Alex
Martin@[email protected]
I need to figure out whether my DNS can also show statistics. I use #knot #kresd as recursive resolver and have the #hblock list included for blocking tracking domains.
Štěpán Škorpil@openalt Tohle řeším taky. Vodafone modem mám v bridge modu, za ním #turris router s veřejnou statickou IPv4 a s tunelovanou IPv6 od #HurricaneElectric.
Dospěl jsem k tomu, že turris sám resolvuje DNS přes #kresd, a u ručně udržovaného seznamu adres odebírá IPv6 adresy z odpovědi a potlačuje DNSSEC.
Dospěl jsem k tomu, že turris sám resolvuje DNS přes #kresd, a u ručně udržovaného seznamu adres odebírá IPv6 adresy z odpovědi a potlačuje DNSSEC.
Well looking up the SOA records for ephapay.net yields nothing. From that I'm going to content that #kresd is being super cautious and I'm kinda shocked the other #dns servers are giving responses for the domain. So now all I need to work out is how to notify them of this issue. I think that is the end of todays "problems with DNS" thread.
5/5
Hmm well the current HEAD of #kresd also fails the lookup but its hard to say from the voluminous debug logs what could the problem be. kresd also fails to resolve the root servers in my local build which could be a problem.
4/x
Doc Edward Morbius ⭕@yojimbo That's what's configured.
There's also a specific request to not cache results for the domains in question.
-- Forward archive.is/archive.fo queries as Cloudflare breaks these.
-- Sun Jun 2 00:43:35 CDT 2019
extraTrees = policy.todnames({'archive.is', 'archive.ph', 'archive.vn', 'archive.fo', 'archive.li', 'archive.md', 'archive.today' })
policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees))
policy.add(
policy.suffix(
policy.STUB('192.168.0.1'), {
-- policy.STUB('8.8.8.8'), {
todname('archive.is'),
todname('archive.ph'),
todname('archive.vn'),
todname('archive.fo'),
todname('archive.li'),
todname('archive.md'),
todname('archive.today')
}
)
)
I'm restarting kresd to test (should clear caches), as well as the upstream. And restarting Android networking (clears Android's own DNS cache).
Still naada.
#DearMastomind I am trying to grok kresd, the Knot Resolver (used on the Turris Omnia) ... and ... am encoutering impenetrable documentation.
If there's anyone famiar with it, my current goals:
- Point specific domains at a specific DNS server.
- Map one domain to another. E.g., youtube.com -> yewtu.be, reddit.com -> teddit.net, etc.
- Assign specific IPs to specific hosts.
https://knot-resolver.readthedocs.io/en/stable/config-overview.html
My other option is to redo my DNS configuration using DNSMasq. Which quite frankly is probably preferable as its documentation and configuration are much more sane.
#kresd #KnotResolver #Turris #Omnia #TurrisOmnia #OpenWRT #DNS #dnsmasq
LeahLass uns die Hälfte der Config an Systemd auslagern, damit wir die Permissions direkt droppen können aber lass es uns nicht dokumentieren. :( Och CZ.NIC #kresd
Doc Edward Morbius ❌If anyone familiar with OpenWRT / Turris and DNS can tell me simply 1) why kresd/knot-resolver is favoured over dnsmasq, 2) if kresd can do what dnsmasq can (particularly as regards various hostlist and being authoritative for domains), and 3) if there's any harm/risk in making dnsmasq the primary DNS resolver/server, I'd appreciate it.
The documentation is less than clear. Czech mate.