knot-resolver-users Duben 2021

knot-resolver-users@lists.nic.cz

4 participants
5 discussions

Knot Resolver - redirect wildcard domain

by Milan Jeskynka Kazatel

Hello, could you please help me with knot resolver configuration in the case when I need to redirect each variation for the domain to some address. e.g. www.example.com, m.example.com, domain.example.com ... like wildcard record *.example.com 10.0.0.50 In my configuration is it handeled by file with static records -- load static records hints.add_hosts('/etc/knot-resolver/static_records.txt') which contains address to be redirected and the domain. 10.0.0.50 1xbet.com 10.0.0.50 thelotter.com 10.0.0.50 webmoneycasino.com 10.0.0.50 betworld.com 10.0.0.50 bosscasino.eu 10.0.0.50 sportingbull.com But I´m not able to handle the correct syntax for a wildcard domain redirection. Best regards, -- Smil Milan Jeskyňka Kazatel

1 rok, 9 měsíců

Disable qname minimization

by Bjoern Franke

Hi, I recently stumbled about the following issue with postfix: DANE TLSA lookup problem: Host or domain name not found. Name service error for name=_25._tcp.smtp-relay-in-s1.neusta.de type=TLSA: Host not found, try again Postfix uses knot-resolver and I found [1] as a possible similar issue with unbound. I would like to test if the issue persists with disabled qname minimization, but it seems to be no configurale option. Kind Regards Bjoern [1] http://postfix.1071664.n5.nabble.com/Mail-deferred-TLSA-lookup-error-td1074…

3 roky, 11 měsíců

Writing a module to forward a query to another nameserver if recursive resolution fails

by Paul Furtado

Hello, We operate recursive resolvers in our network in AWS and from within the AWS network there are certain authoritative nameservers that block large swaths of the AWS IP range, causing resolution to fail for us. So I'm attempting to write a module that will handle failures reaching external resolvers and retry the query by forwarding it to a major resolver like cloudflare DNS. We push a ton of DNS query traffic so we do not want to simply forward to a public resolver, we only want to forward if recursion doesn't work for some reason. I've poured through the documentation and source code and tried to hook a variety of places, but I can't seem to find a good spot to hook the request failure. The finish layer allows me to hook the SERVFAIL, but by then it is too late to do anything. Using a simple policy, I was actually able to do something close by calling ensure_answer(), clearing the answer, setting the same forwarding flags as the forward policy, and then calling ensure_answer() again and I could see the query getting sent to cloudflare, so it seems like this is possible, but at the policy level it's too early to know if a query will result in a SERVFAIL. Could anyone point me in the right direction here? Thank you! Paul

3 roky, 11 měsíců

Any "gothcas" going from 2.65 to 3.04 I should know about?

by Chris

Hi. Moving a couple of our servers to new hardware, and taking that opportunity to upgrade some of the services at the same time. The main one being knot. Moving from a 2.65 context to 3.04. I've read the upgrade doc, and while there isn't a 2.65 --> 3.04. It appears for our environment that the changed/removed stanzas won't have much of an impact *except* as they relate to the database. That is; it appears that it isn't going to be a smooth transition, as they appear to be incompatible. Is that right? Do I need to rewrite all the keys && serials, and start from scratch? If so, as we have a huge number of domains, this will be an enormous task. Is this avoidable? Thank you for any and all insight into this transition. --Chris

4 roky

stats.upstreams() metrics in prometheus /metrics http output?

by Roman Kuzmitskii

hello, is there a way to output metrics about requests sent to upstreams and their information in prometheus /metrics output? been trying to find info and there seem to be no documentation about that functionality. sources mention dedicated /upstreams endpoint https://gitlab.nic.cz/knot/knot-resolver/-/blob/master/modules/http/prometh… but /upstreams returns empty list. currently trying to run this config: modules = { 'hints > iterate', 'stats', 'predict', 'http', } net.listen('0.0.0.0', 53, { kind = 'dns' }) net.listen('0.0.0.0', 9053, { kind = ‘webmgmt' }) cache.size = 256 * MB cache.storage = "lmdb:///dev/shm/knot-resolver” policy.add( policy.all( policy.TLS_FORWARD({ {'1.1.1.1', hostname='cloudflare-dns.com' }, {'1.0.0.1', hostname='cloudflare-dns.com' }, }) ) ) is there a way to get upstreams info? running modules.load('stats’) and then stats.upstreams() from ‘runtime’ configuration returns upstream request details like described here https://knot-resolver.readthedocs.io/en/stable/modules-stats.html thanks

4 roky

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-users Duben 2021