Configuring Knot

The Knot resolver is a caching recursive DNS resolver, from the Czech internet registry. It is the only resolver we have identified where it is relatively easy to disable QNAME minimization for specific domains. The resolver uses QNAME minimization by default, but it can be turned off by using the NO_MINIMIZE flag.

The configuration files reside in the /etc/knot-resolver directory. The DNS server process is called kresd, and the configuration file is usually called kresd.conf.

To disable QNAME minimization, for the dq.spamhaus.net domain only, add this section near the end of the file, after the modules are loaded.

policy.add(
    policy.suffix(
        policy.FLAGS({'NO_MINIMIZE'}),
        {todname('dq.spamhaus.net.')}
    )
)

This adds the NO_MINIMIZE policy specifically for all hosts in the dq.spamhaus.net zone.

To further enhance performance, raise the default cache size. The cache size can be set to 90% of the available free memory after the machine has just booted. If there is other software running on the same machine (e.g. MTA, Spamassassin or rspamd), then you will need to account for the memory used by this software too. Making the cache larger than the available memory will result in swapping. See the knot resolver documentation for more information.

For example, to configure 5 GBytes of cache memory for Knot, replace the cache size initialisation at the end of the kresd.conf file with this snippet:

-- Cache size
cache.size = 5 * GB