v.24.9Improvement
New DNS Options for Blocking IP Family Connections
Two options (dns_allow_resolve_names_to_ipv4anddns_allow_resolve_names_to_ipv6) have been added, to allow block connections ip family. #66895 (MikhailBurdukov).
Why it matters
These options allow users to restrict DNS name resolution to either IPv4 or IPv6 addresses, preventing connections from undesired IP families. This improves security and network configuration flexibility by enabling fine-grained control over which IP protocols ClickHouse will use for DNS resolutions.How to use it
Set the boolean optionsdns_allow_resolve_names_to_ipv4 and/or dns_allow_resolve_names_to_ipv6 in the ClickHouse server configuration or query settings to enable or disable DNS resolution for IPv4 and IPv6 addresses respectively.