From e1b456ed2846da1874ed2e07c5d5bb3fb8272312 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 16 Nov 2024 14:11:34 +0530 Subject: [PATCH] webapp: updated html for new reverse proxy network acl option. Other minor changes done. --- DnsServerCore/www/index.html | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index eb46ea3f..15d9d16f 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -1011,7 +1011,7 @@
- +
Enter IP addresses or network addresses one below another that are allowed to perform zone transfer for all zones without any TSIG authentication.
@@ -1019,7 +1019,7 @@
- +
Enter IP addresses or network addresses one below another that are allowed to Notify all Secondary Zones.
@@ -1189,7 +1189,7 @@
- +
Enter IP addresses or network addresses one below another that are allowed to bypass the QPM limit.
@@ -1360,21 +1360,21 @@ Enable DNS-over-UDP-PROXY
-
Enable this option to accept DNS-over-UDP-PROXY requests. It implements the PROXY Protocol for both version 1 & 2 over UDP datagram and will work only on private networks.
+
Enable this option to accept DNS-over-UDP-PROXY requests. It implements the PROXY Protocol for both version 1 & 2 over UDP datagram. Configure Reverse Proxy Network ACL below to allow only requests coming from your reverse proxy server.
-
Enable this option to accept DNS-over-TCP-PROXY requests. It implements the PROXY Protocol for both version 1 & 2 over TCP connection and will work only on private networks.
+
Enable this option to accept DNS-over-TCP-PROXY requests. It implements the PROXY Protocol for both version 1 & 2 over TCP connection. Configure Reverse Proxy Network ACL below to allow only requests coming from your reverse proxy server.
-
Enable this option to accept DNS-over-HTTP requests. It must be used with a TLS terminating reverse proxy like nginx and will work only on private networks. Enabling this option also allows automatic TLS certificate renewal with HTTP challenge (webroot) for DNS-over-HTTPS service when DNS-over-HTTP port is set to 80.
+
Enable this option to accept DNS-over-HTTP requests. It must be used with a TLS terminating reverse proxy like nginx. Configure Reverse Proxy Network ACL below to allow only requests coming from your reverse proxy server. Enabling this option also allows automatic TLS certificate renewal with HTTP challenge (webroot) for DNS-over-HTTPS service when DNS-over-HTTP port is set to 80.
+
+ +
+ +
+
Configure the ACL above to allow only requests coming from your reverse proxy server for DNS-over-UDP-PROXY, DNS-over-TCP-PROXY, and DNS-over-HTTP protocols. Enter IP addresses or network addresses one below another to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all.
+
+
@@ -1826,7 +1834,7 @@
- +
Enter IP addresses or network addresses one below another that are allowed to bypass blocking.
@@ -5941,7 +5949,7 @@ ns1.example.com ([2001:db8::])
- +
@@ -6043,7 +6051,7 @@ ns1.example.com ([2001:db8::])
- +