Hello.
In case you're using our upstream repositories for Debian or Ubuntu, as
suggested on https://www.knot-resolver.cz/download/
you'll be running into their signing key expiring since today. As we
didn't update it in time, you'll have to update it manually by re-running:
wgethttps://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
dpkg -i knot-resolver-release.deb
Ticket: https://gitlab.nic.cz/knot/knot-resolver/-/issues/747
We also forgot to add Ubuntu 22.04, so that is fixed now, too.
--Vladimir
Hello,
could you please help me with knot resolver configuration in the case when I
need to redirect each variation for the domain to some address.
e.g.
www.example.com, m.example.com, domain.example.com ...
like wildcard record
*.example.com 10.0.0.50
In my configuration is it handeled by file with static records
-- load static records
hints.add_hosts('/etc/knot-resolver/static_records.txt')
which contains address to be redirected and the domain.
10.0.0.50 1xbet.com
10.0.0.50 thelotter.com
10.0.0.50 webmoneycasino.com
10.0.0.50 betworld.com
10.0.0.50 bosscasino.eu
10.0.0.50 sportingbull.com
But I´m not able to handle the correct syntax for a wildcard domain
redirection.
Best regards,
--
Smil Milan Jeskyňka Kazatel
Hello,
it's me again :) I just want to make sure if behaviour of Knot
Resolver is correct.
I implemented DDR mechanism to discover DoH / DoT DNS servers. My
Macbook with Ventura successfully discovered DoH server and started to
use it.
But: Knot Resolver sends 10 seconds after establishing FIN,ACK packet
and connection is correctly closed. From this moment, Macbook starts
to use DNS over UDP again and will retry DoH connection after 10-30s
later. Then it uses DoH server again for 10 seconds ....
Is this behaviour correct? Should Macbook sends some keepalive
messages to prevent connection closing? Or should Macbook reopen DoH
connection more quickly?
Thanks,
Blažej
Hello,
is there any correct way how to do query policy based on destination
IP (IP which processed the query)? Like view:addr but on the dst
address.
I found that function view.addr(_, subnet, rules, dst) contains DST
parameter but I'm not sure how to use it.
I also found function view.rule_dst(action, subnet) but still get errors:
error: /usr/lib/knot-resolver/kres_modules/view.lua:103: attempt to
index local 'req' (a number value)
Thanks
Blažej
Hi there,
I'm trying to implement SVCB record "_dns.resolver.arpa" for DDR
mechanism for our AS50242 recursive resolvers.
When I look on Cloudflare or Google implementation, they answer with
"ADDITIONAL SECTION" also.
kdig _dns.resolver.arpa @8.8.8.8 type64
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 61402
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 4
;; QUESTION SECTION:
;; _dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 86400 IN SVCB 1 dns.google. alpn=dot
_dns.resolver.arpa. 86400 IN SVCB 2 dns.google. alpn=h2,h3
key7="/dns-query{?dns}"
;; ADDITIONAL SECTION:
dns.google. 86400 IN A 8.8.8.8
dns.google. 86400 IN A 8.8.4.4
dns.google. 86400 IN AAAA 2001:4860:4860::8888
dns.google. 86400 IN AAAA 2001:4860:4860::8844
In Knot Resolver documentation is an example how to answer for SVCB
request but without addition section.
policy.add(
policy.domains(
policy.ANSWER(
{ [kres.type.SVCB] = { rdata=kres.parse_rdata({
'SVCB 1 resolver.example. alpn=dot ipv4hint=192.0.2.1
ipv6hint=2001:db8::1',
'SVCB 2 resolver.example. mandatory=key65380 alpn=h2
key65380=/dns-query{?dns}',
}), ttl=5 } }
), { todname('_testing.domain') }))
Can anyone help me, how to add additional section to answer? Do we
need to use policy.custom_action(state, request)?
Thanks!
Blažej
