This guide covers installation of Knot Resolver on all major Linux distributions. Choose the appropriate section for your distribution and desired version.
Version Note:
- Version 6.x (Current stable: 6.1.0) - YAML/JSON configuration, kres-manager, recommended for new deployments
- Version 5.x (Legacy stable: 5.7.6) - Lua scripting, maintenance mode
# Add repository
echo "deb [trusted=yes] https://repo.knot-resolver.cz/debian/ stable main" | \
sudo tee /etc/apt/sources.list.d/knot-resolver.list
# Install
sudo apt update
sudo apt install knot-resolver
# Start and enable
sudo systemctl enable --now knot-resolver
# Verify installation
kresctl status
# Enable COPR repository
sudo dnf copr enable knot/knot-resolver
# Install
sudo dnf install knot-resolver
# Start and enable
sudo systemctl enable --now knot-resolver
Supported Versions:
Installation Steps:
# 1. Install prerequisites
sudo apt install -y curl gnupg apt-transport-https
# 2. Add repository key (if required)
curl -fsSL https://repo.knot-resolver.cz/keys/nic.gpg | \
sudo tee /etc/apt/trusted.gpg.d/nic.gpg
# 3. Add repository
echo "deb [trusted=yes] https://repo.knot-resolver.cz/debian/ stable main" | \
sudo tee /etc/apt/sources.list.d/knot-resolver.list
# For Ubuntu, replace 'stable' with your codename if needed:
# echo "deb [trusted=yes] https://repo.knot-resolver.cz/debian/ $(lsb_release -cs) main" | \
# sudo tee /etc/apt/sources.list.d/knot-resolver.list
# 4. Update package list
sudo apt update
# 5. Install Knot Resolver
sudo apt install knot-resolver
# 6. Start and enable service
sudo systemctl enable --now knot-resolver
# 7. Verify installation
kresctl status
kresctl --version
# Follow same steps as above but install specific version
sudo apt install knot-resolver=5.7.6-1
# Hold package to prevent automatic upgrade
sudo apt-mark hold knot-resolver
/etc/knot-resolver/config.yaml/etc/knot-resolver/kresd.conf/var/cache/knot-resolver/journalctl -u knot-resolverSupported Versions:
Installation Steps:
# 1. Enable COPR repository (Fedora)
sudo dnf copr enable -y knot/knot-resolver
# For RHEL/CentOS, add repository manually:
# sudo dnf config-manager --add-repo https://repo.knot-resolver.cz/rhel/knot-resolver.repo
# 2. Install Knot Resolver
sudo dnf install -y knot-resolver
# 3. Start and enable service
sudo systemctl enable --now knot-resolver
# 4. Verify installation
kresctl status
kresctl --version
For RHEL 8/9 and derivatives:
# 1. Add repository
sudo dnf config-manager --add-repo \
https://pkg.knot-resolver.cz/rhel/knot-resolver.repo
# 2. Import GPG key
sudo rpm --import https://pkg.knot-resolver.cz/keys/nic.gpg
# 3. Install
sudo dnf install -y knot-resolver
# 4. Enable service
sudo systemctl enable --now knot-resolver
/etc/knot-resolver/config.yaml/var/cache/knot-resolver/journalctl -u knot-resolver -fKnot Resolver is available in Alpine’s official repositories:
# Install from official repositories
sudo apk add knot-resolver
# Start and enable
sudo rc-update add knot-resolver
sudo rc-service knot-resolver start
# Verify
kresctl status
Alpine typically packages the latest stable version. Check available versions:
apk info -a knot-resolver
# Install from official repositories (if available)
sudo pacman -S knot-resolver
# Start and enable
sudo systemctl enable --now knot-resolver
# Using yay
yay -S knot-resolver
# Using paru
paru -S knot-resolver
# Start and enable
sudo systemctl enable --now knot-resolver
kresctl status
pacman -Qi knot-resolver # View package info
Supported Versions:
Installation Steps:
# 1. Add repository (Tumbleweed)
sudo zypper addrepo \
https://download.opensuse.org/repositories/network:/servers/openSUSE_Tumbleweed/network:servers.repo \
knot-resolver
# For Leap 15.x, replace 'openSUSE_Tumbleweed' with 'openSUSE_Leap_15.4' (or your version)
# 2. Refresh repositories
sudo zypper refresh
# 3. Install Knot Resolver
sudo zypper install -y knot-resolver
# 4. Start and enable
sudo systemctl enable --now knot-resolver
# 5. Verify
kresctl status
Prerequisites:
# Debian/Ubuntu
sudo apt install -y build-essential meson ninja-build \
libgnutls28-dev libluajit-5.1-dev libuv1-dev \
libnghttp2-dev pkg-config python3-pip cmake \
libidn2-dev libz-dev
# Fedora/RHEL
sudo dnf install -y gcc meson ninja-build \
gnutls-devel luajit-devel libuv-devel \
nghttp2-devel pkg-config python3-pip cmake \
libidn2-devel zlib-devel
Build and Install:
# 1. Clone repository
git clone https://github.com/CZ-NIC/knot-resolver.git
cd knot-resolver
# 2. Setup build directory
meson setup build
cd build
# 3. Configure (optional: customize installation prefix)
# meson configure -Dprefix=/usr/local
# 4. Build
ninja
# 5. Install
sudo ninja install
# 6. Update library cache
sudo ldconfig
# 7. Verify installation
kresctl --version
Prerequisites:
# Debian/Ubuntu
sudo apt install -y build-essential cmake \
libgnutls28-dev liblua5.3-dev libuv1-dev \
libnghttp2-dev pkg-config
# Fedora/RHEL
sudo dnf install -y gcc cmake \
gnutls-devel lua-devel libuv-devel \
nghttp2-devel pkg-config
Build and Install:
# 1. Clone repository
git clone https://github.com/CZ-NIC/knot-resolver.git
cd knot-resolver
# 2. Create build directory
mkdir build && cd build
# 3. Configure
cmake ..
