Knot Resolver: Resolve DNS names like it's 2023! https://www.knot-resolver.cz/support/
Beware of https://knot-resolver.readthedocs.io/en/stable/modules-view.html#rule-order
learned this from the first test setup, now thoroughly going through the documentation. the doc is so well maintained and updated and appreciate the effort you guys put into this.
stats.frequent()
function. when I run the function in interactive mode doesn't show anything. this is after loading the module stats. I have the stats module loaded in the config as well.
log(table_print(stats.frequent()))
inside the config, I am able to see the json list. if the function is not the best method, any idea how I can log the most frequent queries? the function in documentation table.sort(stats.frequent(), function (a, b) return a.count > b.count end)
thrown an error saying (string expected, got nil
logging {
channel queries_log {
file "/var/log/query.log" versions 3 size 1m;
severity dynamic;
print-time yes;
};
category queries {
queries_log;
};
};`
stats.frequent()
is "suitable" in the sense that you can program your own logging (or anything) based on it, e.g. this demo (loaded as config):modules.load('stats')
function log_frequent()
local f = stats.frequent()
log("%d elements", #f)
stats.clear_frequent()
table.sort(f, function (a, b) return a.count > b.count end)
for _, item in ipairs(f) do
log("%s %s", item.name, item.type)
end
end
event.recurrent(10*min, log_frequent)
apt update
and apt upgrade
got this error Get:1 http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10 lua-cqueues 20190813-1 [192 kB]
Err:1 http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10 lua-cqueues 20190813-1
File has unexpected size (192160 != 191928). Mirror sync in progress? [IP: 130.57.72.10 80]
Hashes of expected file:
- SHA256:902d332c7f7b9d8ece5610a4af6aa543fc8140b7e6423f563481c6214f1b1580
- SHA1:c162b1633f56982069ebd9e517ea503b6986c743 [weak]
- MD5Sum:e0b0aebb49604dbe4c419effa4a83cfe [weak]
- Filesize:191928 [weak]
E: Failed to fetch http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10/./amd64/lua-cqueues_20190813-1_amd64.deb File has unexpected size (192160 != 191928). Mirror sync in progress? [IP: 130.57.72.10 80]
E: Failed to fetch http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/Debian_10/./amd64/lua-cqueues_20190813-1_amd64.deb File has unexpected size (192160 != 191928). Mirror sync in progress? [IP: 130.57.72.10 80]
Hashes of expected file:
- SHA256:902d332c7f7b9d8ece5610a4af6aa543fc8140b7e6423f563481c6214f1b1580
- SHA1:c162b1633f56982069ebd9e517ea503b6986c743 [weak]
- MD5Sum:e0b0aebb49604dbe4c419effa4a83cfe [weak]
- Filesize:191928 [weak]
Well,
stats.frequent()
is "suitable" in the sense that you can program your own logging (or anything) based on it, e.g. this demo (loaded as config):modules.load('stats') function log_frequent() local f = stats.frequent() log("%d elements", #f) stats.clear_frequent() table.sort(f, function (a, b) return a.count > b.count end) for _, item in ipairs(f) do log("%s %s", item.name, item.type) end end event.recurrent(10*min, log_frequent)
@vcunat This is working great along with file write capability. Question: since this is giving me the frequent list of domains per given interval, how can i get hit count for those domains that get listed.? I tried with item.count, item.name
but it simply displays all counts instead of frequency. any idea?
can I somehow remove the .local
from special names in policies? https://github.com/CZ-NIC/knot-resolver/blob/eb2b03df5d63c7141bda461c7a5ac7eabb8c630b/modules/policy/policy.lua#L923
I don't want to unload the whole policy
module and I have to apply view:addr
rules on the .local
. That seems impossible in case the policy rule kicks in first and triggers the non-chain action.
view:addr
is processed even though I break the chain in policy
. Thank you
I'm having an issue looking up certain .mil MX records. I would get SERVFAIL. However looking them up through other resolvers works. And also if I do a NS lookup before MX lookup, then it works too. For example:
kdig us.af.mil @127.0.0.1 MX
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 7115
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; us.af.mil. IN MX
;; Received 27 B
;; Time 2020-06-25 23:32:07 EDT
;; From 127.0.0.1@53(UDP) in 126.0 ms
kdig us.af.mil @127.0.0.1 NS
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 63682
;; Flags: qr rd ra; QUERY: 1; ANSWER: 6; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; us.af.mil. IN NS
;; ANSWER SECTION:
us.af.mil. 5 IN NS osan-ns10.afnoc.af.mil.
us.af.mil. 5 IN NS scott-ns10.afnoc.af.mil.
us.af.mil. 5 IN NS wpafb-ns10.afnoc.af.mil.
us.af.mil. 5 IN NS hickam-ns10.afnoc.af.mil.
us.af.mil. 5 IN NS langley-ns10.afnoc.af.mil.
us.af.mil. 5 IN NS peterson-ns10.afnoc.af.mil.
;; Received 188 B
;; Time 2020-06-25 23:32:09 EDT
;; From 127.0.0.1@53(UDP) in 156.9 ms
kdig us.af.mil @127.0.0.1 MX
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 55917
;; Flags: qr rd ra; QUERY: 1; ANSWER: 11; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; us.af.mil. IN MX
;; ANSWER SECTION:
us.af.mil. 39 IN MX 10 pri-usaf-eemsg.eemsg.mail.mil.
us.af.mil. 39 IN MX 20 scott-mail4.afnoc.af.mil.
us.af.mil. 39 IN MX 20 scott-mail5.afnoc.af.mil.
us.af.mil. 39 IN MX 20 scott-mail6.afnoc.af.mil.
us.af.mil. 39 IN MX 20 scott-mail7.afnoc.af.mil.
us.af.mil. 39 IN MX 20 scott-mail8.afnoc.af.mil.
us.af.mil. 39 IN MX 20 wpafb-mail4.afnoc.af.mil.
us.af.mil. 39 IN MX 20 wpafb-mail5.afnoc.af.mil.
us.af.mil. 39 IN MX 20 wpafb-mail6.afnoc.af.mil.
us.af.mil. 39 IN MX 20 wpafb-mail7.afnoc.af.mil.
us.af.mil. 39 IN MX 20 wpafb-mail8.afnoc.af.mil.
;; Received 358 B
;; Time 2020-06-25 23:32:12 EDT
;; From 127.0.0.1@53(UDP) in 47.7 ms