Hello,
I was using Knot resolver 5 with configuration where I was replacing some parts of DNS
tree
(
https://knot-resolver.readthedocs.io/en/latest/modules-policy.html#replacin…).
Since I updated to Knot Resolver 6 and rewrite configuration to YAML using forward
directive
(
https://www.knot-resolver.cz/documentation/latest/config-forward.html#forwa…) it
seems that this configuration is not working as planned. After short time Knot Resolver
started responding to replaced part of tree as NXDOMAIN.
Is this behavior intended, or is it some unintended bug?
Configuration for v6 was:
forward:
# Internal Domains
- subtree:
- internal.corp
- 10.in-addr.arpa
servers:
- 10.3.0.102
- 10.3.0.103
options:
authoritative: false
dnssec: false
I've tried to find if I do have something misconfigured, but without any luck. I have
only a theory - in docs, it states like this: "Forwarding configuration instructs
resolver to forward cache-miss queries from clients to manually specified DNS
resolvers". Can the real reason of malfunction be, that Knot resolver 6 uses
information from cache BEFORE it even tries to forward the query?
Since I am not sure how Knot resolver handles these rules internally, it is only theory.
Is there any correct way to replicate behavior from Knot Resolver 5? My config in v5 was:
internalDomains = policy.todnames({
'10.in-addr.arpa',
'mydomain.corp'
})
policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), internalDomains))
policy.add(policy.suffix(policy.STUB({
'10.3.0.102',
'10.3.0.103'
}), internalDomains))
Regards,
Jiri Masek