Verified Commit 713746f3 authored by Elias Ojala's avatar Elias Ojala
Browse files

Knot configuration examples

parent 4f1c33f3
......@@ -15,3 +15,89 @@ permalink: /dns/authoritative
## Self-hosted
I use and recommend [Knot](https://www.knot-dns.cz/) for self-hosted authoritative DNS.
### Configuration examples
|Server|IP Address|
|-|-|
|`master` (LAN/VPN)|`10.253.43.10`|
|`master` (WAN)|`192.0.2.123`, `2001:db8::cafe:53`|
|`slave` (LAN/VPN)|`10.253.43.15`|
|`slave` (WAN)|`198.51.100.53`, `2001:db8::beef:53`|
#### Master
`/etc/knot/knot.conf`
```yml
# See knot.conf(5) or refer to the server documentation.
server:
rundir: "/run/knot"
user: knot:knot
listen: [ 192.0.2.123@53, 2001:db8::cafe:53@53, 10.253.43.10@53 ]
identity: ""
version: ""
nsid: ""
log:
- target: syslog
any: info
remote:
- id: slave
address: 10.253.43.15@53
acl:
- id: acl_slave
address: 10.253.43.15
action: transfer
zone:
- domain: example.com
storage: /var/lib/knot/zones/
file: example.com.zone
notify: slave
acl: acl_slave
```
Zone file resides in `/var/lib/knot/zones/example.com.zone`
#### Slave
`cat /etc/knot/knot.conf`
```yml
# See knot.conf(5) or refer to the server documentation.
server:
rundir: "/run/knot"
user: knot:knot
listen: [ 198.51.100.53@53, 2001:db8::beef:53@53, 10.253.43.15@53 ]
identity: ""
version: ""
nsid: ""
log:
- target: syslog
any: info
remote:
- id: master
address: 10.253.43.10@53
acl:
- id: acl_master
address: 10.253.43.10
action: notify
template:
- id: default
storage: "/var/lib/knot"
file: "%s.zone"
zone:
- domain: example.com
master: master
acl: acl_master
```
\ No newline at end of file
......@@ -9,7 +9,8 @@ permalink: /dns/resolvers
* [UncensoredDNS](https://blog.uncensoreddns.org/dns-servers/) (Denmark + United States)
* [Digitalcourage](https://digitalcourage.de/support/zensurfreier-dns-server) (Germany)
* [CZ.NIC ODVR](https://www.nic.cz/odvr/) (Czechia)
* [DNSWarden](https://dnswarden.com/) (Germany)
* [DNSWarden](https://dnswarden.com/) (**Note: only port 5353 for plaintext**, Germany)
* [Snopyta.org](https://snopyta.org/) (Germany)
* [IPredator](https://ipredator.se/page/services#service_dns) (Sweden)
* [Cryptostorm](https://cryptostorm.is/dns.txt) (international, mainly Europe and United States)
* [OpenNIC](https://wiki.opennic.org/) (international)
......@@ -45,7 +46,6 @@ Guides for using DNS-over-TLS can be found from [here](dot/index.md).
More DNSCrypt resolvers can be found [here](https://github.com/dyne/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv).
## Further reading
* [On Firefox moving DNS to a third party](https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/) on PowerDNS Blog
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment