knotc

Start editing a zone

$ knotc zone-begin [zone]

$ knotc zone-set [zone] [subdomain] 3600 A [ip_address]

$ knotc zone-commit [zone]

$ knotc zone-read [zone]

$ knotc conf-read server

knotc [options] <command> [<arguments>]

-h, --help
    Show context-sensitive help

-V, --version
    Print version information

-c, --config FILE
    Configuration file (default: /etc/knot/knot.conf)

-C, --confdb DIR
    Configuration database directory

-s, --socket PATH
    Control socket path (default: /var/run/knot/knot.sock)

-v, --verbose [#]
    Enable debug messages (level 0-3)

-q, --quiet
    Suppress informational messages

-y, --yes
    Automatic yes to prompts

-D, --no-dbus
    Disable D-Bus interface

-X, --read-only
    Read-only mode, no ACK waits

knotc is the command-line control utility for the Knot DNS server daemon (knotd(8)). It enables runtime management tasks such as configuration checks, zone reloads, updates, signing, flushing, and status monitoring without service interruption.

Communication uses a local UNIX domain socket for secure, efficient interaction. Supports incremental zone transfers, automatic DNSSEC key management, and optional D-Bus notifications. Ideal for high-performance authoritative DNS environments.

Common use cases include reloading modified zones (zone-reload), forgetting invalid zones (zone-forget), and querying statistics (stats). Verbose logging and read-only modes aid troubleshooting.

Requires running knotd with socket access; check permissions on socket (/var/run/knot/knot.sock). Some commands need write access. Not for remote control.

status: Server status.
stop: Graceful shutdown.
reload: Reload config.
zone-reload <zone>: Reload specific zone.

Developed by CZ.NIC since Knot DNS 1.0 (2013); evolved with Knot 2.x for better zone management and DNSSEC support. Current in Knot 3.x+.

knotd(8), rndc(8), named-checkzone(8)