Another DNS server, you ask? Yes, serving DNS from servers of different “brands” is important to ensure that a single bug in a particular server brand/version doesn’t take down your whole infrastructure. We welcome Knot, which has just been published as version 1.0.0.
Knot calls itself a
high-performance authoritative-only DNS server which supports all key features of the domain name system including zone transfers, dynamic updates and DNSSEC
I haven’t found a definitive source as to how the name was concocted, but it certainly looks to me as though it’s a rope-related pun on BIND and Unbound :-) Apropos BIND: if you don’t like its semicolon and brace-filled configuration file, you probably won’t like Knot’s either.
Features supported by Knot include:
- Zone transfers (AXFR/IXFR) (master and slave)
- DNSSEC (signing and serving)
- Adding/removing zones on-the-fly
- Reconfiguring server instance on-the-fly
- IPv6 support
- Access control
I’m testing a small configuration with three zones. One is loaded from a local file
(zone master file format),
and two are slaved from a master server,
jpmens.net uses TSIG keys to talk
to its master. This is my
Before launching the server, zone files have to be compiled into an internal format,
similar to how NSD operates. This is accomplished with I can add new zones into
the server on the fly by adding a zone stanza to the configuration file, compiling (unnecessary
for slave zones), and I then use
knot control utility, which also starts or stops the server.
knotc to reload the server.
Apart from the
knotd manual pages, documentation
is scarce, but we have the source code, and a detailed list of configuration options
is contained in
Knot already works as advertised, and I’ll certainly keep an eye on it.
Update: Dynamic DNS Updates and RRL are know in Knot.