Logo

Building from sources

  • Cloning the repository
  • Building with apkg
  • Building with Meson
    • Dependencies
    • Compilation
    • Build options
      • Customizing compiler flags
  • Testing infrastructure
    • The manager unit tests
    • Unit tests
    • Postinstall tests
    • Config tests
    • Extra tests
    • Useful meson commands
    • Documentation
    • Tarball
    • Packaging
      • Systemd
      • Trust anchors
  • Installing the manager from source
  • Docker image
  • Manager development environment
    • Reproducible development environment
    • Running the manager from source for the first time
    • Advanced workspace directory setup
    • Commands
    • Contributing
    • Minimal development environment
    • Packaging
    • Testing
    • Code editor
    • FAQ
      • What all those dev dependencies for?
      • Why Poetry? Why should I learn a new tool?

Architecture

  • System architecture
    • Knot Resolver startup
    • Failure handling
    • Individual components
      • manager
        • API
        • Config processing
        • Actual manager
        • Interactions with supervisord
      • kresd
      • cache-gc
      • policy-loader
        • The resolver’s cold start
  • Manager code structure
    • The subprocess controllers
    • Processing of configuration change requests
  • Layered protocols
    • Motivation
    • Sessions, tasks, wire buffers, protocol ceremony
    • Isolation of protocols
    • Protocol layers
      • Defining a protocol
      • Transforming payloads
      • Events

Debugging

  • Debugging with kresctl
    • Subprocess types

Lua configuration

  • Syntax
  • Documentation Conventions
  • Modules
    • modules.list()
    • modules.load()
    • modules.unload()
  • Networking and protocols
    • Server (communication with clients)
      • Addresses and services
        • net.listen()
        • PROXYv2 protocol
        • Features for scripting
      • DoT and DoH (encrypted DNS)
        • DNS-over-TLS (DoT)
        • DNS-over-HTTPS (DoH)
        • Configuration options for DoT and DoH
        • Configuration options for DoH
      • Other HTTP services
        • Example configuration
        • HTTPS (TLS for HTTP)
        • Legacy DNS-over-HTTPS (DoH)
        • Built-in services
        • Dependencies
    • Client (retrieving answers from servers)
      • IPv4 and IPv6 usage
        • net.outgoing_v4()
        • net.outgoing_v6()
    • DNS protocol tweaks
      • DNS protocol tweaks
        • net.bufsize()
    • Buffering tweaks
      • Buffering tweaks
  • Performance and resiliency
    • Cache
      • Sizing
      • Persistence
      • Configuration reference
        • cache.open()
        • cache.backends()
        • cache.count()
        • cache.close()
        • cache.fssize()
        • cache.stats()
        • cache.max_ttl()
        • cache.min_ttl()
        • cache.ns_tout()
        • cache.get()
        • cache.clear()
    • Multiple instances
      • Zero-downtime restarts
      • Instance-specific configuration
    • Prefetching cache records
      • Expiring records
      • Prediction
      • Example configuration
      • Exported metrics
      • Properties
        • predict.config()
    • Cache prefilling
      • Dependencies
    • Serve stale
      • Running
