Coredns: Limit Queries to specific IPs?

Created on 28 Aug 2019  路  2Comments  路  Source: coredns/coredns

Hi there,

I'm currently using CoreDNS on Version 1.6.2 to be able to connect to my dedicated Minecraft Bedrock Server with my Nintendo Switch (as it isn't possible without DNS manipulation).

I have now received an email from the Federal Office for Security in Information Technology in Germany, as my resolver is recursively answering queries from all IP addresses.

How can I limit source IP addresses that are allowed to query my DNS?

My current Corefile is as follows:

.:9999 {
    rewrite name exact mco.lbsg.net <IP of my MC server>
    log
    forward . tls://9.9.9.9 {
        tls_servername dns.quad9.net
        health_check 5s
    }
}
plugibind question
Source
picture ColinShark
👍1

All 2 comments

I dont have the whole picture, but it seems you're running coredns on a system that has a public interface, so you'd want to run coredns so it only listens on the private interface. You can do this with the _bind_ plugin.

To answer your question about client IP ACL function:

There is the external firewall plugin in coredns/policy. It can be used to provide source ip ACL function.

There is also PR #3103, _not merged yet_, but I expect it should be soon. It provides a simpler ACL function.

chrisohaver picture chrisohaver on 28 Aug 2019
👎2

The new acl (soon to be merged) or bind plugin can help. Closing.

miekg picture miekg on 2 Sep 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xor-gate picture xor-gate  路  3Comments
GeorgeGuo2018 picture GeorgeGuo2018  路  3Comments
stp-ip picture stp-ip  路  4Comments
JaroVojtek picture JaroVojtek  路  6Comments
miekg picture miekg  路  5Comments