From 5579de7e7cf0cad8ce1e7ec6163daebd7cedb854 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Fri, 5 May 2023 14:40:27 +0100
Subject: [PATCH] dns: fixed issue that could cause a DOS attach (via DNS
 amplification)

ITD's router was setting teh IP of all external traffic as 193.1.99.65, which was part of the 193.1.99.64/26 subnet.
The fix is to explisitly list all our IP's
---
 applications/dns.nix | 76 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/applications/dns.nix b/applications/dns.nix
index 1aa12a4..9d5b05f 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -106,7 +106,83 @@ in {
         # this server itself
         "127.0.0.0/24"
         # all of skynet can use this as a resolver
+        /*
+        Origianl idea, however all external traffic had the ip of the router
         "193.1.99.64/26"
+
+        So to fix this we need to allow smaller ranges? - Didnt work
+        Fallback is explisitly listing each ip we have
+        */
+
+        "193.1.99.71/32"
+        "193.1.99.72/32"
+        "193.1.99.73/32"
+        "193.1.99.71/32"
+        "193.1.99.74/32"
+        "193.1.99.75/32"
+        "193.1.99.76/32"
+        "193.1.99.77/32"
+        "193.1.99.78/32"
+        "193.1.99.79/32"
+
+        "193.1.99.80/32"
+        "193.1.99.81/32"
+        "193.1.99.82/32"
+        "193.1.99.83/32"
+        "193.1.99.81/32"
+        "193.1.99.84/32"
+        "193.1.99.85/32"
+        "193.1.99.86/32"
+        "193.1.99.87/32"
+        "193.1.99.88/32"
+        "193.1.99.89/32"
+
+        "193.1.99.90/32"
+        "193.1.99.91/32"
+        "193.1.99.92/32"
+        "193.1.99.93/32"
+        "193.1.99.91/32"
+        "193.1.99.94/32"
+        "193.1.99.95/32"
+        "193.1.99.96/32"
+        "193.1.99.97/32"
+        "193.1.99.98/32"
+        "193.1.99.99/32"
+
+
+        "193.1.99.100/32"
+        "193.1.99.101/32"
+        "193.1.99.102/32"
+        "193.1.99.103/32"
+        "193.1.99.101/32"
+        "193.1.99.104/32"
+        "193.1.99.105/32"
+        "193.1.99.106/32"
+        "193.1.99.107/32"
+        "193.1.99.108/32"
+        "193.1.99.109/32"
+
+        "193.1.99.110/32"
+        "193.1.99.111/32"
+        "193.1.99.112/32"
+        "193.1.99.113/32"
+        "193.1.99.111/32"
+        "193.1.99.114/32"
+        "193.1.99.115/32"
+        "193.1.99.116/32"
+        "193.1.99.117/32"
+        "193.1.99.118/32"
+        "193.1.99.119/32"
+
+        "193.1.99.120/32"
+        "193.1.99.121/32"
+        "193.1.99.122/32"
+        "193.1.99.123/32"
+        "193.1.99.121/32"
+        "193.1.99.124/32"
+        "193.1.99.125/32"
+        "193.1.99.126/32"
+
       ];
 
       zones = {