# 4. Build
make -j$(nproc)
# 5. Install
sudo make install
# 6. Update library cache
sudo ldconfig
# 7. Verify
kresctl --version
Version 6.x - Basic Setup:
Edit /etc/knot-resolver/config.yaml:
# Listen on all interfaces
server:
interfaces:
- "0.0.0.0:53"
- ":::53"
# Enable DNSSEC
dnssec:
enable: true
# Forward to upstream resolvers
forward:
- address: "1.0.0.1"
- address: "8.8.8.8"
# Cache configuration
cache:
max_size: 524288000 # 500 MB
Version 5.x - Basic Setup:
Edit /etc/knot-resolver/kresd.conf:
-- Listen on all interfaces
interfaces { '0.0.0.0@53', '::@53' }
-- Enable DNSSEC
modules = { 'dnssec' }
-- Forward to upstream resolvers
forward('1.0.0.1')
forward('8.8.8.8')
-- Cache configuration
cache.size = 500 * 1024 * 1024 -- 500 MB
Version 6.x:
kresctl validate
Version 5.x:
# Check syntax by attempting reload
sudo systemctl reload knot-resolver
# Test DNS resolution
dig @127.0.0.1 example.com
# Test DNSSEC validation
dig @127.0.0.1 dnssec-failed.org
# Should return SERVFAIL if DNSSEC is working
# UFW (Ubuntu/Debian)
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
# firewalld (Fedora/RHEL)
sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload
# iptables
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
Check logs:
sudo journalctl -u knot-resolver -f
Common issues:
Port 53 already in use:
sudo ss -tlnp | grep :53
sudo systemctl stop systemd-resolved # If conflicting
Configuration errors (v6):
kresctl validate
Permission issues:
sudo chown -R knot-resolver:knot-resolver /var/cache/knot-resolver
# Check trust anchors
kresctl dnssec check # v6
# Clear cache and retry
kresctl cache clear
# Verify system time is correct
timedatectl status
# Check cache statistics
kresctl cache stats # v6
# Reduce cache size in configuration
# v6: cache.max_size: 268435456 # 256 MB
# v5: cache.size = 256 * 1024 * 1024
# Clear cache
kresctl cache clear
# Check statistics
kresctl stats
# Check upstream latency
kresctl stats upstreams # v6
# Add more forwarders or use closer resolvers
# Update package list
sudo apt update
# Upgrade Knot Resolver
sudo apt install --only-upgrade knot-resolver
# Restart service
sudo systemctl restart knot-resolver
# Verify version
kresctl --version
sudo dnf upgrade knot-resolver
sudo systemctl restart knot-resolver
Migrating from version 5 to 6 requires configuration conversion:
# 1. Backup current configuration
sudo cp /etc/knot-resolver/kresd.conf /etc/knot-resolver/kresd.conf.backup
# 2. Install version 6
sudo apt install --only-upgrade knot-resolver # or dnf upgrade
# 3. Use migration tool (if available)
kresctl migrate
# 4. Review new configuration format
# Manual conversion may be required for complex configurations
# 5. Validate new configuration
kresctl validate
# 6. Restart service
sudo systemctl restart knot-resolver
Note: Version 6 uses YAML configuration format instead of Lua. See Configuration Guide for detailed migration instructions.
Running Knot Resolver in containers for production? We help with:
Need help? office@linux-server-admin.com or Contact Us