knotc(1) Knot DNS control utility


knotc [parameters] action [action_args]



-c, --config file
Select configuration file.
-s server
Remote UNIX socket/IP address (default /run/knot/knot.sock).
-p port
Remote server port (only for IP).
-y [hmac:]name:key
Use key specified on the command line (default algorithm is hmac-md5).
-k file
Use key file (as in config section 'keys').
-f, --force
Force operation - override some checks.
-v, --verbose
Verbose mode - additional runtime information.
-V, --version
Print version of the server.
-h, --help
Print help and usage.


Stop server (no-op if not running).
reload [zone]...
Reload configuration and changed zones (all if not specified).
flush [zone]...
Flush journal and update zone files (all if not specified).
Check if server is running.
Show status of configured zones.
refresh [zone]...
Refresh slave zones (all if not specified).
Check current server configuration.
checkzone [zone]...
Check zone (all if not specified).
memstats [zone]...
Estimate memory consumption for zone (all if not specified).


Setup a keyfile for remote control
1. Generate key:
# dnssec-keygen -a hmac-md5 -b 256 -n HOST knotc-key
2. Extract secret in base64 format and create keyfile:
# echo "knotc-key hmac-md5 <secret>" > knotc.key
Make sure the key can be read/written only by the owner for security reasons.
Reload server remotely
# knotc -s -k knotc.key reload


The full documentation for Knot DNS is maintained as a Texinfo manual. If the info program is properly installed at your site, the info Knot command should give you an access to the complete manual.