manpagez: man pages & more
man kresd(8)
Home | html | info | man
kresd(8)                      Knot Resolver 6.0.9                     kresd(8)


NAME

       kresd - full caching DNSSEC-enabled Knot Resolver 6.0.9.


SYNOPSIS

       kresd [-a|--addr addr[@port]] [-t|--tls addr[@port]] [-S|--fd fd]
       [-T|--tlsfd fd] [-c|--config config] [-n|--noninteractive] [-q|--quiet]
       [-v|--verbose] [-V|--version] [-h|--help] [rundir]


DESCRIPTION

       Knot Resolver is a DNSSEC-enabled full caching resolver.

       Default mode of operation: when it receives a DNS query it iteratively
       asks authoritative nameservers starting from root zone (.) and ending
       with a nameservers authoritative for queried name. Automatic DNSSEC
       means verification of integrity of authoritative responses by following
       keys and signatures starting from root. Root trust anchor is
       automatically bootstrapped from IANA, or you can provide a file with
       root trust anchors (same format as Unbound or BIND9 root keys file).

       The daemon also caches intermediate answers into cache, which by
       default uses LMDB memory-mapped database. This has a significant
       advantage over in-memory caches as the process may be stopped and
       restarted without loss of cache entries. In multi-user scenario a
       shared cache is potential privacy/security issue, with kresd each user
       can have resolver cache in their private directory and use it in
       similar fashion to keychain.


       To use a locally running kresd for resolving put

             nameserver 127.0.0.1

       into resolv.conf(5) and start kresd


       The daemon may be configured also as a plain forwarder using query
       policies.  This requires using a config file. Please refer to
       documentation for configuration file options. It is available at
       https://www.knot-resolver.cz/documentation/latest/ or in package
       documentation (available as knot-resolver-doc package in most
       distributions).

       The available CLI options are:

       -a addr[@port], --addr=<addr[@port]>
              Listen on given address (and port) pair. If no port is given, 53
              is used as a default.  Option may be passed multiple times to
              listen on more addresses.

       -t addr[@port], --tls=<addr[@port]>
              Listen using TLS on given address (and port) pair. If no port is
              given, 853 is used as a default.  Option may be passed multiple
              times to listen on more addresses.

       -S fd, --fd=<fd>
              Listen on given file descriptor(s), passed by supervisor.
              Option may be passed multiple times to listen on more file
              descriptors.

       -T fd, --tlsfd=<fd>
              Listen using TLS on given file descriptor(s), passed by
              supervisor.  Option may be passed multiple times to listen on
              more file descriptors.

       -c config, --config=<config>
              Set the config file with settings for kresd to read instead of
              reading the file at the default location (config).

       -n, --noninteractive
              Daemon will refrain from entering into read-eval-print loop for
              stdin+stdout.

       -q, --quiet
              Daemon will refrain from printing the command prompt.

       -v, --verbose
              Increase logging to debug level.

       -h     Show short command-line option help.

       -V     Show the version.


SEE ALSO

       https://www.knot-resolver.cz/documentation/latest/


AUTHORS

       kresd developers are mentioned in the AUTHORS file in the distribution.

CZ.NIC                            2024-11-11                          kresd(8)

knot-resolver 6.0.9 - Generated Thu Nov 28 09:10:58 CST 2024
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.