These are chat archives for CZ-NIC/knot-resolver

5th
Sep 2018
Edmund Wu
@eadwu
Sep 05 2018 21:47
KResd seems to work fine on some address while for others it just fails though regardless it seems to be outputting the same errors on all requests?
[priming] cannot resolve '.' NS, next priming query in 10 seconds
error: ...dhxbfh2n-knot-resolver-3.0.0/lib/kdns_modules/policy.lua:85: assertion failed!
[detect_time_skew] cannot resolve '.' NS
As for my current configuration
  networking = {
    nameservers = [
      "127.0.0.1"
    ];
  };
  ...
  services = {
    kresd = {
      enable = true;
      extraConfig = ''
        modules = {
          'policy'
        }

        policy.add(policy.all(policy.TLS_FORWARD({
          { '9.9.9.9', hostname = 'dns.quad9.net', ca_file = '/etc/ssl/certs/ca-bundle.crt' },
          { '149.112.112.112', hostname = 'dns.quad9.net', ca_file = '/etc/ssl/certs/ca-bundle.crt' },
        })))
      '';
    };