Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forwarding to hnsd from knot-resolver #80

Open
singpolyma opened this issue Dec 11, 2021 · 1 comment
Open

Forwarding to hnsd from knot-resolver #80

singpolyma opened this issue Dec 11, 2021 · 1 comment

Comments

@singpolyma
Copy link

I am running like this:

hnsd -r 127.0.0.1:5353

And then trying to setup knot-resolver in the obvious way:

policy.add(policy.all(policy.FORWARD({ '127.0.0.1@5353' })))

This results in knot being unable to resolve any name. I see no logs coming out of hnsd, and when I turn on debug logs in knot-resolver it says connection refused. Dig to 5353 directly works fine, but for some reason knot cannot connect. Any guesses what could cause a connection refused like that?
@buffrr
Copy link
Contributor

buffrr commented Dec 11, 2021
edited
Loading

This results in knot being unable to resolve any name

are you getting SERVFAIL can you try using +cd do you get an answer?

dig @knot-resolver-ip 3b +cd

Using hnsd with knot resolver+dnssec validation isn't that easy at the moment. PR #76 will fix this but you can use hsd for now which already has dnssec cleaned up. You still need to replace ICANN's root KSK (example)

If you don't care about DNSSEC, try this instead (not recommended):

policy.add(policy.all(policy.STUB({ '127.0.0.1@5353' })))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@singpolyma @buffrr