22 Bře
2021
22 Bře
'21
9:27
With the previous message I wasn't sure but this one made it clear to me:
On 3/22/21 8:41 AM, Alex JOST wrote:
The scenario I was thinking about is:
* Have some real world TLDs (example.com) NS entry point to server A
and server B
* Server A and B both have Knot DNS installed but listening on
localhost port 5053
* Server A and B both have Knot Resolver installed and listening on
a public IP port 53
* Queries for example.com are received by Knot Resolver and
forwarded to Knot DNS
This won't fully work, as Knot Resolver only provides recursive
service. Some of the authoritative queries would therefore be answered
"wrong".
We don't plan to change this, probably not even to provide a "proxying"
mode which you had in mind for this plan. The policy.STUB mode looks
similar but it's also designed to provide a recursive service only (and
meant to be pointed at recursive server, too).
* Any other queries are resolved and answered by
Knot Resolver
* There are no access restrictions for specific IP ranges
My concerns are:
* Is it feasible to run such a setup? Are there any drawbacks?
The only "advantage" I can see in combining both kinds of servers is
that you could save a public IP address, assuming you want to run a
public resolver for some other reason.
* Is it possible to (more or less) safely run Knot
Resolver as an
open resolver?
It's perhaps not relevant for you now, but Knot Resolver should be fine
as a public resolver (i.e. intentionally open resolver). We also run
such a service ourselves: https://nic.cz/odvr/
--Vladimir