15 Říj
2016
15 Říj
'16
18:59
As a lazy slacker I do wonder about such a
knot-in-a-nutshell-for-tor-exit-relay-operator-dummies doc ?
;)
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
15 Říj
15 Říj
19:01
I don't know of any, but I would be certainly happy
to help you write such doc. What are the requirements?
The Debian package might be a good start - it starts
unprivileged (using systemd socket activation) and
it keeps the DNS cache in /run/knot-resolver/, so
themachine restart forgets all the cached records.
O.
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Toralf Förster"
<toralf.foerster(a)gmx.de>
To: "knot-dns-users" <knot-dns-users(a)lists.nic.cz>
Sent: Saturday, 15 October, 2016 18:59:00
Subject: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache
for a Tor exit relay ?
As a lazy slacker I do wonder about such a
knot-in-a-nutshell-for-tor-exit-relay-operator-dummies doc ?
;)
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
20:10
On 10/15/2016 07:01 PM, Ondřej Surý wrote:
What are the requirements?
Hi Ondřej,
I'm looking for a short generic description. For dnsmasq I do have a short 5-step list
compiled in [1] and was wondering, if it would be easy too to use knot instead of
dnsmasq.
The background is that at the mailing lists and in the Tor wiki a lot was written about
bind and ubound but I do like diversity and/or lightweight solutions.
[1] https://zwiebeltoralf.de/torserver.html
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
20:58
Hi,
dnsmasq is caching forwarder, knot resolver is full resolver (but can be
configured as forwarder too).
As in your 5-step list: you have to install it, modify /etc/resolv.conf as
in step 2, and then start it (kresd -k /var/something/root.keys).
If you want to forward to full recursors like 8.8.8.8 then you need to
touch configuration, and do something like:
modules = { 'daf' }
daf.add 'forward 8.8.8.8'
See
http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-application-…
Marek
On 15 October 2016 at 11:10, Toralf Förster <toralf.foerster(a)gmx.de> wrote:
On 10/15/2016 07:01 PM, Ondřej Surý wrote:
What are the requirements?
Hi Ondřej,
I'm looking for a short generic description. For dnsmasq I do have a short
5-step list compiled in [1] and was wondering, if it would be easy too to
use knot instead of dnsmasq.
The background is that at the mailing lists and in the Tor wiki a lot was
written about bind and ubound but I do like diversity and/or lightweight
solutions.
[1] https://zwiebeltoralf.de/torserver.html
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
22:19
On 10/15/2016 08:58 PM, Marek Vavruša wrote:
As in your 5-step list: you have to install it, modify
/etc/resolv.conf
as in step 2, and then start it (kresd -k /var/something/root.keys).
Hhm, not as
easy as dnsmasq I must admit.
The emerged package under Gentoo:
net-dns/knot-2.3.1::gentoo was built with the following:
USE="fastparser -caps -debug -dnstap -doc -idn -systemd" ABI_X86="64"
doesn't have a kresd installed anywhere. After renaming the config file here under
Gentoo and adding few remote DNS servers:
remote:
- id: n1
address: 2a01:4f8:0:a0a1::add@1010
- id: n2
address: 2a01:4f8:0:a102::add@9999
- id: n3
address: 2a01:4f8:0:a111::add@9898
- id: n4
address: 213.133.98.98@53
- id: n5
address: 213.133.99.99@53
- id: n6
address: 213.133.100.100@53
I still get:
mr-fox knot # dig com. any +dnssec
; <<>> DiG 9.10.4-P3 <<>> com. any +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64152
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;com. IN ANY
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 15 22:11:51 CEST 2016
;; MSG SIZE rcvd: 32
So I do wonder how to convince knot to resolve the name ?
BTW adding this :
modules = { 'daf' }
daf.add 'forward 2a01:4f8:0:a0a1::add'
daf.add 'forward 2a01:4f8:0:a102::add'
daf.add 'forward 2a01:4f8:0:a111::add'
gives :
Oct 15 22:18:06 mr-fox knot[4363]: error: config, file '/etc/knot/knot.conf', line
39, item 'modules', value '' (parser failed)
Oct 15 22:18:06 mr-fox knot[4363]: critical: failed to load configuration file
'/etc/knot/knot.conf' (parser failed)
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
23:28
Toralf,
you need knot-resolver (knot-resolver.cz) and not knot-dns (this is the authoritative-only
part).
Cheers,
Ondrej
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Toralf Förster"
<toralf.foerster(a)gmx.de>
To: "Marek Vavruša" <marek(a)vavrusa.com>
Cc: "Ondřej Surý" <ondrej.sury(a)nic.cz>cz>, "knot-dns-users"
<knot-dns-users(a)lists.nic.cz>
Sent: Saturday, 15 October, 2016 22:19:27
Subject: Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS
cache for a Tor exit relay ?
On 10/15/2016 08:58 PM, Marek Vavruša wrote:
As in your 5-step list: you have to install it,
modify /etc/resolv.conf
as in step 2, and then start it (kresd -k /var/something/root.keys).
Hhm, not as
easy as dnsmasq I must admit.
The emerged package under Gentoo:
net-dns/knot-2.3.1::gentoo was built with the following:
USE="fastparser -caps -debug -dnstap -doc -idn -systemd"
ABI_X86="64"
doesn't have a kresd installed anywhere. After renaming the config file here
under Gentoo and adding few remote DNS servers:
remote:
- id: n1
address: 2a01:4f8:0:a0a1::add@1010
- id: n2
address: 2a01:4f8:0:a102::add@9999
- id: n3
address: 2a01:4f8:0:a111::add@9898
- id: n4
address: 213.133.98.98@53
- id: n5
address: 213.133.99.99@53
- id: n6
address: 213.133.100.100@53
I still get:
mr-fox knot # dig com. any +dnssec
; <<>> DiG 9.10.4-P3 <<>> com. any +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64152
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;com. IN ANY
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 15 22:11:51 CEST 2016
;; MSG SIZE rcvd: 32
So I do wonder how to convince knot to resolve the name ?
BTW adding this :
modules = { 'daf' }
daf.add 'forward 2a01:4f8:0:a0a1::add'
daf.add 'forward 2a01:4f8:0:a102::add'
daf.add 'forward 2a01:4f8:0:a111::add'
gives :
Oct 15 22:18:06 mr-fox knot[4363]: error: config, file '/etc/knot/knot.conf',
line 39, item 'modules', value '' (parser failed)
Oct 15 22:18:06 mr-fox knot[4363]: critical: failed to load configuration file
'/etc/knot/knot.conf' (parser failed)
--
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
2958
days inactive
2959
days old
6 comments
3 participants
participants (3)
-
Marek Vavruša -
Ondřej Surý -
Toralf Förster