Limit Queries to specific IPs?

[ColinShark]

Hi there,

I'm currently using CoreDNS on Version 1.6.2 to be able to connect to my dedicated Minecraft Bedrock Server with my Nintendo Switch (as it isn't possible without DNS manipulation).

I have now received an email from the Federal Office for Security in Information Technology in Germany, as my resolver is recursively answering queries from all IP addresses.

How can I limit source IP addresses that are allowed to query my DNS?

My current Corefile is as follows:

.:9999 {
    rewrite name exact mco.lbsg.net <IP of my MC server>
    log
    forward . tls://9.9.9.9 {
        tls_servername dns.quad9.net
        health_check 5s
    }
}

[chrisohaver]

I dont have the whole picture, but it seems you're running coredns on a system that has a public interface, so you'd want to run coredns so it only listens on the private interface. You can do this with the bind plugin.

To answer your question about client IP ACL function:

There is the external firewall plugin in coredns/policy. It can be used to provide source ip ACL function.

There is also PR #3103, not merged yet, but I expect it should be soon. It provides a simpler ACL function.

[miekg]

The new acl (soon to be merged) or bind plugin can help. Closing.