From b7974222a77795f272d58ae21965099f87bd3ba9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 14 Sep 2023 17:42:40 +0200 Subject: [PATCH] doc: improve text for listening on wildcard addresses The different addresses don't need to share an interface. Also provide more details on what fails. --- doc/config-network-server.rst | 3 ++- doc/gettingstarted-config.rst | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/config-network-server.rst b/doc/config-network-server.rst index e4d6c63c4..807c44a47 100644 --- a/doc/config-network-server.rst +++ b/doc/config-network-server.rst @@ -69,7 +69,8 @@ First you need to decide what service should be available on given IP address .. warning:: - On machines with multiple IP addresses avoid listening on wildcards ``0.0.0.0`` or ``::``. Knot Resolver could answer from different IP addresses if the network address ranges overlap, and clients would probably refuse such a response. + On machines with multiple IP addresses avoid listening on wildcards ``0.0.0.0`` or ``::``. + If a client can be reached through multiple addresses, UDP answers from a wildcard address might pick a wrong source address, and such responses should then get refused. .. _config-network-proxyv2: diff --git a/doc/gettingstarted-config.rst b/doc/gettingstarted-config.rst index b1f7d377e..50d25a0ab 100644 --- a/doc/gettingstarted-config.rst +++ b/doc/gettingstarted-config.rst @@ -60,8 +60,8 @@ For more details look at the :ref:`network configuration `. .. warning:: - On machines with multiple IP addresses on the same interface avoid listening on wildcards ``0.0.0.0`` or ``::``. - Knot Resolver could answer from different IP addresses if the network address ranges overlap, and clients would refuse such a response. + On machines with multiple IP addresses avoid listening on wildcards ``0.0.0.0`` or ``::``. + If a client can be reached through multiple addresses, UDP answers from a wildcard address might pick a wrong source address, and such responses should then get refused. .. _examle-internal: -- 2.47.2