Knot DNS
   HOME

TheInfoList



Click Here for Items Related To - Knot DNS
OR:
Knot DNS on:   [Wikipedia]   [Google]   [Amazon]

Knot DNS is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
authoritative-only
server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...
for the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...
. It was created from scratch and is actively developed by CZ.NIC, the
.CZ .cz is the country code top-level domain (ccTLD) for the Czech Republic administered by CZ.NIC. History Until Czechoslovakia was dissolved in 1993, it used the domain '' .cs''.The .cz domain came into effect in January 1993, following the dis ...
domain registry. The purpose of this project is to supply an alternative
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
implementation of an authoritative DNS server suitable for
TLD A top-level domain (TLD) is one of the domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the DNS root zone, root zone of the nam ...
operators to increase overall security, stability and resiliency of the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...
. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably
Read-copy-update In computer science, read-copy-update (RCU) is a synchronization mechanism that avoids the use of lock primitives while multiple threads concurrently read and update elements that are linked through pointers and that belong to shared data structur ...
or a special kind of a
radix tree In computer science, a radix tree (also radix trie or compact prefix tree or compressed trie) is a data structure that represents a space-optimized trie (prefix tree) in which each node that is the only child is merged with its parent. The resu ...
. Knot DNS uses a zone parser written in
Ragel Ragel ( IPA: ) is a finite-state machine compiler and a parser generator. Initially Ragel supported output for C, C++ and Assembly source code, later expanded to support several other languages including Objective-C, D, Go, Ruby, and Java. Ad ...
to achieve very fast loading of the zones at the startup. It is also able to add and remove zones on the fly by changing the configuration file and reloading the server using the 'knotc' utility. Since version 3.0.0, Knot DNS supports a high performance XDP mode in Linux, which can improve response performance significantly.


Changelog

New in 1.2.0: Response Rate Limiting,
Dynamic DNS Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. The term is used to desc ...
, and a new remote control utility. New in 1.3.0: new zone parser in
Ragel Ragel ( IPA: ) is a finite-state machine compiler and a parser generator. Initially Ragel supported output for C, C++ and Assembly source code, later expanded to support several other languages including Objective-C, D, Go, Ruby, and Java. Ad ...
(replaces zone compilation) and several client utilities (kdig, khost and knsupdate). New in 1.4.0: automatic
DNSSEC The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System ( DNS) in Internet Protocol ( IP) networks. The protoco ...
signing of the managed zones. New in 1.5.0: query modules with two new modules: "Automatic forward/reverse records" and dnstap. New in 1.6.0: persistent timers for slave zones (expire, refresh, and flush) using LMDB. New in 2.0.0: new YAML-based configuration, and new DNSSEC implementation using GnuTLS. New in 2.1.0: dynamic configuration, PKCS #11 interface, and online DNSSEC signing. New in 2.2.0: Response Rate Limiting white listing, support for URI (RFC 7553) and CAA (RFC 6844) resource record types, interactive mode for 'knotc', new control interface for the server including simple Python bindings. New in 2.3.0: DNSSEC signing configured in server configuration, automatic NSEC3 resalting, zone operations over server control interface, TLS in kdig. New in 2.4.0: Unified LMDB based journal, new statistics module, automatic deletion of retired DNSSEC keys. New in 2.5.0: LMDB based KASP database, KSK rollover, dynamic modules, zone freeze/thaw, zone contents in journal. New in 2.6.0: On-slave DNSSEC signing, automatic DNSSEC algorithm rollover, Ed25519 algorithm support,
TCP Fast Open In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic co ...
. New in 2.7.0: Performance improvement, new module for DNS Cookies, new module for
GeoIP In computing, Internet geolocation is software capable of deducing the geographic position of a device connected to the Internet. For example, the device's IP address can be used to determine the country, city, or ZIP code, determining its geograph ...
, support for ECS. New in 2.8.0: Offline-KSK, multithreaded DNSSEC signing, extended ACL for DDNS, zone update speed-up. New in 2.9.0: Significant zone update speed-up, TCP optimizations, configuration cleanup. New in 3.0.0: High performance XDP mode for UDP under Linux, catalog zones support, continuous DNSSEC validation, kzonesign and kxdpgun utilities, DoH support in kdig, deterministic ECDSA support, on-line backup of persistent data. New in 3.1.0: basic DNS over TCP using XDP, routing-aware XDP processing, ZONEMD generation and validation, SVCB/
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
support, zone catalog evolution, EDNS error (EDE) support,
epoll epoll is a Linux kernel system call for a scalable I/O event notification mechanism, first introduced in version 2.5.45 of the Linux kernel. Its function is to monitor multiple file descriptors to see whether I/O is possible on any of them. It is ...
/
kqueue Kqueue is a scalable event notification interface introduced in FreeBSD 4.1 in July 2000, also supported in NetBSD, OpenBSD, DragonFly BSD, and macOS. Kqueue was originally authored in 2000 by Jonathan Lemon, then involved with the FreeBSD Core T ...
support. New in 3.2.0: full DNS over TCP using XDP (including transfers), DNS over
QUIC QUIC () is a general-purpose transport layer network protocol initially designed by Jim Roskind at Google. It was first implemented and deployed in 2012 and was publicly announced in 2013 as experimentation broadened. It was also described at an ...
in the XDP mode, DNSSEC multi-signer support. New in 3.3.0: full DNS over QUIC (using both XDP and operating system TCP/IP-stack), bidirectional XFR over QUIC, multi-signer operation mode. New in 3.4.0:Knot DNS 3.4.0
/ref> full
DNS over TLS DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by prevent ...
,
DDNS Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. The term is used to desc ...
over QUIC and TLS, bidirectional XFR over TLS, automatic DNSSEC revalidation, refined RRL module.


See also

*
Comparison of DNS server software This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software. Servers compared Each of these Domain Name System, DNS servers is an inde ...


References


External links

*
DNS server benchmarks

Knot Resolver
{{DEFAULTSORT:Knot DNS DNS software Free software programmed in C Free network-related software DNS server software for Linux