Friday, December 6, 2013

All tied up in a knot dns-server ( basic configurations )

The Knot dns server pkg, is a authoritive-only dns server , that's  used by many ISP and TLDs for high performance operations.

It safe from ever becoming a open dns resolver, and based on various benchmarks, it's slighty better than the common bind9  server  which is  avilable thru

Here's how we install it at socpuppets.

1st: download the knot-server at the source website


2nd: your system will need a gcc compiler,  gawk,  lex, bison and the ssl libs; so  you should update your systems if not done already


apt-get install byacc flex gawk bison liburcu-dev libssl-dev

3rd: Run the configure & select the options that you require

configure --enable-microseconds-logs
4th: Now you can  start the compiling process

make ; make install

5th: if all compiles well, you should be presented with a knot server daemon

Configuration is quite simple and straight forward but for the first timer, you should copy the samples from the sample directory into your /etc/knot directory or whatever directory that you plan to opearte out of.

Now for the 1st timer, you should build the minimal  configuration to check the server operation;

system { storage "/etc/knot";
interfaces { my_interface { address; } second_int { address x.x.x.x@53; }
log { syslog { any notice, warning, error; }

zones { { file ""; } }

And then load the  server to check for any errors  configuration or zone database

Later you can  add avance configuration for remote control, logging and dnssec.

btw: The server will not answer any  client queries for recursion lookup.

So you are safe from abuse and will never become part of a DNS refelection atatck or  flood campaign

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
       /     \

No comments:

Post a Comment