DOKK / manpages / debian 11 / knot / knotc.8.en
KNOTC(8) Knot DNS KNOTC(8)

knotc - Knot DNS control utility

knotc [parameters] action [action_args]

If no action is specified, the program is executed in interactive mode.

Use a textual configuration file (default is /etc/knot/knot.conf).
Use a binary configuration database directory (default is /var/lib/knot/confdb). The default configuration database, if exists, has a preference to the default configuration file.
Set maximum size of the configuration database (default is 500 MiB, maximum 10000 MiB).
Use a control UNIX socket path (default is /run/knot/knot.sock).
Use a control timeout in seconds. Set to 0 for infinity (default is 60). The control socket operations are also subject to the timeout parameter set on the server side in server's Control configuration section.
Zone event trigger commands wait until the event is finished.
Forced operation. Overrides some checks.
Enable debug output.
Print the program help.
Print the program version.

Check if the server is running. Details are version for the running server version, workers for the numbers of worker threads, or configure for the configure summary.
Stop the server if running.
Reload the server configuration and modified zone files. All open zone transactions will be aborted!
Show global statistics counter(s). To print also counters with value 0, use force option.
Show the zone status. Filters are +role, +serial, +transaction, +events, and +freeze.
Test if the server can load the zone. Semantic checks are executed if enabled in the configuration. When invoked with flag -f/--force an error is returned when semantic check warning appears. (*)
Trigger a zone reload from a disk without checking its modification time. For secondary zone, the refresh event from primary server(s) is scheduled; for primary zone, the notify event to secondary server(s) is scheduled. An open zone transaction will be aborted! (#)
Trigger a check for the zone serial on the zone's primary server. If the primary server has a newer zone, a transfer is scheduled. This command is valid for secondary zones. (#)
Trigger a zone transfer from the zone's primary server. The server doesn't check the serial of the primary server's zone. This command is valid for secondary zones. (#)
Trigger a NOTIFY message to all configured remotes. This can help in cases when previous NOTIFY had been lost or the secondary servers have been offline. (#)
Trigger a zone journal flush to the configured zone file. If an output directory is specified, the current zone is immediately dumped (in the blocking mode) to a zone file in the specified directory. (#)
Trigger a zone data and metadata backup to specified directory. Optional flag +journal backs up also zone journal, whereas +nozonefile avoids backing up current zone contents to a zone file. If zone flushing is disabled, original zone file is backed up instead. (#)
Trigger a zone data and metadata restore from specified backup directory. Optional flags are equivalent to zone-backup. (#)
Trigger a DNSSEC re-sign of the zone. Existing signatures will be dropped. This command is valid for zones with DNSSEC signing enabled. (#)
Trigger immediate key rollover. Publish new key and start a key rollover, even when the key has a lifetime to go. Key type can be ksk (also for CSK) or zsk. This command is valid for zones with DNSSEC signing and automatic key management enabled. Note that complete key rollover consists of several steps and the blocking mode relates to the initial one only! (#)
Use when the zone's KSK rollover is in submission phase. By calling this command the user confirms manually that the parent zone contains DS record for the new KSK in submission phase and the old KSK can be retired. (#)
Trigger a zone freeze. All running events will be finished and all new and pending (planned) zone-changing events (load, refresh, update, flush, and DNSSEC signing) will be held up until the zone is thawed. (#)
Trigger dismissal of zone freeze. (#)
Get zone data that are currently being presented.
Begin a zone transaction.
Commit the zone transaction. All changes are applied to the zone.
Abort the zone transaction. All changes are discarded.
Get zone changes within the transaction.
Get zone data within the transaction.
Add zone record within the transaction. The first record in a rrset requires a ttl value specified.
Remove zone data within the transaction.
Purge zone data, zone file, journal, timers, and/or KASP data of specified zones. Available filters are +expire, +zonefile, +journal, +timers, and +kaspdb. If no filter is specified, all filters are enabled. If the zone is no longer configured, add +orphan filter (zone file cannot be purged in this case). (#)
Show zone statistics counter(s). To print also counters with value 0, use force option.
Initialize the configuration database. If the database doesn't exist yet, execute this command as an intended user to ensure the server is permitted to access the database (e.g. sudo -u knot knotc conf-init). (*)
Check the server configuration. (*)
Import a configuration file into the configuration database. If the database doesn't exist yet, execute this command as an intended user to ensure the server is permitted to access the database (e.g. sudo -u knot knotc conf-import ...). Also ensure the server is not using the configuration database at the same time! (*)
Export the configuration database into a config file or stdout. (*)
List the configuration database sections or section items.
Read the item from the active configuration database.
Begin a writing configuration database transaction. Only one transaction can be opened at a time.
Commit the configuration database transaction.
Rollback the configuration database transaction.
Get the item difference in the transaction.
Get the item data from the transaction.
Set the item data in the transaction.
Unset the item data in the transaction.

Empty or -- zone parameter means all zones or all zones with a transaction.

Use @ owner to denote the zone name.

Type item parameter in the form of section[[id]][.name].

(*) indicates a local operation which requires a configuration.

(#) indicates an optionally blocking operation.

The -b and -f options can be placed right after the command name.

The OK response to triggering commands means that the command has been successfully sent to the server. To verify if the operation succeeded it's necessary to check the server log.

The utility provides interactive mode with basic line editing functionality, command completion, and command history.

Interactive mode behavior can be customized in ~/.editrc. Refer to editrc(5) for details.

Command history is saved in ~/.knotc_history.

Exit status of 0 means successful operation. Any other exit status indicates an error.

$ knotc reload


$ knotc zone-flush example.com example.org


$ knotc conf-read server


$ knotc conf-read zone.domain


$ knotc conf-read 'zone[example.com].master'


$ knotc conf-begin
$ knotc conf-set 'zone[example.org]'
$ knotc conf-set 'zone[example.org].file' '/var/zones/example.org.zone'
$ knotc conf-commit


$ knotc zone-read -- @ SOA


knotd(8), knot.conf(5), editrc(5).

CZ.NIC Labs <https://www.knot-dns.cz>

Copyright 2010–2021, CZ.NIC, z.s.p.o.

2021-03-25 3.0.5