Page MenuHomeVyOS Platform
Create Task
Maniphest T1524

Add support to set allow-from network in DNS forwarding
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer.

https://docs.powerdns.com/recursor/settings.html#allow-from

Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor.

CLI proposal:
set system dns forwarding allow-clients <x.x.x.x/x>
set system dns forwarding allow-clients <h:h:h:h:h:h:h:h/x>

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close

Related Objects
Search...

Event Timeline

c-po triaged this task as Low priority.Jul 14 2019, 12:45 PM
c-po created this task.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po claimed this task.Aug 17 2019, 5:32 PM
c-po updated the task description. (Show Details)Aug 17 2019, 8:00 PM
c-po added a parent task: T1595: Migrate deprecated "service dns forwarding listen-on" to listen-address.Aug 17 2019, 8:46 PM
c-po mentioned this in T1595: Migrate deprecated "service dns forwarding listen-on" to listen-address.
c-po changed the task status from Open to In progress.Aug 20 2019, 9:36 AM
c-po added a project: VyOS 1.2 Crux (VyOS 1.2.3).
c-po renamed this task from DNS forwarding allow other source addresses then RFC1918 to Add support to set allow-from network in DNS forwarding.Aug 20 2019, 9:50 AM
c-po changed the task status from In progress to Backport candidate.Aug 20 2019, 9:53 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).Aug 20 2019, 10:05 AM
pasik added a subscriber: pasik.Aug 21 2019, 6:01 PM
c-po closed this task as Resolved.Aug 25 2019, 5:21 PM
c-po moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.3) board.
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:24 PM