Knot only uses first forward policy

When there is multiple forward policies set up in /tmp/kresd.config, kresd only uses the first one that matches. For example, if you have “Use forwarding” enabled it will add two forward policies, but only the first one will be used, and the second one will just be ignored, so if the first DNS server is down the lookup will fail, even if the second DNS server is fine. And if “Use forwarding” is enabled, any forwarding statements from /etc/kresd/kresd.custom.conf will just be ignored. I have added a statement in that file to forward queries for the local network to dnsmasq, but that doesn’t work when forwarding is enabled. If on the other hand the statement to forward lookups to dnsmasq is before the other forwards it works fine, but then it needs to be in the init file, so it will be remove on updates.

change option forward_upstream to 0 in /etc/config/resolver
edit /etc/kresd/custom.conf to include your forwarding DNS servers below your local dnsmasq forwarder. you can also put them all in one line like this:


1 Like

No, it still only uses the first DNS server, and ignores the rest. And doing that would only set static addresses to the DNS servers, rather than getting ones from DHCP.

I think there should be two improvements for knot resolver.

  1. Optional priorities for policy:add() to reorder the policies.
  2. There should be implemented optional fallback if the first forward policy fails. For example user could configure a check for NXDOMAIN and/or SERVFAIL.

For reference, FORWARD to up to four IPs should work correctly (at least now).

If you deal with kresd config directly and not Omnia config, you need to be careful to put all into a single rule (otherwise first matching rule wins) and also pass it as a lua list in a single argument, i.e. .FORWARD({'foo', 'bar', 'baz'}) (braces!).