These are chat archives for CZ-NIC/knot-resolver

22nd
Nov 2018
Robert Šefr
@robcza
Nov 22 2018 13:04

Still didn't crack my understanding of policy/view rules evaluation process:

modules = {'policy', 'view'}
view:addr('0.0.0.0/0', policy.suffix(policy.FORWARD('10.10.10.1@53'), {todname('example.com.')}))
view:addr('10.0.0.0/8', policy.all(policy.PASS))
view:addr('0.0.0.0/0', policy.all(policy.REFUSE))

This sequence will accept and answer any query from any address., though I would expect it to REFUSE all queries from any address except 10.0.0.0/8 and queries to domain example.com. What is wrong with my approach?