FreeBSD Manual Pages
kresd(8) Knot Resolver 5.7.5 kresd(8) NAME kresd - full caching DNSSEC-enabled Knot Resolver 5.7.5. SYNOPSIS kresd [-a|--addr addr[@port]] [-t|--tls addr[@port]] [-S|--fd fd] [-T|--tlsfd fd] [-c|--config config] [-n|--noninteractive] [-q|--quiet] [-v|--verbose] [-V|--version] [-h|--help] [rundir] DESCRIPTION Knot Resolver is a DNSSEC-enabled full caching resolver. Default mode of operation: when it receives a DNS query it iteratively asks authoritative nameservers starting from root zone (.) and ending with a nameservers authoritative for queried name. Automatic DNSSEC means verification of integrity of authoritative responses by following keys and signatures starting from root. Root trust anchor is automati- cally bootstrapped from IANA, or you can provide a file with root trust anchors (same format as Unbound or BIND9 root keys file). The daemon also caches intermediate answers into cache, which by de- fault uses LMDB memory-mapped database. This has a significant advan- tage over in-memory caches as the process may be stopped and restarted without loss of cache entries. In multi-user scenario a shared cache is potential privacy/security issue, with kresd each user can have re- solver cache in their private directory and use it in similar fashion to keychain. To use a locally running kresd for resolving put nameserver 127.0.0.1 into resolv.conf(5) and start kresd The daemon may be configured also as a plain forwarder using query policies. This requires using a config file. Please refer to documen- tation for configuration file options. It is available at https://knot- resolver.readthedocs.io or in package documentation (available as knot- resolver-doc package in most distributions). The available CLI options are: -a addr[@port], --addr=<addr[@port]> Listen on given address (and port) pair. If no port is given, 53 is used as a default. Option may be passed multiple times to listen on more addresses. -t addr[@port], --tls=<addr[@port]> Listen using TLS on given address (and port) pair. If no port is given, 853 is used as a default. Option may be passed multiple times to listen on more addresses. -S fd, --fd=<fd> Listen on given file descriptor(s), passed by supervisor. Op- tion may be passed multiple times to listen on more file de- scriptors. -T fd, --tlsfd=<fd> Listen using TLS on given file descriptor(s), passed by supervi- sor. Option may be passed multiple times to listen on more file descriptors. -c config, --config=<config> Set the config file with settings for kresd to read instead of reading the file at the default location (config). -f N, --forks=<N> This option is deprecated since 5.0.0! With this option, the daemon is started in non-interactive mode and instead creates a UNIX socket in rundir that the operator can connect to for interactive session. A number greater than 1 forks the daemon N times, all forks will bind to same addresses and the kernel will load-balance between them on Linux with SO_REUSEPORT support. If you want multiple concurrent processes supervised in this way, they should be supervised independently (see kresd.sys- temd(7)). -n, --noninteractive Daemon will refrain from entering into read-eval-print loop for stdin+stdout. -q, --quiet Daemon will refrain from printing the command prompt. -v, --verbose Increase logging to debug level. -h Show short command-line option help. -V Show the version. SEE ALSO https://knot-resolver.readthedocs.io/en/v5.7.5/ AUTHORS kresd developers are mentioned in the AUTHORS file in the distribution. CZ.NIC 2025-04-24 kresd(8)
NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kresd&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>