29 Led
2025
29 Led
'25
16:46
Hello,
On my local network, I have a computer fixed IP that I would like to use
a specific TLS FORWARD.
Generic TLS_FORWARD is simply configured as such.
policy.add(policy.all(policy.TLS_FORWARD({
{'9.9.9.9', hostname='dns9.quad9.net'},
{'1.1.1.1', hostname='cloudflare-dns.com'},
{'1.0.0.1', hostname='cloudflare-dns.com'},
})))
I tried to embed a specific different TLS_FORWARD with a
view:addr('10.10.10.10', ... )
but I cannot manage to restrict this TLS_FORWARD and to avoid it
poisoning the cache.
Is there somewhere an example of such setup, with ACL ending up on two
different TLS_FORWARD and one with no cache ?
Regards,
--
Mathieu Roy
30 Led
30 Led
8:12
On 29/01/2025 16.46, Mathieu Roy via knot-resolver-users wrote:
Is there somewhere an example of such setup, with ACL
ending up on two
different TLS_FORWARD and one with no cache ?
I'm not aware. Disabling cache should still work by this hack:
https://lists.nic.cz/hyperkitty/list/knot-resolver-users@lists.nic.cz/messa…
But I suspect that our DNSSEC validator won't work well without caching,
possibly pulling the same record multiple times during a single client's
request, e.g. when encountering CNAME jumps across zones.
278
days inactive
279
days old
knot-resolver-users@lists.nic.cz
1 comments
2 participants
participants (2)
-
Mathieu Roy -
Vladimír Čunát