[Pdns-users] Proxy mapped address used for allow-from
Otto Moerbeek
otto at drijf.net
Fri Jan 20 15:57:58 UTC 2023
Please show your full configuration, including versions etc. Also, it
is not clear which product you are using.
The recursor docs say:
"Note that once a Proxy Protocol header has been received, the source
address from the proxy header instead of the address of the proxy will
be checked against the allow-from ACL."
https://docs.powerdns.com/recursor/settings.html#proxy-protocol-from
-Otto
On Fri, Jan 20, 2023 at 05:48:31PM +0200, Robby Pedrica via Pdns-users wrote:
> Hi all,
>
> I'm not sure if this is a change in behaviour or I simply haven't noticed
> this before but after upgrading my docker image today, I've seen queries
> being dropped due to the mapped address in my proxy mappings being used for
> allow-from rather than the src/original address. I use a private-public
> address mapping in the proxy maps because I use the mapped public IP as
> part of ecs/edns.
>
> I've now set:
>
> proxy-protocol-from=<mapped ip> (or should this be the src IP?)
>
> but this doesn't appear to have changed anything and queries are still
> being dropped.
>
> Can anyone advise where I'm going wrong? I don't mind putting the mapped
> (public) IP in allow-from but would prefer not to do it if not required.
>
> Regards
>
> --
> Robby Pedrica
>
> c: +27 82 416 8696
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list