It would be good to have an option to select which interface DNS server is active on.
For most basic configurations DNS server should be visible only from local network. By default if DNS server is turned on it is available on all interfaces which is not good as DNS on wan interfaces allows router to be easily used for impersonated malicious DNS attatacks.
Now we have to additionally use firewall to block access to DNS server. This is not so good for few reasons:
- it is not obvious. It is easy to forget to set it, and if missed it is not easy to spot error.
- it is more logical when one turns on some service he decides which interface it is binded to.
- using firewall to block access to service from some interfaces wastes more resources that if service simply is not binded to those interfaces.