From e3060b6b2afb8f5a7b558f5c9c3cb12ef2aa998c Mon Sep 17 00:00:00 2001 From: Neel Chauhan Date: Thu, 13 Jun 2024 11:54:43 -0400 Subject: [PATCH 1/3] New guide: Knot Authoritative DNS --- docs/guides/dns/knot_authoritative_dns.md | 133 ++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 docs/guides/dns/knot_authoritative_dns.md diff --git a/docs/guides/dns/knot_authoritative_dns.md b/docs/guides/dns/knot_authoritative_dns.md new file mode 100644 index 0000000000..82801a25fe --- /dev/null +++ b/docs/guides/dns/knot_authoritative_dns.md @@ -0,0 +1,133 @@ +--- +title: Knot Authoritative DNS +author: Neel Chauhan +contributors: +tested_with: 9.4 +tags: + - dns +--- + +# Knot Authoritative DNS + +An alternative to BIND, [Knot DNS](https://www.knot-dns.cz/) is an modern authoritative-only DNS server maintained by the Czech domain registry [CZ.NIC](https://www.nic.cz/). + +## Prerequisites and assumptions + +- A server running Rocky Linux +- Able to use *firewalld* for creating firewall rules +- A domain name or internal recursive DNS server pointed to your authoritative DNS server + +## Introduction + +External, or public, DNS servers map hostnames to IP addresses and, in the case of PTR (known as "pointer" or "reverse") records, map the IP addresses to the hostname. This is an essential part of the Internet. It makes your mail server, web server, FTP server, or many other servers and services work as expected no matter where you are. + +## Installing and enabling Knot + +First install EPEL: + +```bash +dnf install epel-release +``` + +Next install Knot: + +```bash +dnf install knot +``` + +## Configuring Knot + +Before making changes to any configuration file, move the original installed working file, `knot.conf`: + +```bash +mv /etc/knot/knot.conf /etc/knot/knot.conf.orig +``` + +That will help in the future if the introduction of errors into the configuration file occurs. It is *always* a good idea to make a backup copy before making changes. + +Edit the *knot.conf* file. The author is using *vi* , but you can substitute your favorite command line editor: + +```bash +vi /etc/knot/knot.conf +``` + +Insert the following: + +```bash +server: + listen: 0.0.0.0@53 + listen: ::@53 + +zone: + - domain: example.com + storage: /var/lib/knot/zones + file: example.com.zone + +log: + - target: syslog + any: info +``` + +Replace `example.com` with the domain name you are running a nameserver for. + +Next, create the zone files itself: + +```bash +mkdir /var/lib/knot/zones +vi /var/lib/knot/zones/example.com.zone +``` + +The DNS zone files are BIND compatible. In the file, insert: + +```bash +$TTL 86400 ; How long should records last? +; $TTL used for all RRs without explicit TTL value +$ORIGIN example.com. ; Define our domain name +@ 1D IN SOA ns1.example.com. hostmaster.example.com. ( + 2024061301 ; serial + 3h ; refresh duration + 15 ; retry duration + 1w ; expiry duration + 3h ; nxdomain error ttl + ) + IN NS ns1.example.com. ; in the domain + IN MX 10 mail.another.com. ; external mail provider + IN A 172.20.0.100 ; default A record +; server host definitions +ns1 IN A 172.20.0.100 ; name server definition +www IN A 172.20.0.101 ; web server definition +mail IN A 172.20.0.102 ; mail server definition +``` + +If you need help customizing BIND-style zone files, Oracle has [a good introduction to zone files](https://docs.oracle.com/en-us/iaas/Content/DNS/Reference/formattingzonefile.htm). + +Save your changes. + +## Enabling Knot + +Now you will allow DNS in `firewall-cmd` and enable Knot DNS: + +```bash +firewall-cmd --add-service=dns --zone=public +firewall-cmd --runtime-to-permanent +systemctl enable --now knot +``` + +You can check DNS resolution with the `host` command: + +```bash +% host example.com 172.20.0.100 +Using domain server: +Name: 172.20.0.100 +Address: 172.20.0.100#53 +Aliases: + +example.com has address 172.20.0.100 +example.com mail is handled by 10 mail.another.com. +% +``` +## Conclusion + +While most people use third-party services for DNS there are scenarios where self-hosting DNS is desired. For instance, telecom, hosting and social media companies host a large number of DNS entries where hosted services are undesirable. + +Knot is one of many open source tools which make hosting DNS possible, so congratulations, you got your very own DNS server! Cheers! From 15df2824667708e6332c99a6588ac77720794750 Mon Sep 17 00:00:00 2001 From: Neel Chauhan Date: Sat, 15 Jun 2024 10:14:04 -0400 Subject: [PATCH 2/3] Update docs/guides/dns/knot_authoritative_dns.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Serge Croisé --- docs/guides/dns/knot_authoritative_dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/dns/knot_authoritative_dns.md b/docs/guides/dns/knot_authoritative_dns.md index 82801a25fe..2041dc000a 100644 --- a/docs/guides/dns/knot_authoritative_dns.md +++ b/docs/guides/dns/knot_authoritative_dns.md @@ -45,7 +45,7 @@ mv /etc/knot/knot.conf /etc/knot/knot.conf.orig That will help in the future if the introduction of errors into the configuration file occurs. It is *always* a good idea to make a backup copy before making changes. -Edit the *knot.conf* file. The author is using *vi* , but you can substitute your favorite command line editor: +Edit the *knot.conf* file. The author is using *vi*, but you can substitute your favorite command line editor: ```bash vi /etc/knot/knot.conf From 82738ffcc782ce0968ac096a03796b36e4911172 Mon Sep 17 00:00:00 2001 From: Neel Chauhan Date: Sat, 15 Jun 2024 10:14:14 -0400 Subject: [PATCH 3/3] Update docs/guides/dns/knot_authoritative_dns.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Serge Croisé --- docs/guides/dns/knot_authoritative_dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/dns/knot_authoritative_dns.md b/docs/guides/dns/knot_authoritative_dns.md index 2041dc000a..323cc6f687 100644 --- a/docs/guides/dns/knot_authoritative_dns.md +++ b/docs/guides/dns/knot_authoritative_dns.md @@ -9,7 +9,7 @@ tags: # Knot Authoritative DNS -An alternative to BIND, [Knot DNS](https://www.knot-dns.cz/) is an modern authoritative-only DNS server maintained by the Czech domain registry [CZ.NIC](https://www.nic.cz/). +An alternative to BIND, [Knot DNS](https://www.knot-dns.cz/) is a modern authoritative-only DNS server maintained by the Czech domain registry [CZ.NIC](https://www.nic.cz/). ## Prerequisites and assumptions