>
> > 1. accurately enable ACLs via allow-from
>
> As far as I know, the ACL are checked accurately, i.e. as defined in
> the docs.
>
> > 2. use proxy-mapped public address from addProxyMapping for ecs/edns
> queries
> >
> > Currently, the proxy mapped address is being used to match against
> > all
On Thu, Jan 26, 2023 at 03:07:17PM +0200, Robby Pedrica via Pdns-users wrote:
> Thanks Otto,
>
> I agree with the docs, but then the actual operation/result is not
> consistent unless I'm misunderstanding the operation or purpose of
> proxy-protocol-from.
>
> *Product:*
>
> pdns-recursor
>
>
Thanks Otto,
I agree with the docs, but then the actual operation/result is not
consistent unless I'm misunderstanding the operation or purpose of
proxy-protocol-from.
*Product:*
pdns-recursor
*Version:*
4.8.1
*Full recursor.conf config:*
allow-from=
api-key=
#config-dir=/usr/etc
daemon
On Fri, 20 Jan 2023 at 17:58, Otto Moerbeek wrote:
Please show your full configuration, including versions etc. Also, it
is not clear which product you are using.
The recursor docs say:
"Note that once a Proxy Protocol header has been received, the source
address from the proxy
Please show your full configuration, including versions etc. Also, it
is not clear which product you are using.
The recursor docs say:
"Note that once a Proxy Protocol header has been received, the source
address from the proxy header instead of the address of the proxy will
be checked against th
Hi all,
I'm not sure if this is a change in behaviour or I simply haven't noticed
this before but after upgrading my docker image today, I've seen queries
being dropped due to the mapped address in my proxy mappings being used for
allow-from rather than the src/original address. I use a private-pu
