Built for
Authority
Every feature needed for modern authoritative DNS — from root servers to enterprise zones.
Open Source
Completely free under GPL 3+ license. Runs on Linux, BSD, macOS, and any POSIX-compliant system.
Feature-Packed
IXFR, DDNS, Response Rate Limiting, automatic DNSSEC signing, and dynamic record synthesis — all built in.
High Performance
Lock-free responding architecture. Suitable for root and TLD servers with non-stop operation capability.
Secure & Stable
Extensive automated testing suite ensuring stability, interoperability, and security compliance across releases.
Technical Specifications
Automatic DNSSEC
Automated key management and zone signing
IXFR Transfers
Efficient zone synchronization
Dynamic DNS
RFC 2136 compliant updates
Rate Limiting
DDoS mitigation built in
Record Synthesis
On-the-fly DNS record generation
Prometheus
Export metrics for monitoring
Deploy in Minutes
# Pull the latest stable image
docker pull cznic/knot:3.5
# Run with your zone config
docker run -d --name knot-dns \
-v /path/to/knot.conf:/config/knot.conf \
-p 53:53/udp -p 53:53/tcp \
cznic/knot:3.5
# Add CZ.NIC repository
curl -fsSL https://pkg.labs.nic.cz/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/cznic.gpg
# Install Knot DNS
sudo apt install knot
# Download source
wget https://secure.nic.cz/files/knot-dns/knot-3.5.3.tar.xz
# Build and install
tar xf knot-3.5.3.tar.xz && cd knot-3.5.3
./configure && make && sudo make install
Sister Project
Knot Resolver
Need a caching resolver? Knot Resolver is a high-performance caching full resolver — the cornerstone of Cloudflare's 1.1.1.1 service.
Visit knot-resolver.cz# Test with Knot Resolver
kdig @127.0.0.1 example.cz A
; ANSWER SECTION:
example.cz. 3600 IN A 1.2.3.4
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53
Part of the CZ.NIC Open Source Ecosystem
Deploy Authoritative
DNS Today
The DNS server trusted by root and TLD operators worldwide. Lock-free, high-performance, rock-solid.