Frederik15h ago

Setting up protective DNS with Knot Resolver 6

A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]

https://blog.frehi.be/2026/05/10/setting-up-protective-dns-with-knot-resolver-6/

Setting up protective DNS with Knot Resolver 6 | Frederik Himpe

A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It’s time for an update: Knot Resolver 6 series has become stable…

Frederik Himpe
FrehiApr 14

And then when I thought I had knot-resolver finally working fine, it again ends up in an endless loop restarting policy-loader.

#knotresolver

Turris projectOct 14, 2025
Our #stand at #NetworkX is #ready! If you are around and want to learn more about our #opensource #secure #wifi #router #OmniaNG or about other #CZNIC projects like #Bird or #KnotResolver, drop by and talk to us!
Show threadTurris projectDec 29, 2024
@DJGummikuh Hi, #reForis is actually made to be compatible with #LuCI as much as possible. Only thing where we differ is #DNS settings. We are using #KnotResolver (for #DNSSEC and more). You can enable #dnsmasq and ignore DNS settings in reForis. For the rest of the system, we are just handling #updates 😉 But we push all necessary patches to #vanilla kernel, so you can install not only #OpenWrt (there is #community contributed howto on their wiki), but also many other #Linux distributions 😉
Oto ŠťávaNov 22, 2024

Turns out I never posted this, even though it's been out for some time.

During my time at CZ.NIC, working on Knot Resolver, I rewrote its I/O for better maintainability and to prepare it for DNS-over-QUIC. While I never got around to doing DoQ (it still may happen eventually, it's just not up to me anymore), I am still proud of the refactor itself, as it has later proven to be helpful, so I wrote a little blogpost about it. Enjoy :)

https://en.blog.nic.cz/2024/09/11/layered-protocols-or-the-big-i-o-rewrite-of-knot-resolver-6/

#KnotResolver #DNS #QUIC #IO

Layered protocols, or the big I/O rewrite of Knot Resolver 6

The CZ.NIC Staff Blog | @ IN SOA domains.dns.enum.mojeid.internet. nic.cz.
Late Night OwlAug 21, 2024

Did someone manage to run the official knot-resolver container in production? I've been trying it out, but it keeps dropping me into an interactive console and I've got no idea what to pass to make it work as a regular recursive resolver.

#homelab #dns #knot #KnotResolver #podman

Oto ŠťávaJul 16, 2024

My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/

#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

Knot Resolver 6 News: DoS protection – operator’s overview

The CZ.NIC Staff Blog | @ IN SOA domains.dns.enum.mojeid.internet. nic.cz.
nysosDec 29, 2023

Feel free to use my DNS box for adfiltered & fast DNS during the congress: 151.217.1.205

#37c3 #dns #up4 #pihole #knotresolver

FrederikDec 25, 2023

Protecting your Linux server against security exploits with AppArmor

#AppArmor #Debian #KnotResolver #Linux #Postfix #security

https://blog.frehi.be/2023/12/25/protecting-your-linux-server-against-security-exploits-with-apparmor/

Protecting Linux against security exploits with Apparmor

How to use AppArmor to protect your Linux system against zero-day exploits with example profiles for Knot Resolver and Postfix.

Frederik Himpe
B1 Systems GmbHJan 18, 2023
Neu auf dem B1 Blog: Verschlüsseltes DNS selber machen - Teil 2️⃣
Jens Meißner zeigt heute, wie der knot-resolver als DoH- und DoT-Server eingerichtet werden kann: https://blog.b1-systems.de/verschlusseltes-dns-selber-machen-teil-2
#DoT #DoH #knotresolver #Debian #Bullseye
B1 Systems GmbH