https://knot.readthedocs.io/en/master/configuration.html
DNS over QUIC¶
QUIC is a low-latency, encrypted, internet transport protocol. Knot DNS supports DNS over QUIC (DoQ) (RFC 9250), including zone transfers (XoQ). By default, the UDP port 853 is used for DNS over QUIC.
To use QUIC, a server private key and a certificate must be available. If no key is configured, the server automatically generates one with a self-signed temporary certificate. The key is stored in the KASP database directory for persistence across restarts.
In order to listen for incoming requests over QUIC, at least one interface or XDP interface must be configured.
An example of configuration of listening for DNS over QUIC on the loopback interface:
server:
- listen-quic: ::1
When the server is started, it logs some interface details and public key pin of the used certificate:
... info: binding to QUIC interface ::1@853 ... info: QUIC, certificate public key 0xtdayWpnJh4Py8goi8cei/gXGD4kJQ+HEqcxS++DBw=
1. whois
DNS over QUIC¶ QUIC is a low-latency, encrypted, internet transport protocol. Knot DNS supports DNS over QUIC (DoQ) (RFC 9250), including zone transfers (XoQ). By default, the UDP port 853 is used for DNS over QUIC. To use QUIC, a server private key and a certificate must be available. If no key is configured, the server automatically generates one with a self-signed temporary certificate. The key is stored in the KASP database directory for persistence across restarts. In order to listen for incoming requests over QUIC, at least one interface or XDP interface must be configured. An example of configuration of listening for DNS over QUIC on the loopback interface: server: listen-quic: ::1 When the server is started, it logs some interface details and public key pin of the used certificate: ... info: binding to QUIC interface ::1@853 ... info: QUIC, certificate public key 0xtdayWpnJh4Py8goi8cei/gXGD4kJQ+HEqcxS++DBw=