1. kresd/etc
について、ここに記述してください。
/etc/default/kresd -- ToshinoriMaeno 2018-01-12 00:22:36
# cat kresd # Used for systemd socket activation KRESD_ARGS="--config=/etc/knot-resolver/kresd.conf --verbose --forks=1 --keyfile=/usr/share/dns/root.key /run/knot-resolver/cache" # Standalone daemon arguments DAEMON_ARGS="--addr=127.0.0.1#53 --addr=::1#53 $KRESD_ARGS"
config.isp
-- Config file example useable for multi-user ISP resolver
-- Refer to manual:\
http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration
-- Listen on localhost and external interface
net = { '127.0.0.1', '::1', '192.168.1.1' }
-- Drop root privileges
user('kresd', 'kresd')
-- Auto-maintain root TA
trust_anchors.file = 'root.keys'
-- Large cache size, so we don't need to flush often
-- This can be larger than available RAM, least frequently accessed
-- records will be paged out
cache.size = 4 * GB
-- Load Useful modules
modules = {
'policy', -- Block queries to local zones/bad sites
'view', -- Views for certain clients
'cachectl', -- Cache control interface
'hints', -- Load /etc/hosts and allow custom root hints
'stats', -- Track internal statistics
graphite = { -- Send statistics to local InfluxDB
-- `worker.id` allows us to keep per-fork statistics
prefix = hostname()..worker.id,
-- Address of the Graphite/InfluxDB server
host = '192.168.1.2',
}
}
-- Block all `site.nl` for `10.0.0.0/24` subnet
view:addr('10.0.0.0/24', policy.suffix(policy.DROP, {todname('site.nl')}))
-- Force all clients from `192.168.2.0/24` to TCP
view:addr('192.168.2.0/24', policy.all(policy.TC))
-- Apply RPZ for all clients, default rule is DENY
policy:add(policy.rpz(policy.DENY, 'blacklist.rpz'))