ungleich-public
/
ungleich-staticcms
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

k8s / dns: update with github link

This commit is contained in:
Nico Schottelius 2022-03-31 22:09:46 +02:00
parent c769770bc1
commit 4ee568370b
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
View File

@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
for *any* client that can reach it. Thus if you make your kube-dns for *any* client that can reach it. Thus if you make your kube-dns
service world reachable, you also turn it into an open resolver. service world reachable, you also turn it into an open resolver.
At the time of writing this blog article, the following coredns The following coredns configuration **does** correctly block
configuration **does NOT** correctly block requests: requests, **IF your coredns version is new enough**:
``` ```
Corefile: | Corefile: |
@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
... ...
``` ```
Until this is solved, we recommend to place a firewall before your We tested this with
public kube-dns service to only allow requests from the forwarding DNS [coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
servers. which the ACL behaviour is fixed.
## More of this ## More of this