Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

2016-10-16 Thread Toralf Förster
On 10/15/2016 11:28 PM, Ondřej Surý wrote:
> you need knot-resolver (knot-resolver.cz) and not knot-dns (this is the 
> authoritative-only part).
> 
> Cheers,

Ough - sry for stupidity

-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
___
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users


Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

2016-10-15 Thread Toralf Förster
On 10/15/2016 08:58 PM, Marek Vavruša wrote:
> As in your 5-step list: you have to install it, modify /etc/resolv.conf
> as in step 2, and then start it (kresd -k /var/something/root.keys).
Hhm, not as easy as dnsmasq I must admit.

The emerged package under Gentoo:

net-dns/knot-2.3.1::gentoo was built with the following:
USE="fastparser -caps -debug -dnstap -doc -idn -systemd" ABI_X86="64"

doesn't have a kresd installed anywhere. After renaming the config file here 
under Gentoo and adding few remote DNS servers:

remote:
  - id: n1
address: 2a01:4f8:0:a0a1::add@1010

  - id: n2
address: 2a01:4f8:0:a102::add@

  - id: n3
address: 2a01:4f8:0:a111::add@9898

  - id: n4
address: 213.133.98.98@53

  - id: n5
address: 213.133.99.99@53

  - id: n6
address: 213.133.100.100@53

I still get:

mr-fox knot # dig com. any +dnssec

; <<>> DiG 9.10.4-P3 <<>> com. any +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 64152
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;com.   IN  ANY

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 15 22:11:51 CEST 2016
;; MSG SIZE  rcvd: 32


So I do wonder how to convince knot to resolve the name ?



BTW adding this :


modules = { 'daf' }
daf.add 'forward 2a01:4f8:0:a0a1::add'
daf.add 'forward 2a01:4f8:0:a102::add'
daf.add 'forward 2a01:4f8:0:a111::add'


gives :

Oct 15 22:18:06 mr-fox knot[4363]: error: config, file '/etc/knot/knot.conf', 
line 39, item 'modules', value '' (parser failed)
Oct 15 22:18:06 mr-fox knot[4363]: critical: failed to load configuration file 
'/etc/knot/knot.conf' (parser failed)


-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
___
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users


Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

2016-10-15 Thread Marek Vavruša
Hi,

dnsmasq is caching forwarder, knot resolver is full resolver (but can be
configured as forwarder too).

As in your 5-step list: you have to install it, modify /etc/resolv.conf as
in step 2, and then start it (kresd -k /var/something/root.keys).

If you want to forward to full recursors like 8.8.8.8 then you need to
touch configuration, and do something like:

modules = { 'daf' }
daf.add 'forward 8.8.8.8'

See
http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-application-firewall

Marek


On 15 October 2016 at 11:10, Toralf Förster  wrote:

> On 10/15/2016 07:01 PM, Ondřej Surý wrote:
> > What are the requirements?
> Hi Ondřej,
>
> I'm looking for a short generic description. For dnsmasq I do have a short
> 5-step list compiled in [1] and was wondering, if it would be easy too to
> use knot instead of dnsmasq.
>
> The background is that at the mailing lists and in the Tor wiki a lot was
> written about bind and ubound but I do like diversity and/or lightweight
> solutions.
>
>
> [1] https://zwiebeltoralf.de/torserver.html
> --
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> ___
> knot-dns-users mailing list
> knot-dns-users@lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>
___
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users


Re: [knot-dns-users] is there a out-of-the-box receipt to use knot as a DNS cache for a Tor exit relay ?

2016-10-15 Thread Toralf Förster
On 10/15/2016 07:01 PM, Ondřej Surý wrote:
> What are the requirements?
Hi Ondřej,

I'm looking for a short generic description. For dnsmasq I do have a short 
5-step list compiled in [1] and was wondering, if it would be easy too to use 
knot instead of dnsmasq.

The background is that at the mailing lists and in the Tor wiki a lot was 
written about bind and ubound but I do like diversity and/or lightweight 
solutions.


[1] https://zwiebeltoralf.de/torserver.html
-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
___
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users