How to change DNS to some specific DNS server IP so that I can resolve OpenNIC domains?

That’s a possible approach, e.g. simply adding configuration

policy.add(policy.suffix(policy.STUB('51.254.25.115'),
  policy.todnames({ 'coin.', 'geek.', 'libre.' })))

but it won’t be 100%. (You also need to uncheck forwarding in Foris so your ISP’s servers don’t take precedence.) It will use standard servers and DNSSEC validation for everything – except for the list of suffixes you specify (and those won’t be validated at all).

Still, knot-resolver doesn’t count on the DNS tree being inconsistent, so e.g. if someone makes a query for geej., e.g. by accidental typo, it will get into its cache this record from official root

gea.                    86400   IN      NSEC    gent. NS DS RRSIG NSEC

proving that there’s nothing at all between those two names, and after that it will always immediately reply that **.geek. does not exist (without asking any servers). I see no way how to disable that by configuration ATM, except give up validation everywhere…

1 Like