FreeBSD Manual Pages
kresd(8) Knot Resolver 6.1.0 kresd(8) NAME kresd - full caching DNSSEC-enabled Knot Resolver 6.1.0. SYNOPSIS kresd [-a|--addr addr[@port]] [-t|--tls addr[@port]] [-S|--fd fd] [-T|--tlsfd fd] [-c|--config config] [-n|--noninteractive] [-q|--quiet] [-v|--verbose] [-V|--version] [-h|--help] [rundir] DESCRIPTION Beware: you most likely don't want to use the kresd process directly. Instead the knot-resolver command will manage the processes for you. Knot Resolver is a DNSSEC-enabled full caching resolver. Default mode of operation: when it receives a DNS query it iteratively asks authoritative nameservers starting from root zone (.) and ending with a nameservers authoritative for queried name. Automatic DNSSEC means verification of integrity of authoritative responses by following keys and signatures starting from root. Root trust anchor is automati- cally bootstrapped from IANA, or you can provide a file with root trust anchors (same format as Unbound or BIND9 root keys file). The daemon also caches intermediate answers into cache, which by de- fault uses LMDB memory-mapped database. This has a significant advan- tage over in-memory caches as the process may be stopped and restarted without loss of cache entries. In multi-user scenario a shared cache is potential privacy/security issue, with kresd each user can have re- solver cache in their private directory and use it in similar fashion to keychain. To use a locally running kresd for resolving put nameserver 127.0.0.1 into resolv.conf(5) and start kresd The daemon may be configured also as a plain forwarder using query policies. This requires using a config file. Please refer to documen- tation for configuration file options. It is available at https://www.knot-resolver.cz/documentation/latest/ or in package docu- mentation (available as knot-resolver-doc package in most distribu- tions). The available CLI options are: -a addr[@port], --addr=<addr[@port]> Listen on given address (and port) pair. If no port is given, 53 is used as a default. Option may be passed multiple times to listen on more addresses. -t addr[@port], --tls=<addr[@port]> Listen using TLS on given address (and port) pair. If no port is given, 853 is used as a default. Option may be passed multiple times to listen on more addresses. -S fd, --fd=<fd> Listen on given file descriptor(s), passed by supervisor. Op- tion may be passed multiple times to listen on more file de- scriptors. -T fd, --tlsfd=<fd> Listen using TLS on given file descriptor(s), passed by supervi- sor. Option may be passed multiple times to listen on more file descriptors. -c config, --config=<config> Set the config file with settings for kresd to read instead of reading the file at the default location (config). -n, --noninteractive Daemon will refrain from entering into read-eval-print loop for stdin+stdout. -q, --quiet Daemon will refrain from printing the command prompt. -v, --verbose Increase logging to debug level. -h Show short command-line option help. -V Show the version. SEE ALSO https://www.knot-resolver.cz/documentation/latest/ AUTHORS kresd developers are mentioned in the AUTHORS file in the distribution. CZ.NIC 2026-01-08 kresd(8)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kresd&sektion=8&manpath=FreeBSD+Ports+15.0.quarterly>