From 4ee568370b71577ac80e09e4aef4fc033a8f3f43 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Thu, 31 Mar 2022 22:09:46 +0200
Subject: [PATCH] k8s / dns: update with github link

---
 .../contents.lr                                      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr b/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
index 39e7e2a..8743348 100644
--- a/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
+++ b/content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
@@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
 for *any* client that can reach it. Thus if you make your kube-dns
 service world reachable, you also turn it into an open resolver.
 
-At the time of writing this blog article, the following coredns
-configuration **does NOT** correctly block requests:
+The following coredns configuration **does** correctly block
+requests, **IF your coredns version is new enough**:
+
 
 ```
   Corefile: |
@@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
 ...
 ```
 
-Until this is solved, we recommend to place a firewall before your
-public kube-dns service to only allow requests from the forwarding DNS
-servers.
-
+We tested this with
+[coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
+which the ACL behaviour is fixed.
 
 ## More of this