diff options
| -rw-r--r-- | plugin/acl/README.md | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/plugin/acl/README.md b/plugin/acl/README.md index 5103018ef..4b34500e4 100644 --- a/plugin/acl/README.md +++ b/plugin/acl/README.md @@ -6,7 +6,13 @@ ## Description -With `acl` enabled, users are able to block or filter suspicious DNS queries by configuring IP filter rule sets, i.e. allowing authorized queries to recurse or blocking unauthorized queries. +With `acl` enabled, users are able to block or filter suspicious DNS queries by configuring IP filter rule sets, i.e. allowing authorized queries or blocking unauthorized queries. + + +When evaluating the rule sets, _acl_ uses the source IP of the TCP/UDP headers of the DNS query received by CoreDNS. +This source IP will be different than the IP of the client originating the request in cases where the source IP of the request is changed in transit. For example: +* if the request passes though an intermediate forwarding DNS server or recursive DNS server before reaching CoreDNS +* if the request traverses a Source NAT before reaching CoreDNS This plugin can be used multiple times per Server Block. |