[Pdns-users] Proxy mapped address used for allow-from

Otto Moerbeek otto at drijf.net
Fri Jan 20 15:57:58 UTC 2023

Please show your full configuration, including versions etc. Also, it
is not clear which product you are using.

The recursor docs say:

"Note that once a Proxy Protocol header has been received, the source
address from the proxy header instead of the address of the proxy will
be checked against the allow-from ACL."



On Fri, Jan 20, 2023 at 05:48:31PM +0200, Robby Pedrica via Pdns-users wrote:

> Hi all,
> I'm not sure if this is a change in behaviour or I simply haven't noticed
> this before but after upgrading my docker image today, I've seen queries
> being dropped due to the mapped address in my proxy mappings being used for
> allow-from rather than the src/original address. I use a private-public
> address mapping in the proxy maps because I use the mapped public IP as
> part of ecs/edns.
> I've now set:
> proxy-protocol-from=<mapped ip> (or should this be the src IP?)
> but this doesn't appear to have changed anything and queries are still
> being dropped.
> Can anyone advise where I'm going wrong? I don't mind putting the mapped
> (public) IP in allow-from but would prefer not to do it if not required.
> Regards
> -- 
> Robby Pedrica
> c: +27 82 416 8696

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list