diff --git a/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr b/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
index 39e7e2a..8743348 100644
--- a/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
+++ b/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
@@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
 for *any* client that can reach it. Thus if you make your kube-dns
 service world reachable, you also turn it into an open resolver.
 
-At the time of writing this blog article, the following coredns
-configuration **does NOT** correctly block requests:
+The following coredns configuration **does** correctly block
+requests, **IF your coredns version is new enough**:
+
 
 ```
   Corefile: |
@@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
 ...
 ```
 
-Until this is solved, we recommend to place a firewall before your
-public kube-dns service to only allow requests from the forwarding DNS
-servers.
-
+We tested this with
+[coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
+which the ACL behaviour is fixed.
 
 ## More of this