Knot DNS 3.0.0 release has been released, an authoritative DNS server high-performance (the recursor is created as a separate application) which supports all modern DNS features.
Knot DNS is an authoritative server open source domain name system. It was created from scratch and is actively developed by CZ.NIC. The purpose of this project is to provide an alternative open source implementation of a suitable authoritative DNS server for TLD operators to increase the overall security, stability, and resilience of the Domain Name System.
It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast.
About Knot DNS
KnotDNS uses a zone analyzer written in Ragel to achieve a very fast load of the zones at the beginning. It is also capable of adding and removing zones on the fly by changing the configuration file and reloading the server using the 'knotc' utility.
KnotDNS focuses on high-performance query processing, for which it uses a multithreaded and mostly non-blocking implementation that is well suited to SMP systems.
Features such as adding and removing zones on the fly are provided, zone transfer between servers, DDNS (dynamic updates), NSID extensions (RFC 5001), EDNS0 and DNSSEC (including NSEC3), response rate limiting (RRL).
KnotDNS main news
In this new version added high performance network mode, implemented using the XDP (eXpress Data Path) subsystem, which provides a means to process packets at the network driver level before being processed by the Linux kernel network stack. This mode requires Linux kernel 4.18 or later.
Added Support for "Catalog Zones" to simplify maintenance of secondary DNS servers. When this feature is enabled, instead of defining separate records for each secondary zone on the secondary server, the zone catalog is transferred between the primary and secondary servers, after which the zones created on the primary server are marked as included in the catalog will be created automatically on the secondary server without the need to edit files. Setting. The kcatalogprint utility is provided to manage the catalog.
Added support for KSK revocation status (key signing key) (RFC 5011) in DNSSEC manual key management mode.
Added support for deterministic generation of digital signatures using ECDSA algorithms (requires GnuTLS 3.6.10 and newer to work).
Of the other changes that stand out of this new version:
- Added a new DNSSEC verification mode.
- Added the kzonesign utility for manual generation of digital signatures for DNSSEC.
- Added kxdpgun utility with implementation of high performance DNS over UDP traffic generator for Linux.
- Kdig adds DNS over HTTPS (DoH) support with GnuTLS and libnghttp2.
- A safe method for backing up and restoring DNS zone data is proposed.
- The performance of the statistics module has been significantly improved.
- When multithreaded mode is enabled to generate digital signatures for DNS zones, some additional operations with zones are paralleled.
- Improved caching efficiency and improved query performance.
Download and install
In order to install this DNS server on your system you must compile your code and for this you must have the following dependencies:
- make
- libtool
- pkg-config
- autoconf> = 2.65
- python-sphinx
Now you just have to get the code for the latest version. You can do this by going to its official website and in its download section you can get the package.
As for the steps to perform for the compilation, it is not great science, you just have to execute:
autoreconf -i -f ./configure make
And if you require a more personalized installation, you can check the details in the following link.