Getting Started
Installation
Startup
First DNS query
Configuration
Listening on network interfaces
Example: Internal Resolver
Internal-only domains
Example: ISP Resolver
Limiting client access
TLS server configuration
Mandatory domain blocking
Example: Personal Resolver
Forwarding over TLS protocol (DNS-over-TLS)
Non-persistent cache
Configuration
Configuration Overview
Validation
JSON Schema
Getting the JSON Schema
Interactive visualization
Networking and protocols
Server (communication with clients)
Addresses and services
PROXYv2 protocol
TCP pipeline limit
DoT and DoH (encrypted DNS)
DNS-over-TLS (DoT)
DNS-over-HTTPS (DoH)
Configuration options for DoT and DoH
Client (retrieving answers from servers)
IPv4 and IPv6 usage
Forwarding
DNS protocol tweaks
DNS protocol tweaks
Performance and resiliency
Cache
Sizing
Clearing
Parameters
Return value
Persistence
Configuration reference
Multiple workers
Prefetching cache records
Expiring records
Prediction
Exported metrics
Cache prefilling
Dependencies
Serve stale
Running
Root on loopback (RFC 7706)
Priming
EDNS keepalive
Rate limiting
Policy, access control, data manipulation
Views and ACLs
Conditions
Actions
Local Data and RPZ
Forwarding
DNS64
Advanced options
IP address renumbering
Example configuration
Answer reordering
Rebinding protection
Refuse queries without RD bit
Tags
Logging, monitoring, diagnostics
DNSSEC validation failure logging
Statistics collector
Prometheus metrics endpoint
Graphite/InfluxDB/Metronome
Name Server Identifier (NSID)
Dnstap (traffic collection)
Sentinel for Detecting Trusted Root Keys
Signaling Trust Anchor Knowledge in DNSSEC
System time skew detector
Detect discontinuous jumps in the system time
Debugging options
DNSSEC, data verification
Lua Scripting
Experimental features
Experimental DNS-over-TLS Auto-discovery
How it works
Generating NS target names
Caveats
Dependencies
Deployment
Systemd
Manual
Multiple instances on a single server
Docker
Config
Cache
Advanced
Usage without the manager
Startup
Configuration
Usage without systemd and without manager
Process management
Garbage Collector
Privileges and capabilities
Using capabilities
Running as non-privileged user
Running as root
Management
HTTP API
Management HTTP API
Dynamically changing configuration
Reloading configuration file
HTTP API
Listen address
List of API endpoints
Config modification endpoint (v1)
kresctl utility
Connecting to the management API
Commands
For operators
Upgrading
5.x to 6.x
Older versions
Upgrading to version 6.x
Configuration
Conversion to YAML
Reconfiguration
Useful commands rosetta
Release notes
Version numbering
Knot Resolver 6.0.9 (2024-11-11)
Improvements
Bugfixes
Incompatible changes
Knot Resolver 6.0.8 (2024-07-23)
Security
Packaging
Improvements
Incompatible changes
Bugfixes
Knot Resolver 6.0.7 (2024-03-27)
Improvements
Bugfixes
Knot Resolver 6.0.6 (2024-02-13)
Security
Improvements
Bugfixes
Knot Resolver 6.0.5 (2024-01-09)
For developers
Developer documentation
Knot Resolver
Index
Index
Symbols
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
K
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
Symbols
"chunk-size":
command line option
"chunk_limit":
command line option
"count":
command line option
"exact-name":
command line option
"name":
command line option
"not_apex":
command line option
"rr-type":
command line option
"subtree":
command line option
--chunk-size
kresctl command line option
--config
kresctl command line option
--exact-name
kresctl command line option
--help
kresctl command line option
--json
kresctl command line option
,
[1]
--live
kresctl command line option
--no-strict
kresctl command line option
,
[1]
--path
kresctl command line option
,
[1]
,
[2]
--prometheus
kresctl command line option
--rr-type
kresctl command line option
--socket
kresctl command line option
--type
kresctl command line option
--yaml
kresctl command line option
,
[1]
-c
kresctl command line option
-h
kresctl command line option
-l
kresctl command line option
-p
kresctl command line option
,
[1]
,
[2]
-s
kresctl command line option
<input_file>
kresctl command line option
,
[1]
[file]
kresctl command line option
,
[1]
,
[2]
[file|value]
kresctl command line option
[name]
kresctl command line option
[output_file]
kresctl command line option
A
address:
command line option
,
[1]
address]>
command line option
addresses-files:
command line option
addresses:
command line option
allow:
command line option
answer:
command line option
assertion-abort:
command line option
assertion-fork:
command line option
authoritative:
command line option
B
built-in function
user()
C
ca-file:
command line option
,
[1]
cache
kresctl command line option
cache.size
cache/ns-timeout:
command line option
cache/prefill:
command line option
cache/size-max:
command line option
cache/storage:
command line option
cache/ttl-max:
command line option
cache/ttl-min:
command line option
cert-file:
command line option
command line option
"chunk-size":
"chunk_limit":
"count":
"exact-name":
"name":
"not_apex":
