Assign multiple Domains to different Subnets?

I try to figure out how to set some specific hosts up with different domain endings either per host base, or even better, assigned by subnet.

i already configured .lan domain with a kresd custom.conf file…since i activated also the “append local domain” option in foris interface, my network devices are resolving already to two domains, “.lan” (kresd custom) and “.home” (foris webui) correct.

  1. is the option in foris still needed if i resolve trough dnsmasq with custom kresd conf? whats the difference or advantage to both?

  2. i guess i just need to add some more custom rules like i did before in kresd ‘custom.conf’? whats the correct syntax to add another rule that would fit my needs?

maybee like this=?


local lan_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'lan',''})))
table.insert(policy.rules, 1, lan_rule)

local dmz_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'dmz',''})))
table.insert(policy.rules, 1, dmz_rule)

best practice hints and help is greatly appreciated!
cheers to all and the hard working Turris Team.

The Foris option sets dhcp.@dnsmasq[0].local, and that’s also then used by the glue script in the other approach where the list of names is fetched from dnsmasq and fed into kresd.

Seems OK at a quick glance, but you can simply extend the list of suffixes instead of doubling the commands. And you probably want to disable caching for these suffixes as well, so I guess something like:

local lan_trees = policy.todnames({
  'lan', '',
  'dmz', '',

local lan_rule1 = policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), lan_trees))
table.insert(policy.rules, 1, lan_rule1)

local lan_rule2 = policy.add(policy.suffix(policy.STUB(''), lan_trees))
table.insert(policy.rules, 2, lan_rule2)
  • The add-del-insert hack is only needed if you additionally configure forwarding via Foris (it would otherwise take precedence).
  • The cache is problematic in cases like yours. Someone might e.g. ask for example.dmx (by accident), leading to kresd caching a record that proves non-existence of a range that covers also dmz TLD and using that in later answers; upstream docs.
1 Like

thanks for the excellent example…i added this with ‘’ instead of ‘dmz’ (hope it works with my tld?) but the resolution to the ‘’ from ‘lan’ still happens on wan dns … if i add the hosts in /etc/hosts and add it to kres config it works though. i assumed that this upper config append the domain endings automagicly ?

The config I posted does no such magic. The rules are applied to names with the endings explicitly written there (list of four suffixes in my particular case) – and nothing else.

Appending suffixes like .lan does happen (1) when feeding DHCP names to DNS, and (2) some systems may also try sending modified DNS queries based on some conditions. (In Linuxes it’s typically configurable, man resolv.conf, keyword search.) I’m not aware of any other place.