Design: update wrt. current devel branch state.

2 files changed, 4 insertions, 3 deletions

diff --git a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
index 60c9e30..910ce3c 100644
--- a/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement/DNS.mdwn
@@ -14,6 +14,9 @@ therefore blocked in order to prevent leaks. Another solution may be
 to use the Linux network filter to forward outgoing UDP datagrams to
 the local DNS proxy.
 
+T(A)ILS development branch also forbids DNS queries to RFC1918 addresses; those
+might indeed allow the system to learn the local network's public IP address.
+
 [resolvconf](http://alioth.debian.org/projects/resolvconf/) is used to
 configure the system resolver in `/etc/resolv.conf`; it is also setup
 to prevent NetworkManager and dhcp-client to modify this file.
diff --git a/wiki/src/todo/forbid_lan_dns_queries.mdwn b/wiki/src/todo/forbid_lan_dns_queries.mdwn
index 7947e22..9fb2bcc 100644
--- a/wiki/src/todo/forbid_lan_dns_queries.mdwn
+++ b/wiki/src/todo/forbid_lan_dns_queries.mdwn
@@ -15,6 +15,4 @@ We then need to forbid queries to DNS resolvers on the LAN.
 Exceptions: at least the htp user; more?
 
 > This has been implemented, though untested, in devel branch (commit
-> c2ad173) => [[!taglink todo/test]] and write [[!taglink
-> todo/documentation]] about this in the [[design
-> document|contribute/design]].
+> c2ad173) => [[!taglink todo/test]].