Re: [knot-resolver-users] Configuring kresd to query multiple nameservers and return the first affirmative response?

On 4/12/19 1:06 am, Vladim??r ??un??t wrote: Thank you so so much for these useful pointers and links. It's looking like with selective filters an foreknowledge of suffixes and given that non-overlapping suffixes are used in a pattern like: policy.add(policy.suffix(policy.FORWARD('...'), {todname('suffix on LAN')})) policy.add(policy.suffix(policy.FORWARD('...'), {todname('suffix on VPN')})) policy.add(policy.FORWARD('...')) Alas it doesn't seem like kresd can do a FORWARD then act based on the result. It would be so lovely if it could. That is if we could specify a policy for each of three FOWARD results: 1) No response 2) Negative response 3) Resolved name but it seems we can't as FORWARD in Non-chained. Re: the strategy on VPN connect and disconnect I have no problem driving my connections from custom scripts if I need to that doctor resolv.conf or any other configs and do any resolver restarts needed just after connecting and disconnecting. I certainly prefer my local DNS and would love a strategy that resolves on the local DNS and if response is negative tries the VPN DNS. I can see on the Omnia a kresd.config file that contains: --Automatically generated file; DO NOT EDIT modules = { ?????? 'hints > iterate' ?? , 'policy' ?? , 'stats' ?? , predict = { ?????????????? window = 30 -- 30 minutes sampling window ?????????? , period = 24*(60/30) -- track last 24 hours ?? } } hints.config('/tmp/kresd/hints.tmp') net.bufsize(4096) net.ipv4=true net.ipv6=true cache.open(20*MB) cache.clear() policy.add(policy.all(policy.FORWARD({ ?????? '203.12.160.35', ?????? '203.12.160.36', }))) What I can't see from that is how kresd on the Omnia knows to resolve .lan names which it does well in practice. The policy encoded there forwards ALL requests. Kind regards, Bernd.