These are chat archives for CZ-NIC/knot-resolver

1st
Jan 2019
edoo
@ookangzheng
Jan 01 19:19
Can I allow whitelisted IP/localhost with only port 53, then DROP or REFUSED all incoming
modules = {
    'view',
    'policy',
    'hints > iterate’,
}
net.listen({'::', '0.0.0.0'}, 53)
net.tls("/etc/letsencrypt/live/xxx.com/fullchain.pem", "/etc/letsencrypt/live/xxx.com/privkey.pem")
net.listen({'::', '0.0.0.0'}, 853, {tls = true})
view:addr('127.0.0.1/32@53', policy.all(policy.PASS))
view:addr('::1/64@53', policy.all(policy.PASS))
view:addr('0.0.0.0/0@53', policy.all(policy.DROP))
view:addr('::0/0@53', policy.all(policy.DROP))