Good day
I use knot-resolver with a rpz blacklist file for DNS filtering.
How can I log all NXDOMAIN responses from kresd?
Thanks in advance
Good day
I use knot-resolver with a rpz blacklist file for DNS filtering.
How can I log all NXDOMAIN responses from kresd?
Thanks in advance
I assume it will be best for you to simply enable policy logging, which in kresd config is:
log_groups({'policy'})
Adding config is described in Knot resolver (i.e. kresd) - DNS advanced settings for Omnia and MOX [Turris wiki]
The logs get written to /var/log/resolver
I’ve just added log_groups({‘policy’}) as per your recommendation but the message I got on the log is
May 5 17:16:58 turris kresd[23681]: [system] warning: hard limit for number of file-descriptors is only 4096 but recommended value is 524288
I consider myself a newbie to omnia. What’s expected of above msg? Is ‘policy’ on log_groups going to catch the NXDOMAIN responses?
Note: I’ve added the config line the custom.conf file.
That’s a completely unrelated message. What it logs is
[policy][52726.00] DENY applied for example.test. A
A new message is thrown out: lua-cqueues is required.
Where do I get the lua-cqueues package? It seems that it’s not available on the omnia repo.
It’s only required for auto-reloading the RPZ whenever it’s touched
[policy] lua-cqueues required to watch and reload RPZ file, continuing without watching
After adding log_groups config, the rpz file is still being loaded and blacklisted domains blocked. However, no log appear on /var/log/resolver regarding DENIED domains.
What am I missing?
Ooh, I’m sorry. I forgot that the logging in policy was added later than the rest and update in Turris is a further delay. Currently the required version is in HBT version:
Thanks for the insight.
With the TOS 5.3.9 update knot-resolver is now logging denied domains.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.