ansible: allow DNS from the IoT network

author Kristof Provost <kp@FreeBSD.org>

Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)

committer Kristof Provost <kp@FreeBSD.org>

Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)
author Kristof Provost <kp@FreeBSD.org>
Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)
committer Kristof Provost <kp@FreeBSD.org>
Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)
diff --git a/ansible/roles/domotica/templates/disable_dnssec_validation.conf b/ansible/roles/domotica/templates/disable_dnssec_validation.conf

index 9ca4352..8c1262d 100644 (file)
--- a/ansible/roles/domotica/templates/disable_dnssec_validation.conf
+++ b/ansible/roles/domotica/templates/disable_dnssec_validation.conf
@@ -1,2 +1,8 @@
  server:
         val-permissive-mode: yes
+       access-control: 0.0.0.0/0 refuse
+       access-control: ::/0 refuse
+       access-control: 127.0.0.0/8 allow
+       access-control: ::1/128 allow
+       access-control: 172.30.2.0/24 allow
+       interface: 172.30.2.1
author	Kristof Provost <kp@FreeBSD.org>
	Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)
committer	Kristof Provost <kp@FreeBSD.org>
	Tue, 18 Mar 2025 03:09:36 +0000 (04:09 +0100)