I was speaking about your laptop.
ah, understand. As I mentioned in the post above, I checked the laptop with
‘resolvectl status’ and nmcli.
It was set to obtain DNS from the router.
However your suggestion to re-check this led me to the answer:
I was running leaktest from within VMs inside the laptop.
I discovered the VMs were not taking their DNS from the laptop host,
hence my specific inputs led to random outputs.
(chuckle) there has been one big benefit to my spending 2 days
trying to solve this:
I now understand more about DNS better than I ever imagined possible.
Thnks very much for your help and patience on this, greatly appreciated.
I owe you (at least) a very large Belgian beer.
I am now deploying this first Turris - was previously just testing it.
2 Likes
Returning to the original problem:
how to specify 3 x DNS servers.
Thanks to vcunat for this solution.
The 2 alternative files below, placed in /etc/kresd/custom.conf both worked.
The first file is simple,
just contains 1 ipv4 address / dns provider,
the 2nd file has 4 ip addresses per provider,2x ipv4 and 2x ipv6 addresses.
Much harder to get the grammar right.
It seems, but I can’t be sure, the servers are tried in reverse order.
Grateful if comeone could confirm/deny this.
Simple /etc/kresd/custom.conf
table.insert(policy.special_names, { count = 0, cb = policy.all(
policy.TLS_FORWARD(
{{'9.9.9.9'
,hostname='dns.quad9.net'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'1.1.1.2'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'8.8.8.8'
,hostname='dns.google'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
}}))})
Full /etc/kresd/custom.conf
table.insert(policy.special_names, { count = 0, cb = policy.all(
policy.TLS_FORWARD(
{{'1.1.1.2'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'1.0.0.2'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2606:4700:4700::1112'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2606:4700:4700::1002'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'9.9.9.9'
,hostname='dns.quad9.net'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'149.112.112.112'
,hostname='dns.quad9.net'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2620:fe::fe'
,hostname='dns.quad9.net'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2620:fe::9'
,hostname='dns.quad9.net'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'8.8.8.8'
,hostname='dns.google'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'8.8.4.4'
,hostname='dns.google'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2001:4860:4860::8888'
,hostname='dns.google'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2001:4860:4860::8844'
,hostname='dns.google'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
}}))})
Once the custom.conf is created
In /etc/config/resolver
section config resolver ‘kresd’
add line to include this custom.conf
option include_config '/etc/kresd/custom.conf'
Note that you also need to turn off forwarding in the reForis interface to avoid a conflict
in this resolver file.
Finally, restart the resolver process:
service resolver restart
No. If servers reply correctly, those that reply fastest are preferred.
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.