Knot Resolver 1.2.6 has been released.
- dnssec: don't set AD flag for NODATA answers if wildcard non-existence is not guaranteed due to …
Knot Resolver 1.2.5 has been released.
- layer/validate: clear AD if closest encloser proof has opt-outed NSEC3 (#169)
- layer/validate: check if …
Knot Resolver 1.2.4 has been released.
- Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the …
The Knot Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. There are three built-in modules - iterator, cache, validator, and many external.
The Lua modules, switchable and shareable cache, and fast FFI bindings makes it great to tap into resolution process, or be used for your recursive DNS service. It's the OpenResty of DNS.
The server adopts a different scaling strategy than the rest of the DNS recursors - no threading, shared-nothing architecture (except MVCC cache that may be shared). You can start and stop additional nodes depending on the contention without downtime.