v5.7.6772.2 MB
GPL-3.0
strict
core24
Knot Resolver
This is NOT an original piece of work, just a snap of Knot Resolver
Knot Resolver is a caching full resolver implementation written in C and LuaJIT, both a resolver library and a daemon. The core architecture is tiny and efficient, and provides a foundation and a state-machine like API for extensions. There are three modules built-in - iterator, validator, cache, and a few more are loaded by default. Most of the rich features are written in Lua(JIT) and C. Batteries are included, but optional.
The LuaJIT modules, support DNS privacy and DNSSEC, and persistent cache with low memory footprint make it a great personal DNS resolver or a research tool to tap into DNS data. TL;DR it's the OpenResty of DNS.
First use
Deny domain resolution (refreshed every 4 hrs)
2025-09-03
2025-04-30
2024-11-17
2024-10-31
2024-08-14
2024-06-25
2024-02-21
2023-09-21
2023-02-08
2022-09-26
2022-06-14
2022-03-20
2022-01-11
2021-12-13
2021-10-14
2021-08-22
2021-08-16
2021-07-30
2021-07-08
2021-05-11
2021-04-11
2021-03-28
2021-03-14
Knot Resolver is a caching full resolver implementation written in C and LuaJIT, both a resolver library and a daemon. The core architecture is tiny and efficient, and provides a foundation and a state-machine like API for extensions. There are three modules built-in - iterator, validator, cache, and a few more are loaded by default. Most of the rich features are written in Lua(JIT) and C. Batteries are included, but optional.
The LuaJIT modules, support DNS privacy and DNSSEC, and persistent cache with low memory footprint make it a great personal DNS resolver or a research tool to tap into DNS data. TL;DR it's the OpenResty of DNS.
First use
- Read the doc at https://knot-resolver.readthedocs.io/en/stable/ on how to get started.
- Configure the resolver
sudo vi /var/snap/knot-resolver-gael/current/kresd.conf- Start and enable Knot Resolver
sudo snap start --enable knot-resolver-gael.kresd- Read the logs
sudo snap logs -n 30 knot-resolver-gael.kresdDeny domain resolution (refreshed every 4 hrs)
- Enter hosts lists URLs (optional)
sudo vi /var/snap/knot-resolver-gael/common/policies/denyhosts.url# Sample deny host files URLshttps://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts;showintro=0https://raw.githubusercontent.com/StevenBlack/hosts/master/hostshttps://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txthttp://sysctl.org/cameleon/hosts- Enter domains lists URLs (optional)
sudo vi /var/snap/knot-resolver-gael/common/policies/denydomains.url# Sample deny domains URLshttps://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txthttps://s3.amazonaws.com/lists.disconnect.me/simplead.txthttps://s3.amazonaws.com/lists.disconnect.me/simpletracking.txthttps://v.firebog.net/hosts/AdguardDNS.txthttps://v.firebog.net/hosts/Easyprivacy.txt- Start and enable deny policy
sudo snap start --enable knot-resolver-gael.deny-policy- Read the logs
sudo snap logs -n 30 knot-resolver-gael.deny-policy- Add the deny policy list to kresd.conf
sudo vi /var/snap/knot-resolver-gael/current/kresd.confpolicy.add(policy.rpz(policy.DENY, '/var/snap/knot-resolver-gael/common/policies/deny_policy.rpz',true))- Restart Knot Resolver
sudo snap restart knot-resolver-gael.kresd- Read the logs
sudo journalctl --follow --lines 30 -u snap.knot-resolver-gael.kresd2025-09-03
- Updated to v5.7.6
2025-04-30
- Updated to v5.7.5
2024-11-17
- Fixed automatic policy refresh (incorrect architecture environment variable)
- Fixed dnstap module dependency
- Fixed documentation
2024-10-31
- knot-resolver-gael will now use core24 as most users are on Ubuntu 24.04
2024-08-14
- Updated to v5.7.4
2024-06-25
- Updated to v5.7.3
2024-02-21
- Updated to v5.7.1
- Fix for CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU
- Fix for CVE-2023-50387 "KeyTrap"
2023-09-21
- Updated to v5.7.0
2023-02-08
- Updated to v5.6.0
- knot-resolver-gael will now use core22 as most users are on Ubuntu 22.04
2022-09-26
- Updated to v5.5.3
- Fix CVE-2022-40188
2022-06-14
- Updated to v5.5.1
2022-03-20
- Updated to v5.5.0
2022-01-11
- Updated to v5.4.4
2021-12-13
- Updated to v5.4.3
2021-10-14
- Updated to v5.4.2
2021-08-22
- Updated to v5.4.1
- Dependencies cleanup
2021-08-16
- Added DNStap module. See https://snapcraft.io/dnstap-gael
2021-07-30
- Updated to v5.4.0
2021-07-08
- New build to resolve CVE-2021-22918/USN-5007-1
2021-05-11
- Updated to v5.3.2
2021-04-11
- Updated to v5.3.1
- Added deny list with Response Policy Zone (RPZ) refreshed every 4 hrs
2021-03-28
- First release of knot-resolver-gael v5.3.0 on arm64 architecture
- Caveat: I don't have the hardware to test it properly
2021-03-14
- First release of knot-resolver-gael v5.3.0 on amd64
Update History
v5.7.6 (77)13 Dec 2025, 09:47 UTC
6 Mar 2021, 22:02 UTC
3 Sept 2025, 15:20 UTC
13 Dec 2025, 09:47 UTC