define system config for dns resolver

2025-03-04 22:50:57 +01:00 · 2025-03-04 22:50:57 +01:00 · 78a1b6daa7
commit 78a1b6daa7
parent f4ff592efd
4 changed files with 62 additions and 0 deletions
--- a/systems/resolv-dns.noc.eh22.intern/kresd-config.lua
+++ b/systems/resolv-dns.noc.eh22.intern/kresd-config.lua
@ -0,0 +1,23 @@
+-- ref: https://www.knot-resolver.cz/documentation/stable/config-overview.html
+
+-- load non-default modules
+modules.load("view")
+modules.load("prefill")
+
+-- define list of internal-only domains
+ehDomains = policy.todnames({'noc.eh22.intern'})
+
+-- for the mgmt-network, forward ehDomains to our authorative server
+view:addr('10.20.25.0/24', policy.suffix(policy.FLAGS({'NO_CACHE'}), ehDomains))
+view:addr('10.20.25.0/24', policy.suffix(policy.STUB({'10.20.25.3'}), ehDomains))
+
+-- allow resolution from our internal network
+view:addr('10.20.25.0/24', policy.all(policy.PASS))
+
+-- precache the root zone to reduce traffic load to it
+prefill.config({
+  ["."] = {
+    url = "https://www.internic.net/domain/root.zone",
+    interval = 24 * 60 * 60,
+  }
+})