andrijapanicsb commented on a change in pull request #131: URL: https://github.com/apache/cloudstack-documentation/pull/131#discussion_r432540605
########## File path: source/releasenotes/about.rst ########## @@ -33,29 +34,41 @@ Apache CloudStack |release| is a |version| LTS release with over 15 major new fe • Enable additional configuration metadata to virtual machines -The full list of new features can be found in the project release notes at http://docs.cloudstack.apache.org/en/4.14.0.0/releasenotes/changes.html +The full list of new features can be found in the project release notes at +http://docs.cloudstack.apache.org/en/4.14.0.0/releasenotes/changes.html -.. note:: +.. important:: This version of CloudStack allows control over the visibility of the DNS services provided - by the Virtual Router. One can control whether the service on the routers be available to - networks outside the local network. This might be important on Shared Networks which are - using Internet routable/public (i.e. non-RFC 1918) IP addresses. The new global setting - "expose.dns.externally" has been added with a default value of "true" in order to keep backward compatibility - with the previous installations. If you wish to disable public access to the DNS services - running on Virtual Router, set the value to "false" and recreate the related Virtual Routers. + by the Virtual Router in Shared networks. By default CloudStack allows DNS queries via the + Guest interface from any IP address. This allows for the DNS resolution of guest VMs on the + Shared network by services outside of the shared network. While this can be useful, it can + also be an issue on Shared Networks which are using Internet routable/public (i.e. non-RFC1918) + IP addresses as the DNS service is then queriable from the public internet at large. A new + global setting "expose.dns.externally" has been added (with a default value of "true" in + order to keep backward compatibility) which limits the source of DNS queries to hosts on the Review comment: ```suggestion order to keep backward compatibility) which does not limit the source of DNS queries to hosts on the ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
