Logo

Getting Started

  • Installation
  • Startup
    • First DNS query
  • Configuration
    • Listening on network interfaces
    • Example: Internal Resolver
      • Internal-only domains
    • Example: ISP Resolver
      • Limiting client access
      • TLS server configuration
      • Mandatory domain blocking
    • Example: Personal Resolver
      • Forwarding over TLS protocol (DNS-over-TLS)
      • Non-persistent cache

Configuration

  • Configuration Overview
    • Validation
    • JSON Schema
      • Getting the JSON Schema
      • Interactive visualization
  • Networking and protocols
    • Server (communication with clients)
      • Addresses and services
        • PROXYv2 protocol
        • TCP pipeline limit
      • DoT and DoH (encrypted DNS)
        • DNS-over-TLS (DoT)
        • DNS-over-HTTPS (DoH)
        • Configuration options for DoT and DoH
    • Client (retrieving answers from servers)
      • IPv4 and IPv6 usage
      • Forwarding
    • DNS protocol tweaks
      • DNS protocol tweaks
  • Performance and resiliency
    • Cache
      • Sizing
      • Clearing
      • Persistence
      • Configuration reference
    • Multiple workers
    • Prefetching cache records
      • Expiring records
      • Prediction
        • Exported metrics
    • Cache prefilling
      • Dependencies
    • Serve stale
      • Running
    • Root on loopback (RFC 7706)
    • Priming
    • EDNS keepalive
    • Rate limiting
    • Request prioritization (defer)
      • Implementation details
  • Policy, access control, data manipulation
    • Views and ACLs
      • Conditions
      • Actions
    • Local Data and RPZ
    • Forwarding
    • DNS64
      • Advanced options
    • IP address renumbering
      • Example configuration
    • Answer reordering
    • Rebinding protection
    • Refuse queries without RD bit
    • Tags
  • Logging, monitoring, diagnostics
    • DNSSEC validation failure logging
    • Statistics collector
      • Prometheus metrics endpoint
      • Graphite/InfluxDB/Metronome
    • Name Server Identifier (NSID)
    • Dnstap (traffic collection)
    • Sentinel for Detecting Trusted Root Keys
    • Signaling Trust Anchor Knowledge in DNSSEC
    • System time skew detector
    • Detect discontinuous jumps in the system time
    • Debugging options
  • DNSSEC, data verification
  • Lua Scripting
  • Experimental features
    • Experimental DNS-over-TLS Auto-discovery
      • How it works
      • Generating NS target names
      • Caveats
      • Dependencies

Deployment

  • Systemd
  • Manual
    • Multiple instances on a single server
  • Docker
    • Config
    • Cache
  • Advanced
    • Usage without the manager
      • Startup
      • Configuration
    • Usage without systemd and without manager
      • Process management
        • Garbage Collector
      • Privileges and capabilities
        • Using capabilities
        • Running as non-privileged user
        • Running as root

Management

  • HTTP API
    • What can the API do?
    • Configuring the API socket
    • Overview
    • Configuration API
    • Cache clearing API
      • Parameters
      • Return value
  • kresctl utility
    • Connecting to the management API
    • Commands

For operators

  • Upgrading
    • 5.x to 6.x
    • Older versions
  • Upgrading to version 6.x
    • Configuration
      • Conversion to YAML
      • Reconfiguration
    • Useful commands rosetta
  • Release notes
    • Version numbering
    • Knot Resolver 6.0.12 (2025-04-24)
      • Security
      • Bugfixes
      • Improvements
    • Knot Resolver 6.0.11 (2025-02-26)
      • Bugfixes
      • Improvements
    • Knot Resolver 6.0.10 (2025-01-20)
      • Improvements
    • Knot Resolver 6.0.9 (2024-11-11)
      • Improvements
      • Bugfixes
      • Incompatible changes
    • Knot Resolver 6.0.8 (2024-07-23)
      • Security
      • Packaging
      • Improvements
      • Incompatible changes
      • Bugfixes
    • Knot Resolver 6.0.7 (2024-03-27)
      • Improvements
      • Bugfixes
    • Knot Resolver 6.0.6 (2024-02-13)
      • Security
      • Improvements
      • Bugfixes
    • Knot Resolver 6.0.5 (2024-01-09)
  • List of RFCs

For developers

  • Developer documentation
Knot Resolver
  • Search

© Copyright CZ.NIC labs.

Built with Sphinx using a theme provided by Read the Docs.