| Option | IP_FILTER_RDNS_SERVER | |
| Description |
IP filter for filtering which DNS servers may be specified in the
rdns() function or
reverseDns() function.
| |
| Introduced Version | 1.37 | |
IP filter for filtering which DNS servers may be specified in
the rdns() function or
reverseDns() function.
The syntax of these list is a sequence, separated by newlines or
;, of
allow or
deny actions, along with a
CIDR block or all. An IP
address is allowed or denied by finding the first match and
applying the corresponding action. The
all value matches any
IP-address (i.e., IPv4 or IPv6).
Note
This only restricts what value may be specified - if no server
is specified then the system default or the one specified by
RDNS_DEFAULT_SERVER will be used irrespective
of whether it is blocked by this filter.
For example, here we restrict the server to
8.8.8.8 and
1.1.1.1 and deny all
others.
IP_FILTER_RDNS_SERVER=allow 8.8.8.8; allow 1.1.1.1; deny all
RDNS defaults to denying lookups of reserved IP ranges. The
filter also denies additional reserved IP ranges, as specified
by the IANA, by default. Self-hosted administrators can specify
their own filters by using the environment variables
IP_FILTER_IDP, IP_FILTER_RDNS, and
IP_FILTER_RDNS_SERVER respectively.