Skip to content

Allow staging network to request internal dns

A removal of a too inclusive NAT rule on the firewall now exposes the real ip of the staging servers (they were seen as the gateway). They must be explicitly allowed to request the dns.

Test Plan

octocatalog-diff on pergamon

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  Bind::View[private] =>
   parameters =>
     match_clients =>
      - ["192.168.100.0/24", "192.168.101.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
      + ["192.168.100.0/24", "192.168.101.0/24", "192.168.130.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
*******************************************
  Concat::Fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -4,4 +4,5 @@
                192.168.100.0/24;
                192.168.101.0/24;
      +         192.168.130.0/24;
                192.168.200.0/21;
                127.0.0.0/8;
*******************************************
  Concat_fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -4,4 +4,5 @@
                192.168.100.0/24;
                192.168.101.0/24;
      +         192.168.130.0/24;
                192.168.200.0/21;
                127.0.0.0/8;
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

Migrated from D4693 (view on Phabricator)

Merge request reports