These are chat archives for CZ-NIC/knot-resolver

Oct 2018
Robert Šefr
Oct 18 2018 15:03

I'm trying to achieve this (kres 2.4.1):

  • allow everyone to resolve
  • refuse queries from

I would expect this policy and view to do the trick:

modules = {'policy', 'view'}
policy.add(policy.suffix(policy.PASS, {todname('')}))
view:addr('', policy.all(policy.REFUSE))

However I receive REFUSED on dig @
What am I doing wrong?

Vladimír Čunát
Oct 18 2018 15:19
policy and view currently act "independently", so PASS for one won't affect the other.
I think this will work the way you want if you wrap the policy rule with view:addr('' and use this patch
Robert Šefr
Oct 18 2018 19:22
Will I get the same behavior through daf? Seems more readable to me and I'd like to make use of the rewrite action in some cases