    • Root on loopback (RFC 7706)
    • Priming module
    • EDNS keepalive
    • XDP for higher UDP performance
      • Prerequisites
      • Set up
      • Optimizations
      • Limitations
  • Policy, access control, data manipulation
    • Query policies
      • Filters
        • all()
        • pattern()
        • suffix()
        • domains()
        • suffix_common()
        • custom_filter()
      • Actions
        • Non-chain actions
        • Chain actions
        • Actions for extra logging
        • Custom actions
      • Forwarding
        • FORWARD()
        • STUB()
      • Forwarding over TLS protocol (DNS-over-TLS)
        • TLS_FORWARD()
        • CA+hostname authentication
        • Key-pinned authentication
        • TLS Examples
        • Forwarding to multiple targets
      • Replacing part of the DNS tree
      • Response policy zones
        • rpz()
      • Additional properties
        • add()
        • del()
        • todnames()
    • Views and ACLs
      • Example configuration
      • Rule order
      • Properties
    • Static hints
      • Examples
      • Properties
        • hints.config()
        • hints.add_hosts()
        • hints.get()
        • hints.set()
        • hints.del()
        • hints.root_file()
        • hints.root()
        • hints.use_nodata()
        • hints.ttl()
    • DNS64
      • Simple example
      • Advanced options
    • IP address renumbering
      • Example configuration
    • Answer reordering
      • reorder_RR()
    • Rebinding protection
    • Refuse queries without RD bit
    • DNS Application Firewall
      • Example configuration
      • Web interface
      • RESTful interface
  • Logging, monitoring, diagnostics
    • log_level()
      • verbose()
    • log_target()
    • log_groups()
    • DNSSEC validation failure logging
    • Statistics collector
      • Built-in statistics
      • Module reference
        • stats.get()
        • stats.set()
        • stats.list()
        • stats.upstreams()
        • stats.frequent()
        • stats.clear_frequent()
      • Graphite/InfluxDB/Metronome
        • Dependencies
      • Prometheus metrics endpoint
    • Scripting worker
      • worker.stats()
    • Name Server Identifier (NSID)
    • Debugging a single request
      • Using query policies
      • Using HTTP module
    • Watchdog
    • Dnstap (traffic collection)
    • Sentinel for Detecting Trusted Root Keys
    • Signaling Trust Anchor Knowledge in DNSSEC
    • System time skew detector
    • Detect discontinuous jumps in the system time
  • DNSSEC, data verification
    • trust_anchors.add_file()
    • trust_anchors.remove()
    • trust_anchors.set_insecure()
    • trust_anchors.add()
    • trust_anchors.summary()
    • mode()
  • Experimental features
    • Run-time reconfiguration
      • Control sockets
        • map()
      • Lua scripts
        • Helper functions
      • Asynchronous events
        • Timers and events reference
        • Asynchronous function execution
      • Etcd support
        • Example configuration
        • Dependencies
    • Experimental DNS-over-TLS Auto-discovery
      • How it works
      • Generating NS target names
      • Example configuration
      • Caveats
      • Dependencies
  • Custom HTTP services
    • Custom RESTful services

