We recommend using the latest Knot Resolver version. Our upstream releases undergo extensive automated testing and are suitable for production.

Packages available in your distribution's may be outdated. Follow the instructions below to obtain the latest Knot Resolver version for your distribution.

Please note that we occasionally release a major version which may require manual upgrade. Please subscribe to our knot-resolver-announce mailing list to be notified of new releases, including upgrade instructions if necessary.

Debian / Ubuntu

On Debian unstable and testing, use packages directly from Debian repositories. Otherwise install our upstream repositories using these steps:

dpkg -i knot-resolver-release.deb
apt update
apt install -y knot-resolver

After that apt will keep updating knot-resolver 5.x packages from our repositories. For complete matrix of releases and architectures in those repos, see home:CZ-NIC:knot-resolver-latest.

Enterprise Linux 7, 8, 9

Use Fedora EPEL.

yum install -y epel-release
yum install -y knot-resolver

Package updates are delayed by about one week after release. To obtain the latest released version early, you can use the epel-testing repository.

yum install -y --enablerepo epel-testing knot-resolver


Use the distribution's repositories where we maintain up-to-date packages.

dnf install -y knot-resolver

Package releases are delayed by about a week. To obtain the latest released version early, you can use the updates-testing repository.

dnf install -y --enablerepo updates-testing knot-resolver

OpenSUSE Leap / Tumbleweed

Add the OBS package repository home:CZ-NIC:knot-resolver-latest to your system.

Arch Linux

pacman -S knot-resolver

Source code

New releases are signed with one of our developer PGP keys:

pub   rsa4096 2022-03-07 [SC] [expires: 2026-03-03]
uid           Ales Mrazek <>

pub   rsa4096 2016-10-16 [SCA] [expires: 2027-11-11]
uid           Vladimír Čunát (work) <>

pub   ed25519 2024-01-31 [SC] [expires: 2027-01-30]
uid           Oto Šťáva (work CZ.NIC) <>

Older releases may be signed using the following keys:

See the Building from sources for instructions how to build from sources.

Docker image

This is simple way to experiment and does not require any dependencies or system modifications. The images are not designed for production use. See the build page for more information and options.