MarketKnot DNS
Company Profile

Knot DNS

Knot DNS is an open-source authoritative-only server for the Domain Name System. It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry. The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System. It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast, notably Read-copy-update or a special kind of a radix tree.

Changelog
New in 1.2.0: Response Rate Limiting, Dynamic DNS, and a new remote control utility. New in 1.3.0: new zone parser in Ragel (replaces zone compilation) and several client utilities (kdig, khost and knsupdate). New in 1.4.0: automatic DNSSEC signing of the managed zones. New in 1.5.0: query modules with two new modules: "Automatic forward/reverse records" and dnstap. New in 1.6.0: persistent timers for slave zones (expire, refresh, and flush) using LMDB. New in 2.0.0: new YAML-based configuration, and new DNSSEC implementation using GnuTLS. New in 2.1.0: dynamic configuration, PKCS #11 interface, and online DNSSEC signing. New in 2.2.0: Response Rate Limiting white listing, support for URI (RFC 7553) and CAA (RFC 6844) resource record types, interactive mode for 'knotc', new control interface for the server including simple Python bindings. New in 2.3.0: DNSSEC signing configured in server configuration, automatic NSEC3 resalting, zone operations over server control interface, TLS in kdig. New in 2.4.0: Unified LMDB based journal, new statistics module, automatic deletion of retired DNSSEC keys. New in 2.5.0: LMDB based KASP database, KSK rollover, dynamic modules, zone freeze/thaw, zone contents in journal. New in 2.6.0: On-slave DNSSEC signing, automatic DNSSEC algorithm rollover, Ed25519 algorithm support, TCP Fast Open. New in 2.7.0: Performance improvement, new module for DNS Cookies, new module for GeoIP, support for ECS. New in 2.8.0: Offline-KSK, multithreaded DNSSEC signing, extended ACL for DDNS, zone update speed-up. New in 2.9.0: Significant zone update speed-up, TCP optimizations, configuration cleanup. New in 3.0.0: High performance XDP mode for UDP under Linux, catalog zones support, continuous DNSSEC validation, kzonesign and kxdpgun utilities, DoH support in kdig, deterministic ECDSA support, on-line backup of persistent data. New in 3.1.0: basic DNS over TCP using XDP, routing-aware XDP processing, ZONEMD generation and validation, SVCB/HTTPS support, zone catalog evolution, EDNS error (EDE) support, epoll/kqueue support. New in 3.2.0: full DNS over TCP using XDP (including transfers), DNS over QUIC in the XDP mode, DNSSEC multi-signer support. New in 3.3.0: full DNS over QUIC (using both XDP and operating system TCP/IP-stack), bidirectional XFR over QUIC, multi-signer operation mode. New in 3.4.0: full DNS over TLS, DDNS over QUIC and TLS, bidirectional XFR over TLS, automatic DNSSEC revalidation, refined RRL module. New in 3.5.0: database zone backend using Redis/Valkey, external zone validation, multiple control sockets, authorization based on certificate hostname validation, multiple keystores per policy. == See also ==
Source: Wikipedia ↗
tickerdossier.comtickerdossier.substack.com