root@vm-debian-11:~# iptables-save
# Generated by iptables-save v1.8.7 on Sun May  1 20:13:41 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
-A FORWARD -i enp0s3 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun May  1 20:13:41 2022
# Generated by iptables-save v1.8.7 on Sun May  1 20:13:41 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp0s3 -j MASQUERADE
COMMIT
# Completed on Sun May  1 20:13:41 2022

root@vm-debian-11:~# dig   example.com. @127.0.0.1

; <<>> DiG 9.16.22-Debian <<>> example.com. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6189
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		326	IN	A	93.184.216.34

;; Query time: 72 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 01 20:59:15 CDT 2022
;; MSG SIZE  rcvd: 56

root@vm-debian-11:~# dig gateway.local. @127.0.0.1

; <<>> DiG 9.16.22-Debian <<>> gateway.local. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55528
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gateway.local.			IN	A

;; ANSWER SECTION:
gateway.local.		0	IN	A	192.168.56.254

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 01 20:59:24 CDT 2022
;; MSG SIZE  rcvd: 58

root@vm-debian-11:~# dig   example.com. @1.1.1.1

; <<>> DiG 9.16.22-Debian <<>> example.com. @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49082
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		82369	IN	A	93.184.216.34

;; Query time: 56 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun May 01 20:59:36 CDT 2022
;; MSG SIZE  rcvd: 56

root@vm-debian-11:~# dig gateway.local. @1.1.1.1

; <<>> DiG 9.16.22-Debian <<>> gateway.local. @1.1.1.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31289
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;gateway.local.			IN	A

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022050101 1800 900 604800 86400

;; Query time: 72 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun May 01 20:59:50 CDT 2022
;; MSG SIZE  rcvd: 117

root@vm-debian-11:~#