"rr-type":
"subtree":
address:
,
[1]
address]>
addresses-files:
addresses:
allow:
answer:
assertion-abort:
assertion-fork:
authoritative:
ca-file:
,
[1]
cache/ns-timeout:
cache/prefill:
cache/size-max:
cache/storage:
cache/ttl-max:
cache/ttl-min:
cert-file:
dns64:
dnssec:
,
[1]
downstream
dst-subnet:
enabled:
file:
,
[1]
,
[2]
forward:
freebind:
groups:
hold-down-time:
host:
hostname:
interface:
interval:
keep-removed:
key-file:
kind:
level:
local-data:
logging/debugging:
logging:
lua/script-file:
lua/script-only:
lua/script:
minimize:
monitoring/graphite:
monitoring:
name:
negative-trust-anchors:
network/do-ipv4:
network/do-ipv6:
network/edns-buffer-size:
network/listen:
network/out-interface-v4:
network/out-interface-v6:
network/proxy-protocol:
network/tcp-pipeline:
network/tls:
nodata:
,
[1]
options/glue-checking:
options/reorder-rrset:
options/violators-workarounds:
options:
,
[1]
origin:
padding:
port:
,
[1]
prefix:
protocols:
rate-limiting/capacity:
rate-limiting/dry-run:
rate-limiting/instant-limit:
rate-limiting/log-period:
rate-limiting/rate-limit:
rate-limiting/slip:
read-only:
records:
,
[1]
refresh-interval:
refresh-time:
rpz:
rules:
servers:
sticket-secret-file:
sticket-secret:
subnets:
subtree:
,
[1]
tags:
,
[1]
,
[2]
target:
tcp:
transport:
trust-anchors-files:
trust-anchors:
ttl:
,
[1]
unix-socket:
upstream
url:
views:
config
kresctl command line option
convert
kresctl command line option
D
delete
kresctl command line option
dns64:
command line option
dnssec:
command line option
,
[1]
downstream
command line option
dst-subnet:
command line option
E
enabled:
command line option
environment variable
cache.size
F
file:
command line option
,
[1]
,
[2]
forward:
command line option
freebind:
command line option
G
get
kresctl command line option
groups:
command line option
H
hold-down-time:
command line option
host:
command line option
hostname:
command line option
I
interface:
command line option
interval:
command line option
K
keep-removed:
command line option
key-file:
command line option
kind:
command line option
kresctl command line option
--chunk-size
--config
--exact-name
--help
--json
,
[1]
--live
--no-strict
,
[1]
--path
,
[1]
,
[2]
--prometheus
--rr-type
--socket
--type
--yaml
,
[1]
-c
-h
-l
-p
,
[1]
,
[2]
-s
<input_file>
,
[1]
[file]
,
[1]
,
[2]
[file|value]
[name]
[output_file]
cache
config
convert
delete
get
metrics
reload
schema
set
stop
validate
L
level:
command line option
local-data:
command line option
logging/debugging:
command line option
logging:
command line option
lua/script-file:
command line option
lua/script-only:
command line option
lua/script:
command line option
M
metrics
kresctl command line option
minimize:
command line option
monitoring/graphite:
command line option
monitoring:
command line option
N
name:
command line option
negative-trust-anchors:
command line option
network/do-ipv4:
command line option
network/do-ipv6:
command line option
network/edns-buffer-size:
command line option
network/listen:
command line option
network/out-interface-v4:
command line option
network/out-interface-v6:
command line option
network/proxy-protocol:
command line option
network/tcp-pipeline:
command line option
network/tls:
command line option
nodata:
command line option
,
[1]
O
options/glue-checking:
command line option
options/reorder-rrset:
command line option
options/violators-workarounds:
command line option
options:
command line option
,
[1]
origin:
command line option
P
padding:
command line option
port:
command line option
,
[1]
prefix:
command line option
protocols:
command line option
R
rate-limiting/capacity:
command line option
rate-limiting/dry-run:
command line option
rate-limiting/instant-limit:
command line option
rate-limiting/log-period:
command line option
rate-limiting/rate-limit:
command line option
rate-limiting/slip:
command line option
read-only:
command line option
records:
command line option
,
[1]
refresh-interval:
command line option
refresh-time:
command line option
reload
kresctl command line option
RFC
RFC 1034
RFC 1035
RFC 4035
RFC 5001
RFC 5011
,
[1]
,
[2]
,
[3]
,
[4]
RFC 5077
RFC 6147
RFC 6891
RFC 6901
,
[1]
,
[2]
RFC 7540
RFC 7540 Section 9.2
RFC 7646
RFC 7706
RFC 7828
RFC 7858
RFC 8109
RFC 8145 Section 5
RFC 8198
,
[1]
RFC 8310
RFC 8484
,
[1]
RFC 8509
RFC 8906
rpz:
command line option
rules:
command line option
S
schema
kresctl command line option
servers:
command line option
set
kresctl command line option
sticket-secret-file:
command line option
sticket-secret:
command line option
stop
kresctl command line option
subnets:
command line option
subtree:
command line option
,
[1]
T
tags:
command line option
,
[1]
,
[2]
target:
command line option
tcp:
command line option
transport:
command line option
trust-anchors-files:
command line option
trust-anchors:
command line option
ttl:
command line option
,
[1]
U
unix-socket:
command line option
upstream
command line option
url:
command line option
user()
built-in function
V
validate
kresctl command line option
views:
command line option