C API

  • Knot Resolver library
    • For users
    • For developers
    • Writing layers
    • APIs in Lua
      • Elementary types and constants
      • Working with domain names
      • Working with resource records
      • Working with packets
      • Working with requests
      • Significant Lua API changes
        • Incompatible changes since 3.0.0
    • API reference
      • Name resolution
        • Example usage of the iterative API:
        • kr_request_selected
        • alloc_wire_f
        • addr_info_f
        • async_resolution_f
        • kr_sockaddr_array_t
        • kr_rank
        • kr_rank_check()
        • kr_rank_test()
        • kr_rank_set()
        • kr_resolver_init()
        • kr_resolver_deinit()
        • kr_resolve_begin()
        • kr_request_ensure_edns()
        • kr_request_ensure_answer()
        • kr_resolve_consume()
        • kr_resolve_produce()
        • kr_resolve_checkout()
        • kr_resolve_finish()
        • kr_resolve_plan()
        • kr_resolve_pool()
        • kr_request_set_extended_error()
        • kr_query_inform_timeout()
        • the_resolver
        • kr_context
        • kr_request_qsource_flags
        • kr_extended_error
        • kr_request
        • kr_stale_cb
        • kr_qflags_set()
        • kr_qflags_clear()
        • kr_rplan_init()
        • kr_rplan_deinit()
        • kr_rplan_empty()
        • kr_rplan_push_empty()
        • kr_rplan_push()
        • kr_rplan_pop()
        • kr_rplan_satisfies()
        • kr_rplan_resolved()
        • kr_rplan_last()
        • kr_rplan_find_resolved()
        • kr_qflags
        • kr_query
        • kr_rplan
      • Cache
        • TTL_MAX_MAX
        • cache_peek()
        • cache_stash()
        • kr_cache_open()
        • kr_cache_close()
        • kr_cache_commit()
        • kr_cache_is_open()
        • kr_cache_make_checkpoint()
        • kr_cache_insert_rr()
        • kr_cache_clear()
        • kr_cache_peek_exact()
        • kr_cache_ttl()
        • kr_cache_materialize()
        • kr_cache_remove()
        • kr_cache_match()
        • kr_cache_remove_subtree()
        • kr_cache_closest_apex()
        • kr_unpack_cache_key()
        • kr_cache_check_health()
        • kr_cache_emergency_file_to_remove
        • kr_cache
        • kr_cache_p
        • KR_CACHE_KEY_MAXLEN
        • KR_CACHE_RR_COUNT_SIZE
        • VERBOSE_MSG
        • WITH_VERBOSE
        • cache_op
        • nsec_p_hash_t
        • entry_list_t
        • @2
        • EL
        • @3
        • entry_h_consistent_E()
        • entry_apex_consistent()
        • entry_h_consistent_NSEC()
        • entry_h_consistent()
        • nsec_p_rdlen()
        • nsec_p_mkHash()
        • key_nwz_off()
        • key_nsec3_hash_off()
        • key_exact_type_maypkt()
        • key_exact_type()
        • EL2RRTYPE()
        • entry_h_seek()
        • entry_h_splice()
        • entry_list_parse()
        • to_even()
        • entry_list_serial_size()
        • entry_list_memcpy()
        • stash_pkt()
        • answer_from_pkt()
        • is_expiring()
        • get_new_ttl()
        • rdataset_dematerialize_size()
        • rdataset_dematerialized_size()
        • rdataset_dematerialize()
        • rdataset_materialize()
        • entry2answer()
        • pkt_renew()
        • pkt_append()
        • key_NSEC1()
        • nsec1_encloser()
        • nsec1_src_synth()
