I would like to send AAAA/HTTPS dns queries to a separate server running locally to give empty responses to these queries. How do I configure the firewall to redirect these queries away from the default dns server?
You can configure DNSMasq to only query A records.
You can add to the dnsmasq config:
filter-AAAA
Thanks. Was on 22 with dnsmasq 2.81 which didn't have these options and had to upgrade to 23.05. Added also
filter-rr=HTTPS
to /etc/dnsmasq.conf
Mission accomplished.