[SOLVED] How to configure local DNS to route *.abc.xyz to one host?


I have a server with several docker services running. All of them are reachable through e.g. mail.abc.xyz, note.abc.xyz, etc. The external DNS uses this “zone” abc.xyz to assign the IP, as far as I understand.

Forwarding and all works great from the outside, but inside the LAN I cannot reach the server and the services with the external address. How can I make either a Lua script for knot or other config changes to make sure *.abc.xyz is always routed to the server?

I want to avoid to configure each subservice by hand:

*.abc.xxyz is not allowed.

This is quite a FAQ. I recommend How to access lan ressources from guest network

EDIT: note that lines in hosts-like files have syntax “IP NAME” and not the other way.

No, I solved the problem stated there already.

I want to find a solution which saves me the work to write each line in the hosts file for each (dynamic) service on the server.

The “*” is important here ==>> *.abc.xyz

Right, I missed the “avoid” word somehow :slight_smile:

A few lines in config can do that. It’s not too well documented how to write such snippets, unfortunately, at least not all parts, but one can just imitate similar use cases in policy.lua.

local function genRR (state, req)
	local answer = req.answer
	local qry = req:current()
	if qry.stype ~= kres.type.A then
		return state
	answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\192\168\1\3')
	return kres.DONE

policy.add(policy.suffix(genRR, { todname('abc.xyz.') }))

Nitpick note: this answers even for abc.xyz. name and any deeper subdomain.

And, it might not be obvious how to add custom config, so the best way should be to add something like

option include_config '/etc/kresd/custom.conf'

into /etc/config/resolver, section 'kresd'.

It doesn’t seem to work here on 3.8.1 .I just changed the answer (\192\168\10\67) and the name in todname (palver.lan.), but I always get a domain not found:
Nevermind, forgot to add the custom config…

Nice, I looked at the policy section of the documentation and guessed it had something to do with the suffix, but I mistook “forward” as the answer in the beginning.

What is the reason for the dot “.” at the end of the domain? And is there a knot / kresd cookbook somewhere? Because it looks like a common thing to write answers like this.

PS: I already have a custom config, for the old “reroute the .lan stuff to dnsmasq” hack. Maybe time to take this one out now that it is in the main config.


Dot at the end is optional. It’s a kind of tradition, as in some other contexts the names without an end dot get some default suffix added, e.g. see wiki.

I don’t know of any cookbook. There’s documentation with examples for basic usage, but that doesn’t cover the code above. (I’m kresd developer; it’s not very common to write such code AFAIK but perhaps not too hard.)