Artem Boldariev 5ed3a76f9d BIND: Add 'allow-proxy' and 'allow-proxy-on' options ... The main intention of PROXY protocol is to pass endpoints information to a back-end server (in our case - BIND). That means that it is a valid way to spoof endpoints information, as the addresses and ports extracted from PROXYv2 headers, from the point of view of BIND, are used instead of the real connection addresses. Of course, an ability to easily spoof endpoints information can be considered a security issue when used uncontrollably. To resolve that, we introduce 'allow-proxy' and 'allow-proxy-on' ACL options. These are the only ACL options in BIND that work with real PROXY connections addresses, allowing a DNS server operator to specify from what clients and on which interfaces he or she is willing to accept PROXY headers. By default, for security reasons we do not allow to accept them.		2023-12-06 15:15:25 +02:00
..
include	Reformat sources with up-to-date clang-format-17	2023-11-13 16:52:35 +01:00
aclconf.c	Add 'proxy' option to 'listen-on' statement	2023-12-06 15:15:25 +02:00
check.c	BIND: Add 'allow-proxy' and 'allow-proxy-on' options	2023-12-06 15:15:25 +02:00
dnsconf.c	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
duration.c	Remove do-nothing header <isc/print.h>	2023-02-15 16:44:47 +00:00
kaspconf.c	CID 469729: Remove leftover return call	2023-12-06 10:51:15 +01:00
log.c	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
Makefile.am	Move bind9/check to isccfg/check	2023-02-17 12:13:37 +00:00
namedconf.c	BIND: Add 'allow-proxy' and 'allow-proxy-on' options	2023-12-06 15:15:25 +02:00
parser.c	Apply the isc_mem_cget semantic patch	2023-08-31 22:08:35 +02:00
tests	Move all the unit tests to /tests/<libname>/	2022-05-28 14:53:02 -07:00