How to log NXDOMAIN response from kresd?

Good day

I use knot-resolver with a rpz blacklist file for DNS filtering.
How can I log all NXDOMAIN responses from kresd?

Thanks in advance

I assume it will be best for you to simply enable policy logging, which in kresd config is:


Adding config is described in Knot resolver (i.e. kresd) - DNS advanced settings for Omnia and MOX [Turris wiki]

The logs get written to /var/log/resolver

I’ve just added log_groups({‘policy’}) as per your recommendation but the message I got on the log is

May 5 17:16:58 turris kresd[23681]: [system] warning: hard limit for number of file-descriptors is only 4096 but recommended value is 524288

I consider myself a newbie to omnia. What’s expected of above msg? Is ‘policy’ on log_groups going to catch the NXDOMAIN responses?
Note: I’ve added the config line the custom.conf file.

That’s a completely unrelated message. What it logs is

[policy][52726.00]   DENY applied for example.test. A

A new message is thrown out: lua-cqueues is required.
Where do I get the lua-cqueues package? It seems that it’s not available on the omnia repo.

It’s only required for auto-reloading the RPZ whenever it’s touched

[policy] lua-cqueues required to watch and reload RPZ file, continuing without watching
1 Like

After adding log_groups config, the rpz file is still being loaded and blacklisted domains blocked. However, no log appear on /var/log/resolver regarding DENIED domains.
What am I missing?

Ooh, I’m sorry. I forgot that the logging in policy was added later than the rest and update in Turris is a further delay. Currently the required version is in HBT version:

Thanks for the insight.

With the TOS 5.3.9 update knot-resolver is now logging denied domains.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.