ProHoster > Blog > internet news > KnotDNS 3.0.0 DNS Server Release

KnotDNS 3.0.0 DNS Server Release

Published Release KnotDNS 3.0.0, a high-performance authoritative DNS server (the recursor is made as a separate application) that supports all modern DNS features. The project is developed by the Czech naming registry CZ.NIC, written in C and spreads licensed under GPLv3.

KnotDNS is characterized by a focus on high query processing performance, which uses a multi-threaded and mostly non-blocking implementation that scales well on SMP systems. Features such as adding and removing zones on the fly, zone transfers between servers, DDNS (dynamic updates), NSID (RFC 5001), EDNS0 and DNSSEC extensions (including NSEC3), response rate limits (RRL) are provided.

In the new release:

  • Added high-performance network mode, implemented using the subsystem XDP (eXpress Data Path), which provides means for processing packets at the network driver level at a stage before processing by the network stack of the Linux kernel. To use the mode, Linux kernel 4.18 or later is required.
  • Added support for catalog zones ("Catalog Zones"), which simplifies the maintenance of secondary DNS servers. When this feature is enabled, instead of defining separate records for each secondary zone on the secondary server, a zone catalog is transferred between the primary and secondary servers, after which the zones created on the primary server and marked as included in the catalog will be automatically created on the secondary server without the need to edit files configuration. The kcatalogprint utility is proposed for catalog management.
  • A new DNSSEC validation mode has been added.
  • Added kzonesign utility for manually generating digital signatures for DNSSEC.
  • Added kxdpgun utility with implementation of high performance DNS over UDP traffic generator for Linux.
  • Added support for DNS over HTTPS (DoH) to kdig, implemented with GnuTLS and libnghttp2.
  • Added support for manual DNSSEC key management revocation status KSK keys (Key Signing Key) (RFC 5011).
  • Added support for deterministic digital signature generation using ECDSA algorithms (requires GnuTLS 3.6.10 and later).
  • A safe method for backing up and restoring DNS zone data is proposed.
  • The performance of the "statistics" module has been significantly improved.
  • When you enable the multi-threaded mode of generating digital signatures for DNS zones, parallelization of some additional operations with zones is ensured.
  • Improved caching efficiency and increased query processing performance.

Source: opennet.ru

Add a comment