From b1b55d902c4d140db68c3ad0a5e2fadb44c672d8 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 24 Apr 2019 15:38:26 +0200 Subject: [PATCH] dnsdist: Document that the ACL also filters DoT and DoH queries --- pdns/dnsdistdist/docs/advanced/acl.rst | 2 ++ pdns/dnsdistdist/docs/reference/config.rst | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pdns/dnsdistdist/docs/advanced/acl.rst b/pdns/dnsdistdist/docs/advanced/acl.rst index bce4197a0d..4fd92a755a 100644 --- a/pdns/dnsdistdist/docs/advanced/acl.rst +++ b/pdns/dnsdistdist/docs/advanced/acl.rst @@ -16,6 +16,8 @@ To be a good internet citizen, dnsdist by default listens on the loopback addres - ``fc00::/7`` - ``fe80::/10`` +The ACL applies to queries received over UDP, TCP, DNS over TLS and DNS over HTTPS. + Further more, dnsdist only listens for queries on the local-loopback interface by default. Listening on different addresses diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index b4f6cc919c..1bbf2431f1 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -292,19 +292,19 @@ Access Control Lists .. function:: addACL(netmask) - Add a netmask to the existing ACL controlling which clients can send UDP and TCP queries. See :ref:`ACL` for more information. + Add a netmask to the existing ACL controlling which clients can send UDP, TCP, DNS over TLS and DNS over HTTPS queries. See :ref:`ACL` for more information. :param str netmask: A CIDR netmask, e.g. ``"192.0.2.0/24"``. Without a subnetmask, only the specific address is allowed. .. function:: setACL(netmasks) - Remove the existing ACL and add the netmasks from the table of those allowed to send UDP and TCP queries. See :ref:`ACL` for more information. + Remove the existing ACL and add the netmasks from the table of those allowed to send UDP, TCP, DNS over TLS and DNS over HTTPS queries. See :ref:`ACL` for more information. :param {str} netmasks: A table of CIDR netmask, e.g. ``{"192.0.2.0/24", "2001:DB8:14::/56"}``. Without a subnetmask, only the specific address is allowed. .. function:: showACL() - Print a list of all netmasks allowed to send queries over UDP and TCP. See :ref:`ACL` for more information. + Print a list of all netmasks allowed to send queries over UDP, TCP, DNS over TLS and DNS over HTTPS. See :ref:`ACL` for more information. EDNS Client Subnet ~~~~~~~~~~~~~~~~~~ -- 2.47.2