Allowed IP rules not work？

[cwyin7788]

Output of the following commands:

./dnscrypt-proxy -version

2.1.1

./dnscrypt-proxy -check

nothing show

./dnscrypt-proxy -resolve example.com

Resolving [example.com] using [::1] port 53

Resolver      : 45.153.187.96

Canonical name: example.com.

IPv4 addresses: 93.184.216.34
IPv6 addresses: 2606:2800:220:1:248:1893:25c8:1946

Name servers  : b.iana-servers.net., a.iana-servers.net.
DNSSEC signed : yes
Mail servers  : 1 mail servers found

HTTPS alias   : -
HTTPS info    : -

Host info     : -
TXT records   : wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn, v=spf1 -all

What is affected by this bug?

I'm not sure this is a bug, let me describe the problem,I want to use IP white list, dnscrypt-proxy only works with the IP I specify, so I refer to "example-allowed-ips.txt" format, create a file call "allowed-ips.txt"

looks like this:

##############################
#   Allowed IPs List         #
##############################

123.123.0.1
123.123.0.2
123.123.0.3
123.123.0.4
123.123.0.5
127.0.0.1

I put this settings under config file, dnscrypt-proxy.toml,

[allowed_ips]

allowed_ips_file = '/opt/dnscrypt-proxy/allowed-ips.txt'

and I see this file already loaded in "service dnscrypt-proxy status"

Jun 08 01:24:26 ubuntu dnscrypt-proxy[72563]: Loading the set of allowed IP rules from [/opt/dnscrypt-proxy/allowed-ips.txt]

=============

Is the allowed-ips.txt means, only 123.123.0.1 - 123.123.0.5 and 127.0.0.1，can use dnscrypt-proxy udp port 53？

Am I understanding wrong?

but when this txt loaded, I try to use another VPS, IP such as，234.234.0.1 / 234.234.0.2, use dig & nslookup, test the dnscrypt-proxy udp port 53, it can successfully resolve the domain name

and I under openresolver.com，test my dnscrypt-proxy server IP，it show this error "Open recursive resolver detected on XXX.XXX.XXX.XXX",

that's mean, my dnscrypt-proxy udp 53, can be able to attacked by DNS Amplification Attacks

When does this occur?

Always

Where does it happen?

dnscrypt-proxy server

Expected behavior (i.e. solution)

If I understand the purpose of allowed-ips.txt correctly, I hope that only the IPs in "allowed-ips.txt" can use my dnscrypt-proxy udp:53, make a whitelist effect

If I understand wrong, the purpose of allowed-ips.txt is not what I thought, please also tell me what its purpose is? I don't understand the description of the documentation

thanks

[jedisct1]

[allowed_ips] is the[blocked_ips] counterpart.

If a DNS response returns the 128.66.1.4 IP address and 126.66.* is blocked, it's still possible to allow 128.66.1.4 by adding it to the allowed_ips list.