High-performance authoritative DNS server

Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the modern domain name system.

Download

News

Version 3.3.5

Wednesday, March 6, 2024

Features:

  • knotd: new module mod-authsignal for automatic authenticated DNSSEC bootstrapping records synthesis (Thanks to Peter Thomassen)
  • kzonecheck: new optional ZONEMD verification (see option '-z')

Improvements:

  • knotd: new DNSSEC key rollover …
Open source

Open source

Knot DNS is open-­source. It is com­plete­ly free to down­load and use. The source code is avail­able un­der GPL 3+ li­cense. Our de­vel­op­ment process is trans­par­ent and driv­en by the needs of com­mu­ni­ty and do­nat­ing user­s. The tar­get plat­forms are Lin­ux, BS­D's, ma­cOS, and oth­er POSIX op­er­at­ing sys­tem­s.

Feature-packed

Feature-packed

Knot DNS pro­vides es­sen­tial DNS fea­tures in­clud­ing in­cre­men­tal zone trans­fers (IXFR), dy­nam­ic up­dates (DDNS) and re­sponse rate lim­it­ing (RRL). More ad­vanced fea­tures in­clude au­to­mat­ic DNSSEC sign­ing, dy­nam­ic A/AAAA/PTR records syn­the­sis, or rapid on-the-fly re­con­fig­u­ra­tion.

High performance

High performance

The serv­er is suit­able for any use case. With its high per­for­ma­ce, un­matched DNSSEC im­ple­men­ta­tion, and oth­er fea­tures it works ex­cep­tion­al­ly well as a root or a TLD name serv­er. It's ca­pa­ble of non-stop op­er­a­tion. The re­spond­ing code is com­plete­ly lock­-free and there­fore the serv­er achieves very high re­sponse rate.

Secure and stable

Secure and stable

In ad­di­tion to per­for­ma­ce, se­cu­ri­ty and sta­bil­i­ty are the oth­er key goals of the de­sign. The code is be­ing con­stant­ly checked by an ex­ten­sive test­ing suite to at­tain sta­bil­i­ty, as­sure in­ter­op­er­abil­i­ty with oth­er DNS im­ple­men­ta­tion­s, avoid per­for­mance re­gres­sion­s, and cir­cum­vent pos­si­ble se­cu­ri­ty-re­lat­ed prob­lem­s.

Knot Resolver

The Knot Re­solver is a caching full re­solver im­ple­men­ta­tion writ­ten in C and LuaJIT, in­clud­ing both a re­solver li­brary and a dae­mon. Mod­u­lar ar­chi­tec­ture of the li­brary keeps the core tiny and ef­fi­cien­t, and pro­vides a state-­ma­chine-­like API.