ungleich-public
/
ungleich-staticcms
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

k8s / dns: update with github link

This commit is contained in:
Nico Schottelius 2022-03-31 22:09:46 +02:00
parent c769770bc1
commit 4ee568370b
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr
View File

@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
for *any* client that can reach it. Thus if you make your kube-dns
service world reachable, you also turn it into an open resolver.
At the time of writing this blog article, the following coredns
configuration **does NOT** correctly block requests:
The following coredns configuration **does** correctly block
requests, **IF your coredns version is new enough**:
```
Corefile: |
@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
...
```
Until this is solved, we recommend to place a firewall before your
public kube-dns service to only allow requests from the forwarding DNS
servers.
We tested this with
[coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
which the ACL behaviour is fixed.
## More of this