Turris projectOur #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!
@DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉
Oto ŠťávaTurns out I never posted this, even though it's been out for some time.
During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)
https://en.blog.nic.cz/2024/09/11/layered-protocols-or-the-big-i-o-rewrite-of-knot-resolver-6/
Late Night OwlDid someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.
My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!
https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/
#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting
nysosFeel free to use my DNS box for adfiltered & fast DNS during the congress: 151.217.1.205
Frederik
B1 Systems GmbHNeu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: https://blog.b1-systems.de/verschlusseltes-dns-selber-machen-teil-2
#DoT #DoH #knotresolver #Debian #Bullseye
Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: https://blog.b1-systems.de/verschlusseltes-dns-selber-machen-teil-2
#DoT #DoH #knotresolver #Debian #Bullseye
Doc Edward Morbius ⭕@yojimbo That's what's configured.
There's also a specific request to not cache results for the domains in question.
-- Forward archive.is/archive.fo queries as Cloudflare breaks these.
-- Sun Jun 2 00:43:35 CDT 2019
extraTrees = policy.todnames({'archive.is', 'archive.ph', 'archive.vn', 'archive.fo', 'archive.li', 'archive.md', 'archive.today' })
policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees))
policy.add(
policy.suffix(
policy.STUB('192.168.0.1'), {
-- policy.STUB('8.8.8.8'), {
todname('archive.is'),
todname('archive.ph'),
todname('archive.vn'),
todname('archive.fo'),
todname('archive.li'),
todname('archive.md'),
todname('archive.today')
}
)
)
I'm restarting kresd to test (should clear caches), as well as the upstream. And restarting Android networking (clears Android's own DNS cache).
Still naada.
#DearMastomind I am trying to grok kresd, the Knot Resolver (used on the Turris Omnia) ... and ... am encoutering impenetrable documentation.
If there's anyone famiar with it, my current goals:
- Point specific domains at a specific DNS server.
- Map one domain to another. E.g., youtube.com -> yewtu.be, reddit.com -> teddit.net, etc.
- Assign specific IPs to specific hosts.
https://knot-resolver.readthedocs.io/en/stable/config-overview.html
My other option is to redo my DNS configuration using DNSMasq. Which quite frankly is probably preferable as its documentation and configuration are much more sane.
#kresd #KnotResolver #Turris #Omnia #TurrisOmnia #OpenWRT #DNS #dnsmasq