        • key_NSEC3()
        • nsec3_encloser()
        • nsec3_src_synth()
        • get_uint16()
        • knot_db_val_bound()
        • NSEC_P_MAXLEN
        • NSEC3_HASH_LEN
        • NSEC3_HASH_TXT_LEN
        • entry_h
        • nsec_p
        • key
        • entry_apex
        • answer
      • Rules
        • KR_RULE_TAGS_ALL
        • KR_RULE_TAGS_CAP
        • kr_rule_tags_t
        • kr_rule_fwd_flags_t
        • kr_rule_sub_t
        • kr_rules_init()
        • kr_rules_init_ensure()
        • kr_rules_deinit()
        • kr_rules_commit()
        • kr_rules_reset()
        • kr_rule_local_data_answer()
        • kr_rule_data_src_check()
        • kr_view_select_action()
        • kr_rule_local_data_ins()
        • kr_rule_local_data_merge()
        • kr_rule_local_address()
        • kr_rule_local_address_del()
        • kr_rule_local_hosts()
        • kr_rule_local_data_del()
        • kr_rule_local_subtree()
        • kr_view_insert_action()
        • kr_rule_tag_add()
        • kr_rule_zonefile()
        • kr_rule_forward()
        • KR_RULE_TTL_DEFAULT
        • kr_rule_zonefile_config
        • kr_rule_fwd_flags
      • Nameservers
        • KR_NS_TIMEOUT_ROW_DEAD
        • KR_NS_TIMEOUT_MIN_DEAD_TIMEOUT
        • KR_NS_TIMEOUT_RETRY_INTERVAL
        • kr_selection_error
        • kr_transport_protocol
        • kr_server_selection_init()
        • kr_server_selection_cached()
        • kr_forward_add_target()
        • select_transport()
        • update_rtt()
        • error()
        • get_rtt_state()
        • put_rtt_state()
        • bytes_to_ip()
        • ip_to_bytes()
        • update_address_state()
        • no6_is_bad()
        • kr_transport
        • local_state
        • kr_server_selection
        • rtt_state
        • address_state
        • choice
        • to_resolve
        • kr_zonecut_init()
        • kr_zonecut_deinit()
        • kr_zonecut_move()
        • kr_zonecut_set()
        • kr_zonecut_copy()
        • kr_zonecut_copy_trust()
        • kr_zonecut_add()
        • kr_zonecut_del()
        • kr_zonecut_del_all()
        • kr_zonecut_find()
        • kr_zonecut_set_sbelt()
        • kr_zonecut_find_cached()
        • kr_zonecut_is_empty()
        • kr_zonecut
      • Modules
        • KR_MODULE_EXPORT
        • KR_MODULE_API
        • kr_module_init_cb
        • kr_module_load()
        • kr_module_unload()
        • kr_module_get_embedded()
        • kr_module
        • kr_prop
        • kr_layer_t
        • kr_layer_api_t
        • kr_layer_state
        • kr_state_consistent()
        • kr_layer
        • kr_layer_api
        • kr_layer_pickle
      • Utilities
        • KR_STRADDR_MAXLEN
        • kr_require
        • kr_fails_assert
        • kr_assert
        • KR_DNAME_GET_STR
        • KR_RRTYPE_GET_STR
        • kr_strcatdup
        • KR_RRKEY_LEN
        • SWAP
        • trace_callback_f
        • trace_log_f
        • kr_http_header_array_entry_t
        • kr_http_header_array_t
        • kr_timer_t
        • kr_fail()
        • kr_assert_func()
        • strcmp_p()
        • get_workdir()
        • kr_strcatdup_pool()
        • kr_absolutize_path()
        • kr_rnd_buffered()
        • kr_rand_bytes()
        • kr_rand_coin()
        • kr_memreserve()
        • kr_pkt_recycle()
        • kr_pkt_clear_payload()
        • kr_pkt_put()
        • kr_pkt_make_auth_header()
