You are not logged in.
I would like to used knot-resolver on my router. At this moment I have dnsmasq as dhcp and dns cache. My idea is to use knot as dns cache resolver for my local network
as first step I did change port for dns in dnsmasq to 5353, for future I want to use dnsmasq to resolve local network names.
I did install knot-resolver and follow https://wiki.archlinux.org/index.php/Knot_Resolver
here is my config:
cat /etc/resolv.conf
nameserver 127.0.0.1cat /etc/knot-resolver/kresd.conf
-- vim:syntax=lua:
-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
-- Load useful modules
modules = {
'policy', -- Block queries to local zones/bad sites
'hints > iterate', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
}
-- See kresd.systemd(7) about configuring network interfaces when using systemd
-- Listen on localhost (default)
-- net = { '127.0.0.1', '::1'}
-- Enable DNSSEC validation
-- trust_anchors.file = '/etc/knot-resolver/root.keys'
hints.root_file = '/etc/knot-resolver/root.hints'
-- Cache size
cache.size = 100 * MBcat /etc/knot-resolver/root.hints
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: October 24, 2017
; related version of root zone: 2017102400
;
; FORMERLY NS.INTERNIC.NET
;
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
...
...
...starting knot resolver
sudo systemctl start kresd@1.serviceI can see that it is running
ps axf
/usr/sbin/kresd --config=/etc/knot-resolver/kresd.confand I did change configuration that it listen on 127.0.0.1 and another two local interfaces
here is output from journal
Nov 08 22:49:43 skriatok systemd[1]: Starting Knot Resolver daemon...
Nov 08 22:49:43 skriatok systemd[1]: Started Knot Resolver daemon.
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'b.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'b.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'h.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'j.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'm.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'l.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'j.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'i.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'g.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'f.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'e.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'd.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'a.root-servers.net.', type: 28
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'h.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'c.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'k.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'e.root-servers.net.', type: 1
Nov 08 22:49:53 skriatok kresd[9012]: [priming] cannot resolve address 'f.root-servers.net.', type: 1
...
...please, can someone help?
thank you
Offline
Here are some things you can try doing and checking:
1.) Check out the Knot Resolver documentation to make sure your config files are right. One thing you might want to manually check that it is connecting to right network is to uncomment (remove "--") from the "net" option.
2.) dmasq and KnotResolver will both try and use port 53. You mentioned you changed it, so that's good, maybe worth another check.
3.) add "workarounds" to your conf. Perhaps these nameservers are having compatibility issues with you? The workarounds module contains a set of hotfixes to ensure compatibility with DNS servers with known compatibility problems with modern DNS standards.
4.) Make sure you have the right modules in that will listen to the root.hints file:
-- Load hints after iterator (so hints take precedence before caches)
modules = { 'hints > iterate' }
-- Add a custom hosts file
hints.add_hosts('hosts.custom')
-- Override the root hints
hints.root({
['j.root-servers.net.'] = { '2001:503:c27::2:30', '192.58.128.30' }
})
-- Add a custom hint
hints['foo.bar'] = '127.0.0.1'5.) I am not clear on how knot resolver receives packets from the WAN, but maybe you need to set it up to listen on your gateway address for incoming packets from TLD?
Offline
1) yes, I am trying to find help there
2) yes, checking that with ss command
3) 4) it is not clear what you mean
5) do you think that forwarder should listen on wan side?
Offline
I find out that that probably ISP is doing something with DSN request. Knot does get incorrect answer from root dns servers.
checking this https://dnsleaktest.com and https://www.perfect-privacy.com/dns-leaktest/
using working config with dnsmasq, which is asking 1.1.1.1 in case it doesn't know answer
I see opendns or google resolvers in results.
Offline