Knot DNS is an open-source authoritative-only

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

for the

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...

. It was created from scratch and is actively developed by CZ.NIC, the

.CZ .cz is the country code top-level domain (ccTLD) for the Czech Republic. It is administered by CZ.NIC. Registrations must be ordered via accredited domain name registrars. Until Czechoslovakia was dissolved in 1993, it used the domain '' .cs''. ...

domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for

TLD A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...

operators to increase overall security, stability and resiliency of the

. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably

Read-copy-update In computer science, read-copy-update (RCU) is a synchronization mechanism that avoids the use of lock primitives while multiple threads concurrently read and update elements that are linked through pointers and that belong to shared data structur ...

or a special kind of a

radix tree In computer science, a radix tree (also radix trie or compact prefix tree or compressed trie) is a data structure that represents a space-optimized trie (prefix tree) in which each node that is the only child is merged with its parent. The resul ...

. Knot DNS uses a zone parser written in

Ragel Ragel is a finite-state machine compiler and a parser generator. Initially Ragel supported output for C, C++ and Assembly source code, and was expanded to support several other languages including Objective C, D, Go, Ruby, and Java. Additiona ...

to achieve very fast loading of the zones at the startup. It is also able to add and remove zones on the fly by changing the configuration file and reloading the server using the 'knotc' utility. Since version 3.0.0, Knot DNS supports a high performance XDP mode in Linux, which can improve response performance significantly.

Changelog

New in 1.2.0: Response Rate Limiting,

Dynamic DNS Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. The term is used to desc ...

, and a new remote control utility. New in 1.3.0: new zone parser in

(replaces zone compilation) and several client utilities (kdig, khost and knsupdate). New in 1.4.0: automatic

DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protoc ...

signing of the managed zones. New in 1.5.0: query modules with two new modules: "Automatic forward/reverse records" and dnstap. New in 1.6.0: persistent timers for slave zones (expire, refresh, and flush) using LMDB. New in 2.0.0: new YAML-based configuration, and new DNSSEC implementation using

GnuTLS GnuTLS (, the GNU Transport Layer Security Library) is a free software implementation of the TLS, SSL and DTLS protocols. It offers an application programming interface (API) for applications to enable secure communication over the network trans ...

. New in 2.1.0: dynamic configuration, PKCS #11 interface, and online DNSSEC signing. New in 2.2.0: Response Rate Limiting white listing, support for URI (RFC 7553) and CAA (RFC 6844) resource record types, interactive mode for 'knotc', new control interface for the server including simple Python bindings. New in 2.3.0: DNSSEC signing configured in server configuration, automatic NSEC3 resalting, zone operations over server control interface, TLS in kdig. New in 2.4.0: Unified LMDB based journal, new statistics module, automatic deletion of retired DNSSEC keys. New in 2.5.0: LMDB based KASP database, KSK rollover, dynamic modules, zone freeze/thaw, zone contents in journal. New in 2.6.0: On-slave DNSSEC signing, automatic DNSSEC algorithm rollover,

Ed25519 In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature scheme ...

algorithm support,

TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic co ...

. New in 2.7.0: Performance improvement, new module for DNS Cookies, new module for

GeoIP In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geogra ...

, support for ECS. New in 2.8.0: Offline-KSK, multithreaded DNSSEC signing, extended ACL for DDNS, zone update speed-up. New in 2.9.0: Significant zone update speed-up, TCP optimizations, configuration cleanup. New in 3.0.0: High performance XDP mode for UDP under Linux, catalog zones support, continuous DNSSEC validation, kzonesign and kxdpgun utilities, DoH support in kdig, deterministic ECDSA support, on-line backup of persistent data. New in 3.1.0: basic DNS over TCP using XDP, routing-aware XDP processing, ZONEMD generation and validation, SVCB/

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

support, zone catalog evolution,

EDNS Extension Mechanisms for DNS (EDNS) is a specification for expanding the size of several parameters of the Domain Name System (DNS) protocol which had size restrictions that the Internet engineering community deemed too limited for increasing fun ...

error (EDE) support,

epoll epoll is a Linux kernel system call for a scalable I/O event notification mechanism, first introduced in version 2.5.44 of the Linux kernel. Its function is to monitor multiple file descriptors to see whether I/O is possible on any of them. It i ...

kqueue Kqueue is a scalable event notification interface introduced in FreeBSD 4.1 in July 2000, also supported in NetBSD, OpenBSD, DragonFly BSD, and macOS. Kqueue was originally authored in 2000 by Jonathan Lemon, then involved with the FreeBSD Cor ...

support. New in 3.2.0:Knot DNS 3.2.0
/ref> full DNS over TCP using XDP (including transfers), DNS over

QUIC QUIC (pronounced "quick") is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google, implemented, and deployed in 2012, announced publicly in 2013 as experimentation broadened, and described at an IETF meet ...

in the XDP mode, DNSSEC multi-signer support.

References

External links

*
DNS server benchmarks

Knot Resolver
{{DEFAULTSORT:Knot DNS DNS software Free network-related software DNS server software for Linux

Changelog

See also

References

External links