Knot DNS is an open-source authoritative-only server for the Domain Name System.
It was created from scratch and is actively developed by CZ.NIC, the .CZ domain registry.
The purpose of this project is to supply an alternative open-source implementation of an authoritative DNS server suitable for TLD operators to increase overall security, stability and resiliency of the Domain Name System.
It is implemented as a multi-threaded daemon, using a number of programming techniques and data structures to make the server very fast,Response rate benchmark of several OSS authoritative name servers notably Read-copy-updateKnot DNS memory requirements or a special kind of a radix tree.
Knot DNS uses a zone parser written in Ragel to achieve very fast loading of the zones at the startup.
It is also able to add and remove zones on the fly by changing the configuration file and reloading the server using the 'knotc' utility.
Since version 3.0.0, Knot DNS supports a high performance XDP mode in Linux, which can improve response performance significantly.
Knot DNS 3.0 Benchmarking Changelog
New in 1.2.0: Response Rate Limiting, Dynamic DNS, and a new remote control utility.
New in 1.3.0: new zone parser in Ragel (replaces zone compilation) and several client utilities (kdig, khost and knsupdate).
New in 1.4.0: automatic DNSSEC signing of the managed zones.
New in 1.5.0: query modules with two new modules: "Automatic forward/reverse records" and dnstap.
New in 1.6.0: persistent timers for slave zones (expire, refresh, and flush) using LMDB.
New in 2.0.0: new YAML-based configuration, and new DNSSEC implementation using GnuTLS.
New in 2.1.0:Knot DNS 2.1.0 dynamic configuration, PKCS #11 interface, and online DNSSEC signing.
New in 2.2.0:Knot DNS 2.2.0 Response Rate Limiting white listing, support for URI (RFC 7553) and CAA (RFC 6844) resource record types, interactive mode for 'knotc', new control interface for the server including simple Python bindings.
New in 2.3.0:Knot DNS 2.3.0 DNSSEC signing configured in server configuration, automatic NSEC3 resalting, zone operations over server control interface, TLS in kdig.
New in 2.4.0:Knot DNS 2.4.0 Unified LMDB based journal, new statistics module, automatic deletion of retired DNSSEC keys.
New in 2.5.0:Knot DNS 2.5.0 LMDB based KASP database, KSK rollover, dynamic modules, zone freeze/thaw, zone contents in journal.
New in 2.6.0:Knot DNS 2.6.0 On-slave DNSSEC signing, automatic DNSSEC algorithm rollover, Ed25519 algorithm support, TCP Fast Open.
New in 2.7.0:Knot DNS 2.7.0 Performance improvement, new module for DNS Cookies, new module for GeoIP, support for ECS.
New in 2.8.0:Knot DNS 2.8.0 Offline-KSK, multithreaded DNSSEC signing, extended ACL for DDNS, zone update speed-up.
New in 2.9.0:Knot DNS 2.9.0 Significant zone update speed-up, TCP optimizations, configuration cleanup.
New in 3.0.0:Knot DNS 3.0.0 High performance XDP mode for UDP under Linux, catalog zones support, continuous DNSSEC validation, kzonesign and kxdpgun utilities, DoH support in kdig, deterministic ECDSA support, on-line backup of persistent data.
New in 3.1.0:Knot DNS 3.1.0 DNS over TCP using XDP, routing-aware XDP processing, ZONEMD  generation and validation, SVCB/HTTPS support, zone catalog evolution, EDNS error (EDE) support, epoll/kqueue support.
See also
Comparison of DNS server software
References
External links
DNS server benchmarks
Knot Resolver
