dns: fixed issue that could cause a DOS attach (via DNS amplification)

ITD's router was setting teh IP of all external traffic as 193.1.99.65, which was part of the 193.1.99.64/26 subnet.
The fix is to explisitly list all our IP's
This commit is contained in:
silver 2023-05-05 14:40:27 +01:00
parent d750b046d1
commit 5579de7e7c

View file

@ -106,7 +106,83 @@ in {
# this server itself # this server itself
"127.0.0.0/24" "127.0.0.0/24"
# all of skynet can use this as a resolver # all of skynet can use this as a resolver
/*
Origianl idea, however all external traffic had the ip of the router
"193.1.99.64/26" "193.1.99.64/26"
So to fix this we need to allow smaller ranges? - Didnt work
Fallback is explisitly listing each ip we have
*/
"193.1.99.71/32"
"193.1.99.72/32"
"193.1.99.73/32"
"193.1.99.71/32"
"193.1.99.74/32"
"193.1.99.75/32"
"193.1.99.76/32"
"193.1.99.77/32"
"193.1.99.78/32"
"193.1.99.79/32"
"193.1.99.80/32"
"193.1.99.81/32"
"193.1.99.82/32"
"193.1.99.83/32"
"193.1.99.81/32"
"193.1.99.84/32"
"193.1.99.85/32"
"193.1.99.86/32"
"193.1.99.87/32"
"193.1.99.88/32"
"193.1.99.89/32"
"193.1.99.90/32"
"193.1.99.91/32"
"193.1.99.92/32"
"193.1.99.93/32"
"193.1.99.91/32"
"193.1.99.94/32"
"193.1.99.95/32"
"193.1.99.96/32"
"193.1.99.97/32"
"193.1.99.98/32"
"193.1.99.99/32"
"193.1.99.100/32"
"193.1.99.101/32"
"193.1.99.102/32"
"193.1.99.103/32"
"193.1.99.101/32"
"193.1.99.104/32"
"193.1.99.105/32"
"193.1.99.106/32"
"193.1.99.107/32"
"193.1.99.108/32"
"193.1.99.109/32"
"193.1.99.110/32"
"193.1.99.111/32"
"193.1.99.112/32"
"193.1.99.113/32"
"193.1.99.111/32"
"193.1.99.114/32"
"193.1.99.115/32"
"193.1.99.116/32"
"193.1.99.117/32"
"193.1.99.118/32"
"193.1.99.119/32"
"193.1.99.120/32"
"193.1.99.121/32"
"193.1.99.122/32"
"193.1.99.123/32"
"193.1.99.121/32"
"193.1.99.124/32"
"193.1.99.125/32"
"193.1.99.126/32"
]; ];
zones = { zones = {