When configuring the DNS Forwarding Service, 'allow-from' is now a required parameter, committing the configuration fails when this is not specified. This is fine, however during my testing only the /32 and /0 network prefix lengths caused the DNS Service to respond. Note I am using and exclusively testing this using an IPv4 network.
When specifying a standard network prefix length to cover the entire network, such as 10.0.0.0/24 or 10.0.0.0/8, it is successfully accepted and commits without errors, however the DNS Forwarding Service does not respond.
When specifying the /32 prefix length, I specified a single private IP address that was on the internal network, the IP address of the client computer I was testing from. When I specified this, that single client computer was able to successfully query the service (as expected).
When specifying the /0 prefix length, using '0.0.0.0/0' the service successfully responds to requests on the local network.
I'm not sure if this is intentional, however I'm thinking it's not. I did not try all network prefixes, however I covered a large handful of common ones I experience, and only /32 and /0 caused the service to respond.
My configuration is as follows:
service { dns { forwarding { allow-from 0.0.0.0/0 cache-size 0 listen-address 10.0.0.131 name-server 1.1.1.1 name-server 8.8.8.8 } } }