Skip to content
Snippets Groups Projects
Select Git revision
  • dns-tunnel-filter
  • master default protected
  • nightly protected
  • ci-jobs-reorganization
  • doc-updates
  • declarative-config-stabilization
  • forward-tls-insecure
  • root-fallback-addresses
  • module-tunnel-filter
  • dname_kru
  • defer-hard-timeout
  • manager-api-config-fix
  • tls-authority-whitelist
  • tmp/test-deckard
  • doh-stuck-status
  • module-filter
  • coverity protected
  • ci-docker-tests-update
  • kresctl-comp-config-levels
  • ci-pkg-suse
  • v6.0.11 protected
  • v6.0.10 protected
  • v6.0.9 protected
  • v6.0.8 protected
  • v5.7.4 protected
  • v5.7.3 protected
  • v6.0.7 protected
  • v5.7.2 protected
  • v6.0.6 protected
  • v5.7.1 protected
  • v6.0.5 protected
  • v6.0.4 protected
  • v6.0.3 protected
  • v6.0.2 protected
  • v5.7.0 protected
  • v6.0.1 protected
  • v6.0.0a1 protected
  • v5.6.0 protected
  • v5.5.3 protected
  • v5.5.2 protected
40 results
Compare
user avatar
lib/zonecut: do not fetch DS/DNSKEY for cached insecure delegations
Marek Vavruša authored 
when a delegation is provably insecure, it is flagged as INSECURE in
cache (this is different from "unchecked"), when the next query finds
the same zone cut, this information is retrieved and if it was proved to
be insecure before, this status is reused

this prevents refetching of NS/DNSKEY in some situations
b2838cc1
History
user avatar b2838cc1
History
Name Last commit Last update
contrib
daemon
doc
include
lib
modules
scripts
tests
.gitignore
.gitmodules
.travis.yml
AUTHORS
COPYING
ChangeLog
CodingStyle
Makefile
README.md
config.mk
platform.mk
README.md

Knot DNS Resolver

Build Status Coverage Status Coverity Documentation Status

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. There are three built-in modules - iterator, cache, validator, and many external.

The Lua modules, switchable and shareable cache, and fast FFI bindings makes it great to tap into resolution process, or be used for your recursive DNS service. It's the OpenResty of DNS.

The server adopts a different scaling strategy than the rest of the DNS recursors - no threading, shared-nothing architecture (except MVCC cache that may be shared). You can start and stop additional nodes depending on the contention without downtime.

Try it out?

Keep in mind that the Knot DNS Resolver is in beta. While it's being tested by the DNS test harness, we'll be super glad to hear out your feedback!

Building from sources

The Knot DNS Resolver depends on the 2.0.1 version of the Knot DNS library, LuaJIT and libuv. See the Building project documentation page for more information.

Docker image

This is simple and doesn't require any dependencies or system modifications, just run:

$ docker run cznic/knot-resolver

See the build page registry.hub.docker.com/u/cznic/knot-resolver for more information and options.

Running

The project builds a resolver library in the lib directory, and a daemon in the daemon directory.

$ kresd -h

See the documentation at knot-resolver.readthedocs.org.

Contacting us

Join the chat at https://gitter.im/CZ-NIC/knot-resolver