Resolve all domains in a zone to the same ip

Shulyaka · November 19, 2018, 7:03pm

Hi!

I would like to set up something like a wildcard hint for kresd so that all subdomains of .i2p will resolve to the same ip address 10.128.0.1. The ip address would have a transparent HTTP proxy with its own resolver.
I don’t want it to forward request to another resolver, I want it to respond with this address authoratively instead.
With dnsmasq, I can do the same thing with the following line:
list address '/.i2p/10.128.0.1'
Now I would like to migrate to kresd and look for a similar rule.
I tried hints.set('*.i2p 10.128.0.1') and hints.set('[a-zA-Z]+.i2p 10.128.0.1'), but it seems wildcards and regular expressions are not expanded.

vcunat · November 20, 2018, 9:42am

In general, knot-resolver isn’t designed to serve anything authoritatively. There is very limited support for that, e.g. the hints module which you found. Even that one doesn’t serve a real full zone (that wouldn’t be so easy).

Still, one can write basically anything in the configuration, being lua code with access to most resolver internals, so let me post an example that should work well, but there are no guarantees about some “edge cases” or about breakage due to some internal API changes after some months or years. BTW, your question is the same as [SOLVED] How to configure local DNS to route *.abc.xyz to one host?

local function genRR (state, req)
	local answer = req.answer
	local qry = req:current()
	if qry.stype ~= kres.type.A then
		return state
	end
	answer:aa(true)
	answer:ad(false)
	answer:rcode(kres.rcode.NOERROR)
	answer:begin(kres.section.ANSWER)
	answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\10\128\0\1')
	return kres.DONE
end
policy.add(policy.suffix(genRR, { todname('i2p.') }))

Shulyaka · November 20, 2018, 10:18am

Thank you, I will try that!
Couldn’t find that thread because I was searching with different keywords.
Would you recommend keeping dnsmasq as a backend for kresd for the zone in my case or go with the above solution?

Shulyaka · November 20, 2018, 10:30am

What about something like that?

local function genRR (state, req)
	local qry = req:current()
	hints.set(qry.sname .. ' 10.128.0.1')
	return policy.DONE
end

vcunat · November 20, 2018, 11:07am

qry.sname is in wire-format, so you want kres.dname2str(qry.sname) instead. With that it should be OK and more likely to work in versions in far future. Of course, it assumes there won’t be too many distinct names. Each will get added into an internal table, so e.g. attacker will be able to exhaust your memory over time by random-prefix queries.

I know almost nothing about dnsmasq config and very little about other authoritative server config. You can use any other DNS server for particular subtrees, with some small caveats, if that server feel easier to configure for purposes that you want.

vcunat · January 26, 2021, 8:33pm

In case you use a function similar to what I posted, see Kresd crashes with policy configuration and FQDN as router name

Shulyaka · January 26, 2021, 8:59pm

Thank you! I am currently using dnsmasq to resolve those domains.