Ana içeriğe geç

Knot Authoritative DNS

An alternative to BIND, Knot DNS is a modern authoritative-only DNS server maintained by the Czech domain registry CZ.NIC.

Prerequisites and assumptions

  • A server running Rocky Linux
  • Able to use firewalld for creating firewall rules
  • A domain name or internal recursive DNS server pointed to your authoritative DNS server


External, or public, DNS servers map hostnames to IP addresses and, in the case of PTR (known as "pointer" or "reverse") records, map the IP addresses to the hostname. This is an essential part of the Internet. It makes your mail server, web server, FTP server, or many other servers and services work as expected no matter where you are.

Installing and enabling Knot

First install EPEL:

dnf install epel-release

Next install Knot:

dnf install knot

Configuring Knot

Before making changes to any configuration file, move the original installed working file, knot.conf:

mv /etc/knot/knot.conf /etc/knot/knot.conf.orig

That will help in the future if the introduction of errors into the configuration file occurs. It is always a good idea to make a backup copy before making changes.

Edit the knot.conf file. The author uses vi, but you can substitute your favorite command line editor:

vi /etc/knot/knot.conf

Insert the following:

    listen: ::@53

  - domain:
    storage: /var/lib/knot/zones

  - target: syslog
    any: info

Replace with the domain name you are running a nameserver for.

Next, create the zone files:

mkdir /var/lib/knot/zones
vi /var/lib/knot/zones/

The DNS zone files are BIND compatible. In the file, insert:

$TTL    86400 ; How long should records last?
; $TTL used for all RRs without explicit TTL value
$ORIGIN ; Define our domain name
@  1D  IN  SOA (
                              2024061301 ; serial
                              3h ; refresh duration
                              15 ; retry duration
                              1w ; expiry duration
                              3h ; nxdomain error ttl
       IN  NS ; in the domain
       IN  MX  10 ; external mail provider
       IN  A ; default A record
; server host definitions
ns1    IN  A ; name server definition     
www    IN  A ; web server definition
mail   IN  A ; mail server definition

If you need help customizing BIND-style zone files, Oracle has a good introduction to zone files.

Save your changes.

Enabling Knot

Next, allow DNS ports in firewalld and enable Knot DNS:

firewall-cmd --add-service=dns --zone=public
firewall-cmd --runtime-to-permanent
systemctl enable --now knot

Check DNS resolution with the host command:

% host
Using domain server:
Aliases: has address mail is handled by 10


While most people use third-party services for DNS, there are scenarios where self-hosting DNS is desired. For instance, telecom, hosting, and social media companies, host a large number of DNS entries where hosted services are undesirable.

Knot is one of many open source tools which make hosting DNS possible. Congratulations, you have your very own DNS server! Cheers!

Author: Neel Chauhan

Contributors: Steven Spencer