Knot Resolver

Related articles

Knot Resolver (a.k.a. kresd) is a full (recursive), caching DNS resolver. It is designed to scale from small home-office networks to providing DNS servers at the scale of ISPs. Knot Resolver supports DNSSEC validation, which is enabled by default.

Installation

Install the knot-resolver package.

Configuration

Start/enable kresd@1.service.

To use Knot Resolver as the local resolver, configure 127.0.0.1 and ::1 as your nameservers in resolv.conf(5). For example: 

/etc/resolv.conf
nameserver ::1
nameserver 127.0.0.1
options edns0 trust-ad

By default, the resolver will listen on 127.0.0.1 and ::1, ports 53 and 853 (DNS over TLS). If the resolver should be accessible from other hosts, configure other network interfaces in /etc/knot-resolver/kresd.conf with net.listen(). Refer to Knot Resolver documentation for more information.

Warning: Unless you specifically want to run an open DNS resolver, do not configure the resolver to listen on public (internet-facing) IP addresses or all IP addresses (0.0.0.0 and ::).

If the resolver should respect entries from the /etc/hosts file, add a hints.add_hosts() line to /etc/knot-resolver/kresd.conf.

Knot Resolver and dnsmasq

If dnsmasq is used for managing DHCP, then advertising a kresd instance works like any other external DNS server would: By adding an dhcp-option=option:dns-server,<Server Address> line to the dnsmasq configuration file.

Note that a default configuration of dnsmasq will clash with the default configuration of kresd, since both will attempt to use port 53. Disable the dnsmasq DNS functionality (port=0), or assign a different port to either service.

See also

This article is issued from ArchWiki. The text is available under GNU Free Documentation License 1.3 or later unless otherwise noted. Additional terms may apply for the media files.