k8s / dns: update with github link
This commit is contained in:
parent
c769770bc1
commit
4ee568370b
|
@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
|
||||||
for *any* client that can reach it. Thus if you make your kube-dns
|
for *any* client that can reach it. Thus if you make your kube-dns
|
||||||
service world reachable, you also turn it into an open resolver.
|
service world reachable, you also turn it into an open resolver.
|
||||||
|
|
||||||
At the time of writing this blog article, the following coredns
|
The following coredns configuration **does** correctly block
|
||||||
configuration **does NOT** correctly block requests:
|
requests, **IF your coredns version is new enough**:
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
Corefile: |
|
Corefile: |
|
||||||
|
@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
Until this is solved, we recommend to place a firewall before your
|
We tested this with
|
||||||
public kube-dns service to only allow requests from the forwarding DNS
|
[coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
|
||||||
servers.
|
which the ACL behaviour is fixed.
|
||||||
|
|
||||||
|
|
||||||
## More of this
|
## More of this
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue