Hello again…
Beside local configuration file, I figured out, that there is no “official” way to have resolve reverse queries for private networks - it’s mentioned in Dnsmasq .lan domain while still using knot resolver … The documentation mentions it just “by-the-way”, but there is no other way (without modifying the /usr/lib/kdns_modules/policy.lua).
On one hand, I understand the reasons for not to do it globally, but IMHO it is quite stupid way to achieve it without a possibility to revert this behavior in local config…
But, for those, who (like me) want to make the config as clear as it could be (no modifications to system files), here is a bit of code, you can use in our local config:
–[[ “Backup” default rule for reverse DNS blocking in private networks (it’s first in rule-list) ]]–
local private_zones_rule = policy.rules[1].cb
table.remove(policy.rules, 1)
–[[ Insert your policy here… ]]–
policy.suffix(policy.FORWARD(‘192.168.100.1’), {todname(‘mydomain.net’), todname(‘100.168.192.in-addr.arpa’)}))
–[[ Reinsert the original policy ]]–
policy.add(private_zones_rule)