> I am completely invested in ensuring that nobody bypasses it to the best of my ability.
Then your network is a private walled garden and not "the internet", and I don't know why you expect consumer devices designed to be able to get to the open internet to work unmodified.
I mean, I'm sure your decisions are made with the best intent, but how is what you're doing any different technically than the DNS hijacking the Comcast et. al. have been caught doing?
> Then your network is a private walled garden and not "the internet"
This is true of all LANs.
> how is what you're doing any different technically than the DNS hijacking the Comcast et. al. have been caught doing?
It's not technically any different. However, there's a very huge non-technical difference: it's my network, and I have every right to configure it however I wish. When others engage in hijacking, they are interfering with traffic they have no right to be interfering with.
Then your network is a private walled garden and not "the internet", and I don't know why you expect consumer devices designed to be able to get to the open internet to work unmodified.
I mean, I'm sure your decisions are made with the best intent, but how is what you're doing any different technically than the DNS hijacking the Comcast et. al. have been caught doing?