Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

forward to internal private server? #3

Open
bcookatpcsd opened this issue Jul 14, 2023 · 5 comments
Open

forward to internal private server? #3

bcookatpcsd opened this issue Jul 14, 2023 · 5 comments

Comments

@bcookatpcsd
Copy link

I wanted to try and get started working with grafana.. and your knot-resolver docker image looks great.

I wanted to get some internal usage here at work, without changing too much in your image..

I see the 090-policy-forward.conf but that seems to be only DoT forwarding..

To be clear, there is not currently a non DoT forward presently?

(just wanted to make sure that I didn't miss it.. )

Thank you in advance.
@bcookatpcsd
Copy link
Author

--mount type=bind,src=/etc/knot-resolver/local.conf,dst=/etc/knot-resolver/kresd.conf.d/090-policy-forward.conf \

cat local.conf

policy.add( policy.all(
policy.FORWARD( {'99.88.77.66@53'})))

I tried to work out the lua code to parse the env.. (not knowing lua..)

Stopped the timer at :30.. here we are..

@hectorm
Copy link
Owner

hectorm commented Jul 15, 2023

This project is currently set up to forward queries to DoT servers.

But you can easily change this by replacing the 090-policy-forward.conf file as you are doing now. I see the change you made to that file is correct. It doesn't work?

By the way, I just replaced my custom Caddy fork with the official Traefik image in the deployment examples.

@zleppy
Copy link

zleppy commented Jul 18, 2023
edited
Loading

Not the base way to do it i bet but it works.

mount in docker compose

  • ./kresd4.conf.d/065-local-domains.conf:/etc/knot-resolver/kresd.conf.d/065-local-forward.conf

-- Forward local DNS queries to local domain server.

internalDomains = policy.todnames(
{'your.domain.local',
'10.in-addr.arpa',
'172.in-addr.arpa',
'168.192.in-addr.arpa',
'0.0.f.f.c.1.4.2.5.d.1.9.d.f.ip6.arpa'}
)
policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), internalDomains))
policy.add(policy.suffix(policy.FLAGS({'NO_EDNS'}), internalDomains))
policy.add(policy.suffix(policy.STUB({'192.168.91.50'}), internalDomains))

-- needed to allow internal domains
modules.unload('rebinding')

@bcookatpcsd
Copy link
Author

Thank you .. that looks better than mine..

Also..

-- turns off DNSSEC validation
trust_anchors.remove('.')

Usually I do this as I'm using NextDNS upstream and they do dnssec..

will test but:

trust_anchors.remove('your.domain.local.', '10.in-addr.arpa.', 'etc..' )

I never found the rebinding.. I wonder if that was other problems I was having..

Thank you..

@zleppy
Copy link

zleppy commented Jul 29, 2023

Ah i use the knot DNS inside a container along side this one to host my own internal zones.
Knot DNS fixes the DNSSEC part.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hectorm @zleppy @bcookatpcsd