routers like ActionTek and D-Link use dproxy-nexgen resolvers accessible at link-local 192.168.1.1. A reverse lookup of the gateway itself provides not just the internal address but also the public IP and hostname from ISP. there are other caching resolvers used in captive wifi portals and other locations with same behavior.

We then need to forbid queries to DNS resolvers on the LAN. Exceptions: at least the htp user; more?

This has been implemented, in Tails 0.7.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information