I would like to set up something like a wildcard hint for kresd so that all subdomains of .i2p will resolve to the same ip address 10.128.0.1. The ip address would have a transparent HTTP proxy with its own resolver.
I don’t want it to forward request to another resolver, I want it to respond with this address authoratively instead.
With dnsmasq, I can do the same thing with the following line: list address '/.i2p/10.128.0.1'
Now I would like to migrate to kresd and look for a similar rule.
I tried hints.set('*.i2p 10.128.0.1') and hints.set('[a-zA-Z]+.i2p 10.128.0.1'), but it seems wildcards and regular expressions are not expanded.
In general, knot-resolver isn’t designed to serve anything authoritatively. There is very limited support for that, e.g. the hints module which you found. Even that one doesn’t serve a real full zone (that wouldn’t be so easy).
Still, one can write basically anything in the configuration, being lua code with access to most resolver internals, so let me post an example that should work well, but there are no guarantees about some “edge cases” or about breakage due to some internal API changes after some months or years. BTW, your question is the same as [SOLVED] How to configure local DNS to route *.abc.xyz to one host?
local function genRR (state, req)
local answer = req.answer
local qry = req:current()
if qry.stype ~= kres.type.A then
return state
end
answer:aa(true)
answer:ad(false)
answer:rcode(kres.rcode.NOERROR)
answer:begin(kres.section.ANSWER)
answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\10\128\0\1')
return kres.DONE
end
policy.add(policy.suffix(genRR, { todname('i2p.') }))
Thank you, I will try that!
Couldn’t find that thread because I was searching with different keywords.
Would you recommend keeping dnsmasq as a backend for kresd for the zone in my case or go with the above solution?
qry.sname is in wire-format, so you want kres.dname2str(qry.sname) instead. With that it should be OK and more likely to work in versions in far future. Of course, it assumes there won’t be too many distinct names. Each will get added into an internal table, so e.g. attacker will be able to exhaust your memory over time by random-prefix queries.
I know almost nothing about dnsmasq config and very little about other authoritative server config. You can use any other DNS server for particular subtrees, with some small caveats, if that server feel easier to configure for purposes that you want.