I was under the impression that
policy.add(policy.suffix(policy.STUB('127.0.0.1@5353'), policy.todnames({'localnet.home','45.168.192.in-addr.arpa'})))
would take care of forwarding requests only for the listed zones to dnsmasq.
In my case, selecting “Use forwarding” in the GUI and picking Cloudflare results in
policy.add(policy.all(policy.TLS_FORWARD(
{{'1.1.1.1'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
},{'2606:4700:4700::1111'
,hostname='cloudflare-dns.com'
,ca_file='/etc/ssl/certs/ca-certificates.crt'
}})))
Added after the initial stanza.
My own stanza
policy.add(policy.all(
policy.TLS_FORWARD({
{'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/DigiCertECCSecureServerCA.pem'},
{'1.0.0.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/DigiCertECCSecureServerCA.pem'}
})
))
sits at the bottom (commented out if I pick “Use forwarding”).
Does adding the policy.TLS_FORWARD
negate the policy.STUB
statement later on?
In reversing the order does the policy.STUB
negate the policy.TLS_FORWARD
statement?
Even if I reverse the statements, I no longer have lookups of my local dynamic DHCP entries. It all seems a little opaque how it’s supposed to work. I also don’t get much enlightenment if I enable verbose output for kresd, but I’m not an expert in reading that output either.
If I enable “Enable DHCP clients in DNS” in the GUI, will I be able to reverse lookup my hosts?
I probably should create this as a separate thread.