1kresd(8)                      Knot Resolver 5.3.1                     kresd(8)
2
3
4

NAME

6       kresd - full caching DNSSEC-enabled Knot Resolver 5.3.1.
7

SYNOPSIS

9       kresd  [-a|--addr  addr[@port]]  [-t|--tls  addr[@port]]  [-S|--fd  fd]
10       [-T|--tlsfd fd] [-c|--config config] [-n|--noninteractive] [-q|--quiet]
11       [-v|--verbose] [-V|--version] [-h|--help] [rundir]
12

DESCRIPTION

14       Knot Resolver is a DNSSEC-enabled full caching resolver.
15
16       Default  mode of operation: when it receives a DNS query it iteratively
17       asks authoritative nameservers starting from root zone (.)  and  ending
18       with  a  nameservers  authoritative  for queried name. Automatic DNSSEC
19       means verification of integrity of authoritative responses by following
20       keys  and signatures starting from root. Root trust anchor is automati‐
21       cally bootstrapped from IANA, or you can provide a file with root trust
22       anchors (same format as Unbound or BIND9 root keys file).
23
24       The  daemon  also  caches  intermediate  answers  into  cache, which by
25       default uses LMDB memory-mapped database. This has a significant advan‐
26       tage  over in-memory caches as the process may be stopped and restarted
27       without loss of cache entries. In multi-user scenario a shared cache is
28       potential  privacy/security  issue,  with  kresd  each  user  can  have
29       resolver cache in their private directory and use it in similar fashion
30       to keychain.
31
32
33       To use a locally running kresd for resolving put
34
35             nameserver 127.0.0.1
36
37       into resolv.conf(5) and start kresd
38
39
40       The  daemon  may  be  configured  also as a plain forwarder using query
41       policies.  This requires using a config file. Please refer to  documen‐
42       tation for configuration file options. It is available at https://knot-
43       resolver.readthedocs.io or in package documentation (available as knot-
44       resolver-doc package in most distributions).
45
46       The available CLI options are:
47
48       -a addr[@port], --addr=<addr[@port]>
49              Listen on given address (and port) pair. If no port is given, 53
50              is used as a default.  Option may be passed  multiple  times  to
51              listen on more addresses.
52
53       -t addr[@port], --tls=<addr[@port]>
54              Listen using TLS on given address (and port) pair. If no port is
55              given, 853 is used as a default.  Option may be passed  multiple
56              times to listen on more addresses.
57
58       -S fd, --fd=<fd>
59              Listen  on  given  file  descriptor(s),  passed  by  supervisor.
60              Option may be passed multiple  times  to  listen  on  more  file
61              descriptors.
62
63       -T fd, --tlsfd=<fd>
64              Listen using TLS on given file descriptor(s), passed by supervi‐
65              sor.  Option may be passed multiple times to listen on more file
66              descriptors.
67
68       -c config, --config=<config>
69              Set  the  config file with settings for kresd to read instead of
70              reading the file at the default location (config).
71
72       -f N, --forks=<N>
73              This option is deprecated since 5.0.0!
74
75              With this option, the daemon is started in non-interactive  mode
76              and  instead  creates  a UNIX socket in rundir that the operator
77              can connect to for interactive session.  A number greater than 1
78              forks  the daemon N times, all forks will bind to same addresses
79              and the kernel will load-balance  between  them  on  Linux  with
80              SO_REUSEPORT support.
81
82              If  you  want  multiple  concurrent processes supervised in this
83              way, they should be  supervised  independently  (see  kresd.sys‐
84              temd(7)).
85
86       -n, --noninteractive
87              Daemon  will refrain from entering into read-eval-print loop for
88              stdin+stdout.
89
90       -q, --quiet
91              Daemon will refrain from printing the command prompt.
92
93       -v, --verbose
94              Increase verbosity. If given multiple times, more information is
95              logged.   This is in addition to the verbosity (if any) from the
96              config file.
97
98       -h     Show short commandline option help.
99
100       -V     Show the version.
101

SEE ALSO

103       kresd.systemd(7), https://knot-resolver.readthedocs.io/en/v5.3.1/
104

AUTHORS

106       kresd developers are mentioned in the AUTHORS file in the distribution.
107
108
109
110CZ.NIC                            2021-03-31                          kresd(8)
Impressum