Hello, Vladimír

Thank you for answering.

As you say, adding policy.del(0) no longer gets blocked.

However, it is as follows and ANSWER is not returned.

kometch@dns02:/etc/knot-resolver$ drill -x 192.168.122.223

;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 9431

;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;; 223.122.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:

;; AUTHORITY SECTION:

168.192.in-addr.arpa. 604566 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 1 604800 60 604800 604800

;; ADDITIONAL SECTION:

Do you use view and so on to reverse the 192.168.122.0/24?

I am sorry about all the questions.

Best regards.

On 2017/04/18 17:33:08, Vladimír Čunát <vladimir.cunat@nic.cz> wrote:
Hello.

On 04/14/2017 04:02 PM, Horigome Yoshihito wrote:
> I set it up as below and forward it to kometch.local of the internal
> domain which is the stub zone, but when reverse lookup it will be
> output as block. [...]

The problem there is that the policy module contains an implicit rule
that blocks reverse queries to private zones (e.g. 192.168.*.*). You
can remove that rule by adding a line `policy.del(0)` to your config.

--Vladimir