2 Oct 2020 |
titouwan (Gitter) | i thought of that but same on all sockets | 13:17:23 |
titouwan (Gitter) | and I tried to run only one instance | 13:18:06 |
@gitterbot:matrix.org | tkrizek Could you do a quick check that you're indeed sending the queries to kresd? E.g. configure it to REFUSE all queries and verify your scripts receives REFUSE rcodes? `policy.add(policy.all(policy.REFUSE))` | 13:21:26 |
Vladimír Čunát (Gitter) | I usually debug such stuff in an interactive session in verbose mode. That way I can see logs from any queries coupled with a CLI allowing me to inspect the internals like stats.frequent() . | 13:25:44 |
Vladimír Čunát (Gitter) | I usually debug such stuff in an interactive session in verbose mode. That way I can see logs from any queries coupled with a CLI allowing me to inspect the internals like stats.frequent() . | 13:25:48 |
Vladimír Čunát (Gitter) | (you get the session by simply running kresd -v ... manually in terminal) | 13:27:26 |
titouwan (Gitter) | thanks, I'll try that | 13:39:04 |
5 Oct 2020 |
Ed (Gitter) | How to tell knot-resolver dont return IPV6 local ip when a domain does not have IPv6 by default. example: dig githubstatus.com AAAA will return: ;; ANSWER SECTION:
githubstatus.com. 900 IN AAAA fe80::21b:aabb:b9c7:6c99
githubstatus.com. 900 IN AAAA fe80::21b:aabb:b9c7:6d99
githubstatus.com. 900 IN AAAA fe80::21b:aabb:b9c7:6e99
githubstatus.com. 900 IN AAAA fe80::21b:aabb:b9c7:6f99
;; AUTHORITY SECTION:
githubstatus.com. 900 IN SOA ns-1330.awsdns-38.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 | 10:51:32 |
Vladimír Čunát (Gitter) | Eh, who would put fe80 addresses into public DNS? (I can't see such nonsense records from my point of view.) | 10:55:11 |
@gitterbot:matrix.org | tkrizek What's your configuration? I see `NOERROR` with 0 answers, not any IPv6 local IPs | 10:55:19 |
Vladimír Čunát (Gitter) | (edited) ... into publicDNS? ... => ... into DNS? ... | 10:55:25 |
Vladimír Čunát (Gitter) | Still, our rebinding module does filter the fe80 prefix... | 10:56:11 |
Vladimír Čunát (Gitter) | (it's just not enabled by default) | 10:56:27 |
Ed (Gitter) | maybe it is my fault? missconfig? | 10:56:56 |
Ed (Gitter) | It actually my fault, I put this into my configmodules = {
'policy',
'stats',
'http',
'hints',
'serve_stale < cache',
'workarounds < iterate',
--dns64 = 'fe80::21b:77ff:0:0',
} | 11:00:21 |
Ed (Gitter) | (edited) ... iterate',
--dns64 = ... => ... iterate',
dns64 = ... | 11:03:13 |
7 Oct 2020 |
| Ahmed Mafaz (Gitter) joined the room. | 11:27:37 |
Ahmed Mafaz (Gitter) | Hello, How do i force safesearch using knot-resolver running 5.1.3? | 11:27:37 |
Vladimír Čunát (Gitter) | @ahmedmafaz: I don't know off the top of my head, but I believe the openwrt adblock script implements it for (recent versions of) knot-resolver as well: https://github.com/openwrt/packages/blob/master/net/adblock/files/adblock.sh | 12:42:41 |
9 Oct 2020 |
Ahmed Mafaz (Gitter) | Checked the documentation and this seems to work: Added to kresd.conf policy.add( policy.suffix( policy.ANSWER( { [kres.type.A] = { rdata=kres.str2ip('216.239.38.120'), ttl=300 } } ), { todname('google.com') })) | 11:38:03 |
Ahmed Mafaz (Gitter) | (edited) ... kresd.conf
policy.add(
policy.suffix(
policy.ANSWER(
{ [kres.type.A] = { rdata=kres.str2ip('216.239.38.120'), ttl=300 } }
), { todname('google.com') })) => ... kresd.conf
[code]policy.add(
policy.suffix(
policy.ANSWER(
{ [kres.type.A] = { rdata=kres.str2ip('216.239.38.120'), ttl=300 } }
), { todname('google.com') }))[/code] | 11:38:37 |
Ahmed Mafaz (Gitter) | (edited) ... kresd.conf
[code]policy.add(
policy.suffix(
policy.ANSWER(
{ [kres.type.A] = { rdata=kres.str2ip('216.239.38.120'), ttl=300 } }
), { todname('google.com') }))[/code] => ... kresd.conf
policy.add(
policy.suffix(
policy.ANSWER(
{ [kres.type.A] = { rdata=kres.str2ip('216.239.38.120'), ttl=300 } }
), { todname('google.com') })) | 11:38:48 |
Ahmed Mafaz (Gitter) | (edited) ... kresd.conf
policy.add( ... => ... kresd.conf
```
policy.add( ... | 11:40:29 |
Ahmed Mafaz (Gitter) | (edited) ... todname('google.com') })) => ... todname('google.com') }))``` | 11:40:36 |
Petr Špaček (Gitter) | Something like that. | 14:16:12 |
12 Oct 2020 |
| @gitterbot:matrix.org left the room. | 15:04:37 |
| Room Avatar Renderer. | 15:10:32 |
| tkrizek changed the room topic to "Deprecated, search for Gitter room directly on Matrix." from "Matrix bridge to https://gitter.im/CZ-NIC/knot-resolver". | 15:10:34 |
| tkrizek changed the join rule to "invite" from "public". | 15:12:25 |
29 Oct 2020 |
| Ed (Gitter) changed their display name from edoo (Gitter) to Ed (Gitter). | 12:53:35 |