1kresd(8)                      Knot Resolver 5.6.0                     kresd(8)
2
3
4

NAME

6       kresd - full caching DNSSEC-enabled Knot Resolver 5.6.0.
7

SYNOPSIS

9       kresd  [-a|--addr  addr[@port]]  [-t|--tls  addr[@port]]  [-S|--fd  fd]
10       [-T|--tlsfd fd] [-c|--config config] [-n|--noninteractive] [-q|--quiet]
11       [-v|--verbose] [-V|--version] [-h|--help] [rundir]
12

DESCRIPTION

14       Knot Resolver is a DNSSEC-enabled full caching resolver.
15
16       Default  mode of operation: when it receives a DNS query it iteratively
17       asks authoritative nameservers starting from root zone (.)  and  ending
18       with  a  nameservers  authoritative  for queried name. Automatic DNSSEC
19       means verification of integrity of authoritative responses by following
20       keys  and signatures starting from root. Root trust anchor is automati‐
21       cally bootstrapped from IANA, or you can provide a file with root trust
22       anchors (same format as Unbound or BIND9 root keys file).
23
24       The  daemon  also  caches intermediate answers into cache, which by de‐
25       fault uses LMDB memory-mapped database. This has a  significant  advan‐
26       tage  over in-memory caches as the process may be stopped and restarted
27       without loss of cache entries. In multi-user scenario a shared cache is
28       potential  privacy/security  issue,  with  kresd each user can have re‐
29       solver cache in their private directory and use it in  similar  fashion
30       to keychain.
31
32
33       To use a locally running kresd for resolving put
34
35             nameserver 127.0.0.1
36
37       into resolv.conf(5) and start kresd
38
39
40       The  daemon  may  be  configured  also as a plain forwarder using query
41       policies.  This requires using a config file. Please refer to  documen‐
42       tation for configuration file options. It is available at https://knot-
43       resolver.readthedocs.io or in package documentation (available as knot-
44       resolver-doc package in most distributions).
45
46       The available CLI options are:
47
48       -a addr[@port], --addr=<addr[@port]>
49              Listen on given address (and port) pair. If no port is given, 53
50              is used as a default.  Option may be passed  multiple  times  to
51              listen on more addresses.
52
53       -t addr[@port], --tls=<addr[@port]>
54              Listen using TLS on given address (and port) pair. If no port is
55              given, 853 is used as a default.  Option may be passed  multiple
56              times to listen on more addresses.
57
58       -S fd, --fd=<fd>
59              Listen  on  given file descriptor(s), passed by supervisor.  Op‐
60              tion may be passed multiple times to listen  on  more  file  de‐
61              scriptors.
62
63       -T fd, --tlsfd=<fd>
64              Listen using TLS on given file descriptor(s), passed by supervi‐
65              sor.  Option may be passed multiple times to listen on more file
66              descriptors.
67
68       -c config, --config=<config>
69              Set  the  config file with settings for kresd to read instead of
70              reading the file at the default location (config).
71
72       -f N, --forks=<N>
73              This option is deprecated since 5.0.0!
74
75              With this option, the daemon is started in non-interactive  mode
76              and  instead  creates  a UNIX socket in rundir that the operator
77              can connect to for interactive session.  A number greater than 1
78              forks  the daemon N times, all forks will bind to same addresses
79              and the kernel will load-balance  between  them  on  Linux  with
80              SO_REUSEPORT support.
81
82              If  you  want  multiple  concurrent processes supervised in this
83              way, they should be  supervised  independently  (see  kresd.sys‐
84              temd(7)).
85
86       -n, --noninteractive
87              Daemon  will refrain from entering into read-eval-print loop for
88              stdin+stdout.
89
90       -q, --quiet
91              Daemon will refrain from printing the command prompt.
92
93       -v, --verbose
94              Increase logging to debug level.
95
96       -h     Show short command-line option help.
97
98       -V     Show the version.
99

SEE ALSO

101       kresd.systemd(7), https://knot-resolver.readthedocs.io/en/v5.6.0/
102

AUTHORS

104       kresd developers are mentioned in the AUTHORS file in the distribution.
105
106
107
108CZ.NIC                            2023-01-26                          kresd(8)
Impressum