        • kr_pkt_qname_raw()
        • kr_inaddr()
        • kr_inaddr_family()
        • kr_inaddr_len()
        • kr_sockaddr_len()
        • kr_sockaddr_key()
        • kr_sockaddr_from_key()
        • kr_sockaddr_key_same_addr()
        • kr_sockaddr_cmp()
        • kr_inaddr_port()
        • kr_inaddr_set_port()
        • kr_inaddr_str()
        • kr_ntop_str()
        • kr_straddr()
        • kr_straddr_family()
        • kr_family_len()
        • kr_straddr_socket()
        • kr_straddr_socket_set()
        • kr_straddr_subnet()
        • kr_straddr_join()
        • kr_bitcmp()
        • kr_bitmask()
        • kr_sockaddr_link_local()
        • kr_rrkey()
        • kr_ranked_rrarray_add()
        • kr_ranked_rrarray_finalize()
        • kr_ranked_rrarray_set_wire()
        • kr_pkt_text()
        • kr_rrset_text()
        • kr_dname_text()
        • kr_rrtype_text()
        • kr_module_call()
        • kr_rrset_type_maysig()
        • kr_now()
        • kr_uv_free_cb()
        • knot_dname_lf2wire()
        • kr_dname_lf()
        • kr_timer_start()
        • kr_timer_elapsed()
        • kr_timer_elapsed_us()
        • kr_strptime_diff()
        • kr_rrset_init()
        • kr_pkt_has_wire()
        • kr_pkt_has_dnssec()
        • kr_pkt_qclass()
        • kr_pkt_qtype()
        • kr_rrsig_sig_inception()
        • kr_rrsig_sig_expiration()
        • kr_rrsig_type_covered()
        • kr_file_mtime()
        • kr_fssize()
        • kr_dirent_name()
        • kr_dname_prefixlen()
        • knot_dname_next_label()
        • KR_PKT_SIZE_NOWIRE
        • kr_dbg_assertion_abort
        • kr_dbg_assertion_fork
        • KR_DUMP_STYLE_DEFAULT
        • kr_sockaddr_key_storage
        • kr_http_header_array_entry
        • kr_sockaddr
        • kr_in_addr
        • KR_EXPORT
        • KR_CONST
        • KR_PURE
        • KR_NORETURN
        • KR_COLD
        • KR_PRINTF
        • kr_ok
        • kr_strerror
        • kr_error()
      • Generics library
        • array
        • queue
        • pack
        • lru
        • trie
  • Modules API reference
    • Supported languages
    • The anatomy of an extension
    • Writing a module in Lua
    • Writing a module in C
    • Configuring modules
    • Exposing C module properties
      • Special properties
  • Worker API reference
    • worker_init()
    • worker_deinit()
    • worker_resolve_mk_pkt_dname()
    • worker_resolve_mk_pkt()
    • worker_resolve_start()
    • worker_resolve_exec()
    • worker_task_request()
    • worker_task_step()
    • worker_task_numrefs()
    • worker_task_finalize()
    • worker_task_complete()
    • worker_task_ref()
    • worker_task_unref()
    • worker_task_timeout_inc()
    • worker_task_get_pktbuf()
    • worker_task_get_transport()
    • worker_request_get_source_session()
    • worker_task_pkt_get_msgid()
    • worker_task_pkt_set_msgid()
    • worker_task_creation_time()
    • worker_task_subreq_finalize()
    • worker_task_finished()
    • qr_task_on_send()
    • the_worker
    • worker_stats
      • queries
      • concurrent
      • rconcurrent
      • dropped
      • timeout
      • udp
      • tcp
      • tls
      • ipv4
      • ipv6
      • err_udp
      • err_tcp
      • err_tls
      • err_http
  • Logging API reference
    • LOG_GRP_SYSTEM_TAG
    • LOG_GRP_CACHE_TAG
    • LOG_GRP_IO_TAG
    • LOG_GRP_NETWORK_TAG
