1. kresd/etc

について、ここに記述してください。

/etc/default/kresd -- ToshinoriMaeno 2018-01-12 00:22:36

# cat kresd
# Used for systemd socket activation
KRESD_ARGS="--config=/etc/knot-resolver/kresd.conf --verbose --forks=1 --keyfile=/usr/share/dns/root.key /run/knot-resolver/cache"

# Standalone daemon arguments
DAEMON_ARGS="--addr=127.0.0.1#53 --addr=::1#53 $KRESD_ARGS"

config.isp

-- Config file example useable for multi-user ISP resolver
-- Refer to manual:\ 
  http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration

-- Listen on localhost and external interface
net = { '127.0.0.1', '::1', '192.168.1.1' }

-- Drop root privileges
user('kresd', 'kresd')

-- Auto-maintain root TA
trust_anchors.file = 'root.keys'

-- Large cache size, so we don't need to flush often
-- This can be larger than available RAM, least frequently accessed
-- records will be paged out
cache.size = 4 * GB 

-- Load Useful modules
modules = {
        'policy',   -- Block queries to local zones/bad sites
        'view',     -- Views for certain clients
        'cachectl', -- Cache control interface
        'hints',    -- Load /etc/hosts and allow custom root hints
        'stats',    -- Track internal statistics
        graphite = { -- Send statistics to local InfluxDB
                -- `worker.id` allows us to keep per-fork statistics
                prefix = hostname()..worker.id,
                -- Address of the Graphite/InfluxDB server
                host = '192.168.1.2',
        }
}

-- Block all `site.nl` for `10.0.0.0/24` subnet
view:addr('10.0.0.0/24', policy.suffix(policy.DROP, {todname('site.nl')}))
-- Force all clients from `192.168.2.0/24` to TCP
view:addr('192.168.2.0/24', policy.all(policy.TC))
-- Apply RPZ for all clients, default rule is DENY
policy:add(policy.rpz(policy.DENY, 'blacklist.rpz'))