Page MenuHomePhabricator

DNS Forwarding Services not responding with Allow-From
Open, Requires assessmentPublicBUG

Description

When configuring the DNS Forwarding Service, 'allow-from' is now a required parameter, committing the configuration fails when this is not specified. This is fine, however during my testing only the /32 and /0 network prefix lengths caused the DNS Service to respond. Note I am using and exclusively testing this using an IPv4 network.

When specifying a standard network prefix length to cover the entire network, such as 10.0.0.0/24 or 10.0.0.0/8, it is successfully accepted and commits without errors, however the DNS Forwarding Service does not respond.

When specifying the /32 prefix length, I specified a single private IP address that was on the internal network, the IP address of the client computer I was testing from. When I specified this, that single client computer was able to successfully query the service (as expected).

When specifying the /0 prefix length, using '0.0.0.0/0' the service successfully responds to requests on the local network.

I'm not sure if this is intentional, however I'm thinking it's not. I did not try all network prefixes, however I covered a large handful of common ones I experience, and only /32 and /0 caused the service to respond.

My configuration is as follows:

service {
	dns {
		forwarding {
			allow-from 0.0.0.0/0
			cache-size 0
			listen-address 10.0.0.131
			name-server 1.1.1.1
			name-server 8.8.8.8
		}
	}
}

Details

Difficulty level
Unknown (require assessment)
Version
1.2-rolling-201909260118
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

DWilly92 created this task.Sep 27 2019, 2:26 AM
pasik added a subscriber: pasik.Sep 27 2019, 6:45 PM