Provided by: knot-resolver_5.4.4-1_amd64 bug

NAME

       kresd - full caching DNSSEC-enabled Knot Resolver 5.4.4.

SYNOPSIS

       kresd   [-a|--addr  addr[@port]]  [-t|--tls  addr[@port]]  [-S|--fd  fd]  [-T|--tlsfd  fd]
       [-c|--config  config]  [-n|--noninteractive]  [-q|--quiet]  [-v|--verbose]  [-V|--version]
       [-h|--help] [rundir]

DESCRIPTION

       Knot Resolver is a DNSSEC-enabled full caching resolver.

       Default  mode of operation: when it receives a DNS query it iteratively asks authoritative
       nameservers starting from root zone (.) and ending with a  nameservers  authoritative  for
       queried  name. Automatic DNSSEC means verification of integrity of authoritative responses
       by following keys and signatures starting from root. Root trust  anchor  is  automatically
       bootstrapped  from IANA, or you can provide a file with root trust anchors (same format as
       Unbound or BIND9 root keys file).

       The daemon also caches intermediate answers into cache, which by default uses LMDB memory-
       mapped database. This has a significant advantage over in-memory caches as the process may
       be stopped and restarted without loss of cache entries. In multi-user  scenario  a  shared
       cache is potential privacy/security issue, with kresd each user can have resolver cache in
       their private directory and use it in similar fashion to keychain.

       To use a locally running kresd for resolving put

             nameserver 127.0.0.1

       into resolv.conf(5) and start kresd

       The daemon may be configured also  as  a  plain  forwarder  using  query  policies.   This
       requires  using  a  config  file.  Please  refer  to  documentation for configuration file
       options.  It  is  available  at   https://knot-resolver.readthedocs.io   or   in   package
       documentation (available as knot-resolver-doc package in most distributions).

       The available CLI options are:

       -a addr[@port], --addr=<addr[@port]>
              Listen  on  given  address  (and  port)  pair. If no port is given, 53 is used as a
              default.  Option may be passed multiple times to listen on more addresses.

       -t addr[@port], --tls=<addr[@port]>
              Listen using TLS on given address (and port) pair. If no port is given, 853 is used
              as a default.  Option may be passed multiple times to listen on more addresses.

       -S fd, --fd=<fd>
              Listen  on  given  file  descriptor(s), passed by supervisor.  Option may be passed
              multiple times to listen on more file descriptors.

       -T fd, --tlsfd=<fd>
              Listen using TLS on given file descriptor(s), passed by supervisor.  Option may  be
              passed multiple times to listen on more file descriptors.

       -c config, --config=<config>
              Set  the config file with settings for kresd to read instead of reading the file at
              the default location (config).

       -f N, --forks=<N>
              This option is deprecated since 5.0.0!

              With this option, the daemon is started in non-interactive mode and instead creates
              a  UNIX  socket in rundir that the operator can connect to for interactive session.
              A number greater than 1 forks the daemon N times,  all  forks  will  bind  to  same
              addresses  and the kernel will load-balance between them on Linux with SO_REUSEPORT
              support.

              If you want multiple concurrent processes supervised in this way,  they  should  be
              supervised independently (see kresd.systemd(7)).

       -n, --noninteractive
              Daemon will refrain from entering into read-eval-print loop for stdin+stdout.

       -q, --quiet
              Daemon will refrain from printing the command prompt.

       -v, --verbose
              Increase logging to debug level.

       -h     Show short command-line option help.

       -V     Show the version.

SEE ALSO

       kresd.systemd(7), https://knot-resolver.readthedocs.io/en/v5.4.4/

AUTHORS

       kresd developers are mentioned in the AUTHORS file in the distribution.