knot-resolver & DAF

DNS, networking

I have a multi-homed file server on my home network which I use for SMB/NFS and similar, and I wanted to avoid routing due to reasons so multi-homing it was.

However, now I had issues using my internal DNS records. Luckily this was fairly simple to solve with knot-resolver and it’s built-in DNS application firewall (daf)!

First thing first, enable the module by adding it to your modules. Then just add rules as you see fit. Below is an example.

modules = {
  -- whatever you have here, then add:

-- Rewrite NAS IP depending on query source network
daf.add('qname ~ AND src = rewrite A')
daf.add('qname ~ AND src = rewrite A')

For my needs, this was very simple and does exactly what I need. Now, if I ask for from it will reply