[PR #3488] Add client allow-listing #3888

New issue

Open

opened 2026-03-16 12:08:07 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 12:08:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/3488
Author: @Cyberax
Created: 3/9/2026
Status: 🔄 Open

Base: main ← Head: feat/submit-allowlist

📝 Commits (1)

a8f4910 Add client allow-listing

📊 Changes

7 files changed (+366 additions, -12 deletions)

View changed files

📝 bin/src/config/mod.rs (+6 -0)
📝 bin/src/config/tests.rs (+32 -0)
📝 bin/src/lib.rs (+9 -1)
📝 crates/server/src/zone_handler/catalog.rs (+79 -10)
📝 tests/integration-tests/tests/integration/catalog_tests.rs (+188 -1)
➕ tests/test-data/test_configs/example_client_acl.toml (+23 -0)
📝 tests/test-data/test_configs/example_recursor.toml (+29 -0)

📄 Description

Hickory supports limiting servers using the classic ACL approach of allow/deny lists. However, it does not allow limiting clients.

This is extremely important for servers that work both as recursive resolvers and authoritative servers, otherwise open recursive resolvers get abused by all kinds of bots trying to work around geoblocks.

AI disclosure: the code was written by me (a human). AI was used for basic autocomplete.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/3488 **Author:** [@Cyberax](https://github.com/Cyberax) **Created:** 3/9/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat/submit-allowlist` --- ### 📝 Commits (1) - [`a8f4910`](https://github.com/hickory-dns/hickory-dns/commit/a8f49102c3bf8745a348dfb59f9b06d7915f6810) Add client allow-listing ### 📊 Changes **7 files changed** (+366 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `bin/src/config/mod.rs` (+6 -0) 📝 `bin/src/config/tests.rs` (+32 -0) 📝 `bin/src/lib.rs` (+9 -1) 📝 `crates/server/src/zone_handler/catalog.rs` (+79 -10) 📝 `tests/integration-tests/tests/integration/catalog_tests.rs` (+188 -1) ➕ `tests/test-data/test_configs/example_client_acl.toml` (+23 -0) 📝 `tests/test-data/test_configs/example_recursor.toml` (+29 -0) </details> ### 📄 Description Hickory supports limiting _servers_ using the classic ACL approach of allow/deny lists. However, it does not allow limiting _clients_. This is extremely important for servers that work both as recursive resolvers and authoritative servers, otherwise open recursive resolvers get abused by all kinds of bots trying to work around geoblocks. AI disclosure: the code was written by me (a human). AI was used for basic autocomplete. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>