https://software.opensuse.org//download.html?project=home%3ACZ-NIC%3Aknot-resolver-latest&package=knot-resolver
sh -c "echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-latest/xUbuntu_18.04/ /' > /etc/apt/sources.list.d/home:CZ-NIC:knot-resolver-latest.list"
wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:knot-resolver-latest/xUbuntu_18.04/Release.key -O Release.key
apt-key add - < Release.key
apt-get update -y
apt-get install knot-resolver
-- vim:syntax=lua:
-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
-- Load useful modules
modules = {
'policy', -- Block queries to local zones/bad sites
'hints', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
'daf'
}
-- See kresd.systemd(7) about configuring network interfaces when using systemd
-- Listen on localhost (default)
-- net = { net.ens160 }
net.tls('/etc/letsencrypt/live/dns.jp.blahdns.com/fullchain.pem','/etc/letsencrypt/live/dns.jp.blahdns.com/privkey.pem')
net.listen('::', 853)
net.listen('0.0.0.0', 853)
-- Cache size
cache.size = 100 * MB
daf.add 'src = 0.0.0.0/24 forward 127.0.0.1@53'
policy.add(policy.all(policy.STUB('127.0.0.1')))
--Disallow ANY queries
policy.add(function (req, query)
if query.stype == kres.type.ANY then
return policy.DROP
end
end)
-- Prefetch learning (20-minute blocks over 24 hours)
predict.config (20, 72)
- allow port tcp 853 by default
/usr/sbin/kresd -c /etc/knot-resolver/kresd.conf
Credit: made by @ookangzheng @blahdns.com