Resolve all domains in a zone to the same ip


I would like to set up something like a wildcard hint for kresd so that all subdomains of .i2p will resolve to the same ip address The ip address would have a transparent HTTP proxy with its own resolver.
I don’t want it to forward request to another resolver, I want it to respond with this address authoratively instead.
With dnsmasq, I can do the same thing with the following line:
list address '/.i2p/'
Now I would like to migrate to kresd and look for a similar rule.
I tried hints.set('*.i2p') and hints.set('[a-zA-Z]+.i2p'), but it seems wildcards and regular expressions are not expanded.

In general, knot-resolver isn’t designed to serve anything authoritatively. There is very limited support for that, e.g. the hints module which you found. Even that one doesn’t serve a real full zone (that wouldn’t be so easy).

Still, one can write basically anything in the configuration, being lua code with access to most resolver internals, so let me post an example that should work well, but there are no guarantees about some “edge cases” or about breakage due to some internal API changes after some months or years. BTW, your question is the same as [SOLVED] How to configure local DNS to route * to one host?

local function genRR (state, req)
	local answer = req.answer
	local qry = req:current()
	if qry.stype ~= kres.type.A then
		return state
	answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\10\128\0\1')
	return kres.DONE
policy.add(policy.suffix(genRR, { todname('i2p.') }))

Thank you, I will try that!
Couldn’t find that thread because I was searching with different keywords.
Would you recommend keeping dnsmasq as a backend for kresd for the zone in my case or go with the above solution?

What about something like that?

local function genRR (state, req)
	local qry = req:current()
	hints.set(qry.sname .. '')
	return policy.DONE

qry.sname is in wire-format, so you want kres.dname2str(qry.sname) instead. With that it should be OK and more likely to work in versions in far future. Of course, it assumes there won’t be too many distinct names. Each will get added into an internal table, so e.g. attacker will be able to exhaust your memory over time by random-prefix queries.

I know almost nothing about dnsmasq config and very little about other authoritative server config. You can use any other DNS server for particular subtrees, with some small caveats, if that server feel easier to configure for purposes that you want.

1 Like

In case you use a function similar to what I posted, see Kresd crashes with policy configuration and FQDN as router name

Thank you! I am currently using dnsmasq to resolve those domains.