    • LOG_GRP_TA_TAG
    • LOG_GRP_TASENTINEL_TAG
    • LOG_GRP_TASIGNALING_TAG
    • LOG_GRP_TAUPDATE_TAG
    • LOG_GRP_TLS_TAG
    • LOG_GRP_GNUTLS_TAG
    • LOG_GRP_TLSCLIENT_TAG
    • LOG_GRP_XDP_TAG
    • LOG_GRP_DOH_TAG
    • LOG_GRP_DNSSEC_TAG
    • LOG_GRP_HINT_TAG
    • LOG_GRP_PLAN_TAG
    • LOG_GRP_ITERATOR_TAG
    • LOG_GRP_VALIDATOR_TAG
    • LOG_GRP_RESOLVER_TAG
    • LOG_GRP_SELECTION_TAG
    • LOG_GRP_ZCUT_TAG
    • LOG_GRP_COOKIES_TAG
    • LOG_GRP_STATISTICS_TAG
    • LOG_GRP_REBIND_TAG
    • LOG_GRP_WORKER_TAG
    • LOG_GRP_POLICY_TAG
    • LOG_GRP_DAF_TAG
    • LOG_GRP_DETECTTIMEJUMP_TAG
    • LOG_GRP_DETECTTIMESKEW_TAG
    • LOG_GRP_GRAPHITE_TAG
    • LOG_GRP_PREFILL_TAG
    • LOG_GRP_PRIMING_TAG
    • LOG_GRP_SRVSTALE_TAG
    • LOG_GRP_WATCHDOG_TAG
    • LOG_GRP_NSID_TAG
    • LOG_GRP_DNSTAP_TAG
    • LOG_GRP_TESTS_TAG
    • LOG_GRP_DOTAUTH_TAG
    • LOG_GRP_HTTP_TAG
    • LOG_GRP_CONTROL_TAG
    • LOG_GRP_MODULE_TAG
    • LOG_GRP_DEVEL_TAG
    • LOG_GRP_RENUMBER_TAG
    • LOG_GRP_EDE_TAG
    • LOG_GRP_RULES_TAG
    • LOG_GRP_PROTOLAYER_TAG
    • LOG_GRP_DEFER_TAG
    • LOG_GRP_REQDBG_TAG
    • kr_log_debug
    • kr_log_info
    • kr_log_notice
    • LOG_DEFAULT_LEVEL
    • kr_log_warning
    • kr_log_error
    • kr_log_crit
    • kr_log_deprecate
    • kr_log
    • LOG_UNKNOWN_LEVEL
    • LOG_GNUTLS_LEVEL
    • KR_LOG_LEVEL_IS
    • kr_log_req
    • kr_log_q
    • kr_log_is_debug
    • kr_log_is_debug_qry
    • KR_LOG_SJM_STR
    • SD_JOURNAL_METADATA
    • kr_log_level_t
    • kr_log_target_t
      • LOG_TARGET_SYSLOG
      • LOG_TARGET_STDERR
      • LOG_TARGET_STDOUT
      • LOG_TARGET_DEFAULT
    • kr_log_group
      • LOG_GRP_UNKNOWN
      • LOG_GRP_SYSTEM
      • LOG_GRP_CACHE
      • LOG_GRP_IO
      • LOG_GRP_NETWORK
      • LOG_GRP_TA
      • LOG_GRP_TLS
      • LOG_GRP_GNUTLS
      • LOG_GRP_TLSCLIENT
      • LOG_GRP_XDP
      • LOG_GRP_DOH
      • LOG_GRP_DNSSEC
      • LOG_GRP_HINT
      • LOG_GRP_PLAN
      • LOG_GRP_ITERATOR
      • LOG_GRP_VALIDATOR
      • LOG_GRP_RESOLVER
      • LOG_GRP_SELECTION
      • LOG_GRP_ZCUT
      • LOG_GRP_COOKIES
      • LOG_GRP_STATISTICS
      • LOG_GRP_REBIND
      • LOG_GRP_WORKER
      • LOG_GRP_POLICY
      • LOG_GRP_TASENTINEL
      • LOG_GRP_TASIGNALING
      • LOG_GRP_TAUPDATE
      • LOG_GRP_DAF
      • LOG_GRP_DETECTTIMEJUMP
      • LOG_GRP_DETECTTIMESKEW
      • LOG_GRP_GRAPHITE
      • LOG_GRP_PREFILL
      • LOG_GRP_PRIMING
      • LOG_GRP_SRVSTALE
      • LOG_GRP_WATCHDOG
      • LOG_GRP_NSID
      • LOG_GRP_DNSTAP
      • LOG_GRP_TESTS
      • LOG_GRP_DOTAUTH
      • LOG_GRP_HTTP
      • LOG_GRP_CONTROL
      • LOG_GRP_MODULE
      • LOG_GRP_DEVEL
      • LOG_GRP_RENUMBER
      • LOG_GRP_EDE
      • LOG_GRP_RULES
      • LOG_GRP_PROTOLAYER
      • LOG_GRP_DEFER
      • LOG_GRP_REQDBG
    • kr_log_target_set()
    • kr_log_group_is_set()
    • kr_log_group_add()
    • kr_log_group_reset()
    • kr_log_grp2name()
    • kr_log_name2grp()
    • kr_log_level_set()
    • kr_log_level2name()
    • kr_log_name2level()
    • kr_log_req1()
    • kr_log_q1()
    • kr_log_is_debug_fun()
    • kr_log_fmt()
    • kr_log_target
    • kr_log_level

Infrastructure

  • Documentation in GitLab Pages
    • Automatic generation
    • Environment removal
Knot Resolver
  • Search

© Copyright CZ.NIC labs.

Built with Sphinx using a theme provided by Read the Docs.