Introduction
Knot DNS server is a high-performance authoritative-only DNS server which supports all of the key features of the domain name system including zone transfers and DNSSEC. It was developed by the CZ.NIC. Knot DNS is open-source and multi-threaded. Current features include:
- Full and incremental zone transfers (AXFR/IXFR)
- Dynamic DNS updates
- EDNS0 and DNSSEC extensions, including NSEC3
- Response Rate Limiting
- NSID
- TSIG
- and all of the standard features you’d expect with an authoritative-only nameserver implementation
Knot used to require zone files to be compiled (like NSD), but this requirement was removed as of Knot 1.3.0.
For this article, I’ll be running the latest stable version of Knot, 1.3.3, on CentOS 6.4. The test environment will comprise two hosts - venus (master) on 192.168.122.12 and earth (slave) on 192.168.122.13.
Knot 1.4.0-rc1 was also available at the time of writing which supports experimental DNSSEC auto-signing, so that may be worth checking out if relevant to your needs.