kresd(8) - f31

1kresd(8)                      Knot Resolver 4.3.0                     kresd(8)
2
3
4

NAME

6       kresd - full caching DNSSEC-enabled Knot Resolver 4.3.0.
7

SYNOPSIS

9       kresd  [-a|--addr  addr[@port]]  [-t|--tls  addr[@port]]  [-S|--fd  fd]
10       [-T|--tlsfd  fd]  [-c|--config  config]  [-f|--forks  N]   [-q|--quiet]
11       [-v|--verbose] [-V|--version] [-h|--help] [rundir]
12

DESCRIPTION

14       Knot Resolver is a DNSSEC-enabled full caching resolver.
15
16       Default  mode of operation: when it receives a DNS query it iteratively
17       asks authoritative nameservers starting from root zone (.)  and  ending
18       with  a  nameservers  authoritative  for queried name. Automatic DNSSEC
19       means verification of integrity of authoritative responses by following
20       keys  and signatures starting from root. Root trust anchor is automati‐
21       cally bootstrapped from IANA, or you can provide a file with root trust
22       anchors (same format as Unbound or BIND9 root keys file).
23
24       The  daemon  also  caches  intermediate  answers  into  cache, which by
25       default uses LMDB memory-mapped database. This has a significant advan‐
26       tage  over in-memory caches as the process may be stopped and restarted
27       without loss of cache entries. In multi-user scenario a shared cache is
28       potential  privacy/security  issue,  with  kresd  each  user  can  have
29       resolver cache in their private directory and use it in similar fashion
30       to keychain.
31
32       By default, no configuration is needed, only a directory where the dae‐
33       mon can store runtime data (cache, control sockets, ...)
34
35       To use a locally running kresd for resolving put
36
37             nameserver 127.0.0.1
38
39       into resolv.conf(5) and start kresd
40
41             $ kresd -a 127.0.0.1
42             [system] interactive mode
43             >
44
45       The daemon may be configured also as  a  plain  forwarder  using  query
46       policies, that requires creating a file config in daemon runtime direc‐
47       tory. See daemon/README.md for more information about interacting  with
48       CLI   and   configuration   file   options,   or   visit  https://knot-
49       resolver.readthedocs.io online documentation.
50
51             # Create a basic forwarder configuration
52             $ cat << EOF > config
53             modules = { 'policy' }
54             policy.add(policy.all(policy.FORWARD('192.168.1.1')))
55             $ kresd -a 127.0.0.1
56             EOF
57
58       The available CLI options are:
59
60       -a addr[@port], --addr=<addr[@port]>
61              Listen on given address (and port) pair. If no port is given, 53
62              is  used  as  a default.  Option may be passed multiple times to
63              listen on more addresses.
64
65       -t addr[@port], --tls=<addr[@port]>
66              Listen using TLS on given address (and port) pair. If no port is
67              given,  853 is used as a default.  Option may be passed multiple
68              times to listen on more addresses.
69
70       -S fd, --fd=<fd>
71              Listen  on  given  file  descriptor(s),  passed  by  supervisor.
72              Option  may  be  passed  multiple  times  to listen on more file
73              descriptors.
74
75       -T fd, --tlsfd=<fd>
76              Listen using TLS on given file descriptor(s), passed by supervi‐
77              sor.  Option may be passed multiple times to listen on more file
78              descriptors.
79
80       -c config, --config=<config>
81              Set the config file with settings for kresd to read  instead  of
82              reading the file at the default location (config). The syntax is
83              described in daemon/README.md.
84
85       -f N, --forks=<N>
86              With this option, the daemon is started in non-interactive  mode
87              and  instead  creates  a UNIX socket in rundir that the operator
88              can connect to for interactive session.  A number greater than 1
89              forks  the daemon N times, all forks will bind to same addresses
90              and the kernel will load-balance  between  them  on  Linux  with
91              SO_REUSEPORT support.
92
93              When  socket-activated  and supervised by systemd or the equiva‐
94              lent, kresd defaults to --forks=1, and must not be  set  to  any
95              other  value.   If you want multiple concurrent processes super‐
96              vised in this way, they should be supervised independently  (see
97              kresd.systemd(7)).
98
99       -q, --quiet
100              Daemon will refrain from printing the command prompt.
101
102       -v, --verbose
103              Increase verbosity. If given multiple times, more information is
104              logged.  This is in addition to the verbosity (if any) from  the
105              config file.
106
107       -h     Show short commandline option help.
108
109       -V     Show the version.
110

AUTHORS

115       kresd developers are mentioned in the AUTHORS file in the distribution.
116
117
118
119CZ.NIC                            2019-12-04                          kresd(8)

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

AUTHORS