KnotDNS is an authoritative DNS server available for multiple platforms. This article only refers to some sample commands to allow entries to be read, added & removed. More a note to self article.

These commands assume you have administrative level access to the computer on which KnotDNS is running. You may need to prefix the commands with 'sudo'

Configuration Checks

To check the configuration, run the following command:

knotc conf-check

It should return: Configuration is valid

To show the current configuration, run:

knotc conf-read

Reading zone data

To view the entire data for a single zone, use the following:

knotc zone-read <domain>

Where <domain> is the domain you wish to read.

You can of course use the likes of grep to filter these results

Modifying zone data

It is possible to modify zone data while live running. To do this you first need to enter a transaction phase, then make the modifications, and finally commit these changes.

Starting the transaction phase

knotc zone-begin <domain>

Again here the <domain> is the domain you wish to modify.

Removing record

knotc zone-unset <domain> <entry>

In this command the following refer to:

• <domain> refers to the domain you wish to modify
• <entry> is the short name entry you wish to remove

Add / set record

knotc zone-set <domain> <entry> <TTL> <type> <IP/CNAME Ref/SSHFP entries>

In this command the following refer to:

• <domain> refers to the domain you wish to modify
• <entry> is the short name entry you wish to add / set
• <TTL> is the Time To Live value
• <IP/CNAME Ref/SSHFP entries> refer to:
  • The IP address of the target entry (eg. 192.168.x.y)
  • The CNAME value of the target entry (eg. alias, NOT the FQDN alias.domain)
  • The SSH Fingerprint values of the target entry (eg. SSHFP 1 2 f75e...1f62)

SSHFP

These are SSH fingerprints stored in DNS. You can obtain them using ssh-keygen as follows:

ssh-keygen -r <short name of device>

This command can be tweaked further using sed to give the exact KnotDNS commands needed:

ssh-keygen -r <short name of device> | sed 's/^/knotc zone-set <domain> /;s/ IN / 3600 /;/ SSHFP . 1 /d;'

Commit changes

And finally before any of the modifications can become live, they need to be committed:

knotc zone-commit <domain>

Cancel changes

If you do not want to commit the changes, but instead cancel the operation, use the following at any time to back out:

knotc zone-abort <domain>