3 Pro
2019
3 Pro
'19
15:06
On 12/2/19 7:45 PM, Tomas Krizek wrote:
Are you asking how does Turris configure Knot Resolver
with the ISP's
DNS resolver as a forwarder? That, I don't know, but a proper place to
ask would probably be the Turris forum [2] or support.
I believe that's the default - in any case, you can switch off the
generated forwarding rules by ticking a checkbox in Foris GUI - in DNS tab.
If you uncheck those, you can add your own forwarding; Omnia-specific step:
https://doc.turris.cz/doc/en/public/dns_knot_misc#adding_custom_configurati…
With the policy rules it's e.g. possible to configure kresd to use
policy.PASS on everything in .lan and policy.FORWARD the rest
https://knot-resolver.readthedocs.io/en/stable/modules.html#policy-examples
... but I can't say if such a setup is optimal for you, and it doesn't
address things like reconfiguration when VPN (dis)connects. Generally
I'd say that DNS is best to take from the point where routing happens,
for example prefer local DNS server if the traffic goes without VPN by
default. Otherwise you might e.g. be prone to get sub-optimal
performance of some CDNs.
--Vladimir