Policy, access control, data manipulation

Note

Knot Resolver developers need your feedback to make the software even better!

We believe features described in this section are harder to use than necessary. To fix this, we plan to rework these features, possibly even in an incompatible way if we determine it is needed.

Please participate in survey to provide developers with necessary information. Your answers will help us tailor Knot Resolver to your needs. Thank you!

Features in this section allow to configure what clients can get access to what DNS data, i.e. DNS data filtering and manipulation.

Query policies specify global policies applicable to all requests, e.g. for blocking access to particular domain. Views and ACLs allow to specify per-client policies, e.g. block or unblock access to a domain only for subset of clients.

It is also possible to modify data returned to clients, either by providing Static hints (answers with statically configured IP addresses), DNS64 translation, or IP address renumbering.

Additional modules offer protection against various DNS-based attacks, see Rebinding protection and Refuse queries without RD bit.

At the very end, module DNS Application Firewall provides HTTP API for run-time policy modification, and generally just offers different interface for previously mentioned features.

• Query policies
• Views and ACLs
• Static hints
• DNS64
• IP address renumbering
• Answer reordering
• Rebinding protection
• Refuse queries without RD bit
• DNS Application Firewall