Qualcosa nella pagina di Wikipedia sui portali in cattività mi ha confuso:
When a client requests a website, DNS is queried by the browser. The firewall will make sure that only the DNS server(s) provided by DHCP can be used by unauthenticated clients (or, alternatively, it will forward all DNS requests by unauthenticated clients to that DNS server). This DNS server will return the IP address of the Captive Portal page as a result of all DNS lookups. The DNS poisoning technique used here, when not considering answers with a TTL of 0, may negatively affect post-authenticated internet use when the client machine references non-authentic data in its local resolver cache. Some naive implementations don't block outgoing DNS requests from clients, and therefore are very easy to bypass; a user simply needs to configure their computer to use another, public, DNS server. Implementing a firewall or ACL that ensures no inside clients can use an outside DNS server is critical.
Si dice che il server DNS viene interrogato per restituire l'indirizzo IP del captive portal. Questo server DNS è stato scelto da DHCP. Dove si trova esattamente il DHCP e perché il portale captive non dovrebbe essere sullo stesso server che ha il DHCP ??