The Knot dns server pkg, is a authoritive-only dns server , that's used by many ISP and TLDs for high performance operations.
It safe from ever becoming a open dns resolver, and based on various benchmarks, it's slighty better than the common bind9 server which is avilable thru isc.org
Here's how we install it at socpuppets.
1st: download the knot-server at the source website
wget https://www.knot-dns.cz/pages/download.html
2nd: your system will need a gcc compiler, gawk, lex, bison and the ssl libs; so you should update your systems if not done already
e.g
apt-get install byacc flex gawk bison liburcu-dev libssl-dev
3rd: Run the configure & select the options that you require
configure --enable-microseconds-logs
4th: Now you can start the compiling process
make ; make install
5th: if all compiles well, you should be presented with a knot server daemon
Configuration is quite simple and straight forward but for the first timer, you should copy the samples from the sample directory into your /etc/knot directory or whatever directory that you plan to opearte out of.
Now for the 1st timer, you should build the minimal configuration to check the server operation;
system { storage "/etc/knot";
}
interfaces { my_interface { address 127.0.0.1@53; } second_int { address x.x.x.x@53; }
}
log { syslog { any notice, warning, error; }
}
zones { socpuppets.com { file "socpuppets.com"; } }
And then load the server to check for any errors configuration or zone database
Later you can add avance configuration for remote control, logging and dnssec.
btw: The server will not answer any client queries for recursion lookup.
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment