and now is fun with Wireguard: if they only access to the internet is the DNS udp, you can easily route all traffic on it :)
I set it up and it works, of course, then I tried to use it with public limited wifi (hotels, airports) but still have to find what I thought was more common: a connection where the only open DNS traffic is DNS
