Getting Started
Installation
Startup
First DNS query
Configuration
Listening on network interfaces
Example: Internal Resolver
Internal-only domains
Example: ISP Resolver
Limiting client access
TLS server configuration
Mandatory domain blocking
Example: Personal Resolver
Forwarding over TLS protocol (DNS-over-TLS)
Non-persistent cache
Configuration
Configuration Overview
Validation
JSON Schema
Getting the JSON Schema
Interactive visualization
Networking and protocols
Server (communication with clients)
Addresses and services
PROXYv2 protocol
TCP pipeline limit
DoT and DoH (encrypted DNS)
DNS-over-TLS (DoT)
DNS-over-HTTPS (DoH)
Configuration options for DoT and DoH
Client (retrieving answers from servers)
IPv4 and IPv6 usage
Forwarding
DNS protocol tweaks
DNS protocol tweaks
Performance and resiliency
Cache
Sizing
Clearing
Parameters
Return value
Persistence
Configuration reference
Multiple workers
Prefetching cache records
Expiring records
Prediction
Exported metrics
Cache prefilling
Dependencies
Serve stale
Running
Root on loopback (RFC 7706)
Priming
EDNS keepalive
Rate limiting
Policy, access control, data manipulation
Views and ACLs
Conditions
Actions
Local Data and RPZ
Forwarding
DNS64
Advanced options
IP address renumbering
Example configuration
Answer reordering
Rebinding protection
Refuse queries without RD bit
Tags
Logging, monitoring, diagnostics
DNSSEC validation failure logging
Statistics collector
Prometheus metrics endpoint
Graphite/InfluxDB/Metronome
Name Server Identifier (NSID)
Dnstap (traffic collection)
Sentinel for Detecting Trusted Root Keys
Signaling Trust Anchor Knowledge in DNSSEC
System time skew detector
Detect discontinuous jumps in the system time
Debugging options
DNSSEC, data verification
Lua Scripting
Experimental features
Experimental DNS-over-TLS Auto-discovery
How it works
Generating NS target names
Caveats
Dependencies
Deployment
Systemd
Manual
Multiple instances on a single server
Docker
Config
Cache
Advanced
Usage without the manager
Startup
Configuration
Usage without systemd and without manager
Process management
Garbage Collector
Privileges and capabilities
Using capabilities
Running as non-privileged user
Running as root
Management
HTTP API
Management HTTP API
Dynamically changing configuration
Reloading configuration file
HTTP API
Listen address
List of API endpoints
Config modification endpoint (v1)
kresctl utility
Connecting to the management API
Commands
For operators
Upgrading
5.x to 6.x
Older versions
Upgrading to version 6.x
Configuration
Conversion to YAML
Reconfiguration
Useful commands rosetta
Release notes
Version numbering
Knot Resolver 6.0.9 (2024-11-11)
Improvements
Bugfixes
Incompatible changes
Knot Resolver 6.0.8 (2024-07-23)
Security
Packaging
Improvements
Incompatible changes
Bugfixes
Knot Resolver 6.0.7 (2024-03-27)
Improvements
Bugfixes
Knot Resolver 6.0.6 (2024-02-13)
Security
Improvements
Bugfixes
Knot Resolver 6.0.5 (2024-01-09)
For developers
Developer documentation
Knot Resolver
Advanced
View page source
Advanced
ΒΆ
Usage without the manager
Startup
Configuration
Usage without systemd and without manager
Process management
Privileges and capabilities