1. 13

Knot DNS is a high-performance authoritative-only DNS server which supports all key features of the modern domain name system.


  2. 8

    I had to smile at the tags used for this one - “databases”, “distributed”, “networking”. Yep, that’s pretty much DNS in a nutshell :)

    1. 2

      I wasn’t entirely sure I would get away with this, so glad to hear hehe

    2. 2

      First time I’ve heard of Knot. Outside of the GPL licensing, any reason why I would want to use this over NSD? They readily appear to do the same thing and perform similarly.

      1. 4

        Another great authoritative DNS server, if you have a global and/or load-balancing and/or HA requirement, is gdnsd.

        This is the only DNS server I found that from a configuration file you can service all the following requirements simulateously:

        • weighted round robin
        • ‘datacentre’ failover strategies (as well as the typical server failures)
        • handles “if 80% says down…maybe the check is bust rather than the servers themselves”
        • internal based checks, or to use the exit code of an external script
        • geo-targetting (even using the dns subnet client option; about 30% traffic had this)
        • the star feature for me was ‘server coupling’. You could state that a group of servers were all tied together (think ‘same supplier’ as we had ~15 leased server suppliers) so when multiple A/AAAA records were returned, it made sure two servers from the same supplier were not in the mix

        Truly amazing work and the documentation was not half bad either.

        1. 2

          Having diversity in the DNS space is a good thing - in the days when BIND was the only option a zero day or bug could leave large portions of key internet infrastructure vulnerable. It’s for this reason that large DNS providers run their authoritative servers on a variety of operating systems, using a mix of different software. Variety is a good thing!

          Licensing aside, FWICS, there isn’t really a lot to choose from between Knot, NSD and PowerDNS. I guess it comes down to those specific features you may need. For example, NSD doesn’t, AFAIK, support dynamic DNS (Knot, for one, does) and PowerDNS has excellent support for integrating different backends, allowing you to do all sorts of funky things when responding to queries (cf. the pipe backend).

        2. 1

          I do not know what is usual, but FYI, this one has 142 349 lines of code:

          • 13 908 for the tests;
          • 9 339 for m4 files;
          • 20 947 for a contrib source dir;
          • 17 641 for a dnssec source dir;
          • 42 682 for a knot source dir;
          • 19 079 for a libknot source dir;
          • 23 262 for a utils source dir (with one subdir per command name);
          • 2 150 for a zscanner source dir.
          • A few more here and there.

          It seems that when projects grow very big, they write a library that they use themselves to build their software.

          1. 2

            Did this seem high or low to you?

            1. 1

              Network is still a bit of a black box for me.

              It seems rather big, but maybe the bulk of it comes from the will to support “all key features” and the traffic analysis.