High-performance authoritative-only DNS server

Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the modern domain name system.



Version 2.7.3

Thursday, October 11, 2018


  • New queryacl module for query access control
  • Configurable answer rrset rotation #612
  • Configurable NSEC bitmap in online signing


  • Better error logging for KASP DB operations #601
  • Some documentation …
Open source

Open source

Knot DNS is open-­source. It is com­plete­ly free to down­load and use. The source code is avail­able un­der GPL li­cense. Our de­vel­op­ment process is trans­par­ent and driv­en by the needs of com­mu­ni­ty and do­nat­ing user­s.



Knot DNS pro­vides es­sen­tial DNS fea­tures in­clud­ing in­cre­men­tal zone trans­fers (IXFR), dy­nam­ic up­dates (DDNS) and re­sponse rate lim­it­ing (RRL). More ad­vanced fea­tures in­clude au­to­mat­ic DNSSEC sign­ing, dy­nam­ic A/AAAA/PTR records syn­the­sis, or rapid on-the-fly re­con­fig­u­ra­tion.

High performance

High performance

The serv­er was de­signed to meet the needs of root and TLD name server­s. It is ca­pa­ble of non-stop op­er­a­tion. The re­spond­ing code is com­plete­ly lock­-free and the serv­er is there­fore ca­pa­ble of achiev­ing a very high re­sponse rate.

Secure and stable

Secure and stable

The code is be­ing con­stant­ly checked by an ex­ten­sive test­ing suite to at­tain sta­bil­i­ty, as­sure in­ter­op­er­abil­i­ty with oth­er DNS im­ple­men­ta­tion­s, avoid per­for­mance re­gres­sion­s, and cir­cum­vent pos­si­ble se­cu­ri­ty-re­lat­ed prob­lem­s.

Try our new Knot Resolver

The Knot Re­solver is a caching full re­solver im­ple­men­ta­tion writ­ten in C and LuaJIT, in­clud­ing both a re­solver li­brary and a dae­mon. Mod­u­lar ar­chi­tec­ture of the li­brary keeps the core tiny and ef­fi­cien­t, and pro­vides a state-­ma­chine-­like API.