Welcome to Knot DNS's documentation!

• Introduction
  • What is Knot DNS
  • Knot DNS features
  • License
• Requirements
  • Hardware
  • Operating system
  • Required libraries
  • Optional libraries
• Installation
  • Installation from a package
  • Installation from source code
• Configuration
  • Simple configuration
  • Zone templates
  • Access control list (ACL)
  • Secondary (slave) zone
  • Primary (master) zone
  • Dynamic updates
  • Automatic DNSSEC signing
  • Catalog zones
  • DNS over QUIC
  • DNS over TLS
  • Query modules
  • Performance Tuning
• Operation
  • Configuration database
  • Dynamic configuration
  • Secondary (slave) mode
  • Primary (master) mode
  • Reading and editing zones
  • Reading and editing the zone file safely
  • Zone loading
  • Journal behaviour
  • Handling zone file, journal, changes, serials
  • Zone bootstrapping on secondary
  • Zone expiration
  • DNSSEC key states
  • DNSSEC key rollovers
  • DNSSEC shared KSK
  • DNSSEC delete algorithm
  • DNSSEC Offline KSK
  • DNSSEC multi-signer
  • DNSSEC keys import to HSM
  • Daemon controls
  • Logging
  • Data and metadata backup
  • Statistics
  • Mode XDP
• Troubleshooting
  • Reporting bugs
  • Generating backtrace
  • Crash caused by a Bus error
• Configuration Reference
  • Description
  • Comments
  • Including configuration
  • Clearing configuration sections
  • module section
  • server section
  • xdp section
  • control section
  • log section
  • statistics section
  • database section
  • keystore section
  • key section
  • remote section
  • remotes section
  • acl section
  • submission section
  • dnskey-sync section
  • policy section
  • template section
  • zone section
• Modules
  • authsignal – Automatic Authenticated DNSSEC Bootstrapping records
  • cookies — DNS Cookies
  • dnsproxy – Tiny DNS proxy
  • dnstap – Dnstap traffic logging
  • geoip — Geography-based responses
  • noudp — No UDP response
  • onlinesign — Online DNSSEC signing
  • probe — DNS traffic probe
  • queryacl — Limit queries by remote address or target interface
  • rrl — Response rate limiting
  • stats — Query statistics
  • synthrecord – Automatic forward/reverse records
  • whoami — Whoami response
• Utilities
  • knotd – Knot DNS server daemon
  • knotc – Knot DNS control utility
  • keymgr – Key management utility
  • kjournalprint – Knot DNS journal print utility
  • kcatalogprint – Knot DNS catalog print utility
  • kzonecheck – Knot DNS zone file checking tool
  • kzonesign – DNSSEC signing utility
  • kdig – Advanced DNS lookup utility
  • khost – Simple DNS lookup utility
  • knsec3hash – NSEC hash computation utility
  • knsupdate – Dynamic DNS update utility
  • kxdpgun – DNS benchmarking tool
• Migration
  • Upgrade 2.4.x to 2.5.x
  • Upgrade 2.5.x to 2.6.x
  • Upgrade 2.6.x to 2.7.x
  • Upgrade 2.7.x to 2.8.x
  • Upgrade 2.8.x to 2.9.x
  • Upgrade 2.9.x to 3.0.x
  • Upgrade 3.0.x to 3.1.x
  • Upgrade 3.1.x to 3.2.x
  • Upgrade 3.2.x to 3.3.x
  • Upgrade 3.3.x to 3.4.x
  • Knot DNS for BIND users
• Appendices
  • Compatible PKCS #11 Devices