Hello,
I am trying to use a DNS lookup in an ACL e.x. something like this in a frontend
frontend frontend_443
bind 192.168.0.4
acl allowedToAccess src aws.com
use_backend backend_443 if allowedToAccess
backend backend_443
server backend_server 192.168.0.5
It seems like HAPROXY only resolves one of the A records, and whichever IP that ends up being, will be able to access, but any other A record IP’s will not be able to.
To better illustrate, if the DNS query returns the below
; <<>> DiG 9.18.24 <<>> a aws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4973
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;aws.com. IN A
;; ANSWER SECTION:
aws.com. 60 IN A 18.165.25.45
aws.com. 60 IN A 18.165.25.92
aws.com. 60 IN A 18.165.25.103
aws.com. 60 IN A 18.165.25.20
;; Query time: 88 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Feb 28 11:45:35 EST 2024
;; MSG SIZE rcvd: 100
Only this host will be able to access the service:
aws.com. 60 IN A 18.165.25.45
None of the other IP’s will be able to.
Is there a correct way of doing this, or is this correct, and just not working?
Thank you,
Matt