:depth: 1
:local:
-Easiest way to configure Knot Resolver is to paste your configuration into YAML file ``/etc/knot-resolver/config.yml``.
+Since version **6.0.0**, Knot Resolver uses new declarative configuration. Easiest way to configure the resolver is to paste your configuration into YAML file ``/etc/knot-resolver/config.yml``.
+You can start with :ref:`network interfaces <usecase-network-interfaces>`, continue with other :ref:`common use cases <usecases-chapter>` and then look in the complete :ref:`configuration <configuration- chapter>` documentation.
+
Complete configurations files for examples can be found `here <https://gitlab.nic.cz/knot/knot-resolver/tree/master/etc/config>`_.
The example configuration files are also installed as documentation files, typically in directory ``/usr/share/doc/knot-resolver/examples/`` (their location may be different based on your Linux distribution).
-==============================
-Lua configuration in YAML file
-==============================
+============================
+Configuration tool - kresctl
+============================
+=================
+Configuration API
+=================
========================
-Lua legacy configuration
+Legacy Lua configuration
========================
Legacy way to configure Knot Resolver daemon is to paste your configuration into configuration file ``/etc/knot-resolver/kresd.conf``.
of this programming language. See article
`Learn Lua in 15 minutes`_ for a syntax overview.
-===============================
-Listening on network interfaces
-===============================
-
-The following configuration instructs Knot Resolver to receive standard unencrypted DNS queries on IP addresses `192.0.2.1` and `2001:db8::1`.
-Encrypted DNS queries are accepted using DNS-over-TLS protocol on all IP addresses configured on network interface `eth0`, TCP port 853.
-
-.. tabs::
-
- .. group-tab:: |yaml|
-
- .. code-block:: yaml
-
- network:
- listen:
- - interface: ['192.0.2.1', '2001:db8::1'] # unencrypted DNS on port 53 is default
- - interface: 'eth0'
- port: 853
- kind: 'dot'
-
- .. group-tab:: |lua|
-
- Network interfaces to listen on and supported protocols are configured using :func:`net.listen()` function.
-
- .. code-block:: lua
-
- -- unencrypted DNS on port 53 is default
- net.listen('192.0.2.1')
- net.listen('2001:db8::1')
- net.listen(net.eth0, 853, { kind = 'tls' })
-
-.. warning::
-
- On machines with multiple IP addresses on the same interface avoid listening on wildcards ``0.0.0.0`` or ``::``.
- Knot Resolver could answer from different IP addresses if the network address ranges
- overlap, and clients would refuse such a response.
-
.. _`Learn Lua in 15 minutes`: http://tylerneylon.com/a/learn-lua/
``knot-resolver.service`` is not enabled by default, thus Knot Resolver won't start automatically after reboot.
To start and enable service in one command use ``systemctl enable --now knot-resolver.service``
+=====================
Legacy daemon startup
=====================
$ sudo systemctl start kresd@1.service
+===============
First DNS query
===============
+
After installation and first startup, Knot Resolver's default configuration accepts queries on loopback interface. This allows you to test that the installation and service startup were successful before continuing with configuration.
For instance, you can use DNS lookup utility ``kdig`` to send DNS queries. The ``kdig`` command is provided by following packages:
projects / thirdparty / knot-resolver.git / commitdiff
