> > > 1. accurately enable ACLs via allow-from > > As far as I know, the ACL are checked accurately, i.e. as defined in > the docs. > > > 2. use proxy-mapped public address from addProxyMapping for ecs/edns > queries > > > > Currently, the proxy mapped address is being used to match against > > allow-from rather than the source/original address. > > I have the feeling there is some form of miscommunication going on. > > As documented, see: > > "M is used for incoming ACL checking (allow-from) and to determine the > ECS processing (ecs-add-for)." > > where M is "the source address mapped by Table Based Proxy Mapping" in > > > https://docs.powerdns.com/recursor/lua-config/proxymapping.html#table-based-proxy-mapping > > The first section of the page tries to explain what address is used in > what circumstances. > > The point of proxyMapping is to use the mapped address as ECS and for > ACL checking. > > If that is not what you want, maybe proxyMapping is not the answer to > your question? > > -Otto >
Hi Otto, This is a perfect explanation and understood now. Thanks for your assistance Regards, Robby
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
