home.social

#knotresolver — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #knotresolver, aggregated by home.social.

  1. Setting up protective DNS with Knot Resolver 6

    A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

    blog.frehi.be/2026/05/10/setti

  2. Setting up protective DNS with Knot Resolver 6

    A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

    blog.frehi.be/2026/05/10/setti

  3. Setting up protective DNS with Knot Resolver 6

    A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

    blog.frehi.be/2026/05/10/setti

  4. Setting up protective DNS with Knot Resolver 6

    A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

    blog.frehi.be/2026/05/10/setti

  5. Setting up protective DNS with Knot Resolver 6

    A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

    blog.frehi.be/2026/05/10/setti

  6. Our #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!

  7. Our at is ! If you are around and want to learn more about our or about other projects like or , drop by and talk to us!

  8. Our #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!

  9. Our #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!

  10. Our #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!

  11. @DJGummikuh Hi, is actually made to be compatible with as much as possible. Only thing where we differ is settings. We are using (for and more). You can enable and ignore DNS settings in reForis. For the rest of the system, we are just handling 😉 But we push all necessary patches to kernel, so you can install not only (there is contributed howto on their wiki), but also many other distributions 😉

  12. @DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉

  13. @DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉

  14. @DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉

  15. @DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉

  16. Turns out I never posted this, even though it's been out for some time.

    During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

    en.blog.nic.cz/2024/09/11/laye

    #KnotResolver #DNS #QUIC #IO

  17. Turns out I never posted this, even though it's been out for some time.

    During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

    en.blog.nic.cz/2024/09/11/laye

    #KnotResolver #DNS #QUIC #IO

  18. Turns out I never posted this, even though it's been out for some time.

    During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

    en.blog.nic.cz/2024/09/11/laye

    #KnotResolver #DNS #QUIC #IO

  19. Turns out I never posted this, even though it's been out for some time.

    During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

    en.blog.nic.cz/2024/09/11/laye

    #KnotResolver #DNS #QUIC #IO

  20. Turns out I never posted this, even though it's been out for some time.

    During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

    en.blog.nic.cz/2024/09/11/laye

    #KnotResolver #DNS #QUIC #IO

  21. Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

    #homelab #dns #knot #KnotResolver #podman

  22. Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

    #homelab #dns #knot #KnotResolver #podman

  23. Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

    #homelab #dns #knot #KnotResolver #podman

  24. Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

    #homelab #dns #knot #KnotResolver #podman

  25. Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

    #homelab #dns #knot #KnotResolver #podman

  26. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  27. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  28. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  29. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  30. My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

    en.blog.nic.cz/2024/07/15/knot

    #KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

  31. Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
    Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: blog.b1-systems.de/verschlusse
    #DoT #DoH #knotresolver #Debian #Bullseye

  32. Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
    Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: blog.b1-systems.de/verschlusse
    #DoT #DoH #knotresolver #Debian #Bullseye

  33. Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
    Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: blog.b1-systems.de/verschlusse
    #DoT #DoH #knotresolver #Debian #Bullseye

  34. Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
    Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: blog.b1-systems.de/verschlusse
    #DoT #DoH #knotresolver #Debian #Bullseye

  35. Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
    Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: blog.b1-systems.de/verschlusse
    #DoT #DoH #knotresolver #Debian #Bullseye

  36. @yojimbo That's what's configured.

    There's also a specific request to not cache results for the domains in question.

    -- Forward archive.is/archive.fo queries as Cloudflare breaks these.
    -- Sun Jun 2 00:43:35 CDT 2019

    extraTrees = policy.todnames({'archive.is', 'archive.ph', 'archive.vn', 'archive.fo', 'archive.li', 'archive.md', 'archive.today' })

    policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees))


    policy.add(
    policy.suffix(
    policy.STUB('192.168.0.1'), {
    -- policy.STUB('8.8.8.8'), {
    todname('archive.is'),
    todname('archive.ph'),
    todname('archive.vn'),
    todname('archive.fo'),
    todname('archive.li'),
    todname('archive.md'),
    todname('archive.today')
    }
    )
    )

    I'm restarting kresd to test (should clear caches), as well as the upstream. And restarting Android networking (clears Android's own DNS cache).

    Still naada.

    @freakazoid @dch @jpmens

    #kresd #KnotResolver #DNS #Networking

  37. @yojimbo That's what's configured.

    There's also a specific request to not cache results for the domains in question.

    -- Forward archive.is/archive.fo queries as Cloudflare breaks these.
    -- Sun Jun 2 00:43:35 CDT 2019

    extraTrees = policy.todnames({'archive.is', 'archive.ph', 'archive.vn', 'archive.fo', 'archive.li', 'archive.md', 'archive.today' })

    policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees))


    policy.add(
    policy.suffix(
    policy.STUB('192.168.0.1'), {
    -- policy.STUB('8.8.8.8'), {
    todname('archive.is'),
    todname('archive.ph'),
    todname('archive.vn'),
    todname('archive.fo'),
    todname('archive.li'),
    todname('archive.md'),
    todname('archive.today')
    }
    )
    )

    I'm restarting kresd to test (should clear caches), as well as the upstream. And restarting Android networking (clears Android's own DNS cache).

    Still naada.

    @freakazoid @dch @jpmens

    #kresd #KnotResolver #DNS #Networking

  38. #DearMastomind I am trying to grok kresd, the Knot Resolver (used on the Turris Omnia) ... and ... am encoutering impenetrable documentation.

    If there's anyone famiar with it, my current goals:

    • Point specific domains at a specific DNS server.
    • Map one domain to another. E.g., youtube.com -> yewtu.be, reddit.com -> teddit.net, etc.
    • Assign specific IPs to specific hosts.

    knot-resolver.readthedocs.io/e

    My other option is to redo my DNS configuration using DNSMasq. Which quite frankly is probably preferable as its documentation and configuration are much more sane.

    #kresd #KnotResolver #Turris #Omnia #TurrisOmnia #OpenWRT #DNS #dnsmasq

  39. #DearMastomind I am trying to grok kresd, the Knot Resolver (used on the Turris Omnia) ... and ... am encoutering impenetrable documentation.

    If there's anyone famiar with it, my current goals:

    • Point specific domains at a specific DNS server.
    • Map one domain to another. E.g., youtube.com -> yewtu.be, reddit.com -> teddit.net, etc.
    • Assign specific IPs to specific hosts.

    knot-resolver.readthedocs.io/e

    My other option is to redo my DNS configuration using DNSMasq. Which quite frankly is probably preferable as its documentation and configuration are much more sane.

    #kresd #KnotResolver #Turris #Omnia #TurrisOmnia #OpenWRT #DNS #dnsmasq