CZ.NIC Introduces Its Own DNS Server – a Significant Contribution to Internet Stability

Prague, 3 November 2011 – Browsing websites, sending emails, Internet telephony… None of this would be possible without properly functioning DNS servers. So far only two suitable open source DNS server implementations have been available for the operation of medium to large scale domain registries – BIND and NSD. Therefore, the CZ.NIC association, the .CZ domain registry, introduced a new DNS server implementation – Knot DNS – at the RIPE 63 international conference in Vienna this week.

“It is crucial for the overall stability of important zones such as the root zone or top level domains such as .CZ or .COM to have wider choices for the operation of DNS servers. More independent implementations written from scratch enhance the diversity of the DNS servers ecosystem and decrease the possibility of a general failure which may be caused by a remote triggered bug or another kind of a technical problem in the code in one of the existing implementations,” explains Ondřej Surý, head of CZ.NIC R&D.

The main advantages of Knot DNS are performance, scalability, speed and the possibility to add and remove zones without a service interruption. Knot DNS also features a multithread design which is almost lock-less thanks to techniques such as read-copy-update and copy-on-write. Thanks to this, Knot DNS can handle more than 200,000 queries per second on the commodity hardware.

“We set the goal of designing a server more flexible than BIND and faster than NSD. Our implementation is focused not only on TLD operators, but also on DNS operators with hundreds or thousands of small zones. Apart from top-level domain operators, we expect interest from domain registrars as well,” adds Ondřej Surý.

Knot DNS is written in C, supports Linux, BSD-based systems and Mac OS X. It is licensed under the GPL (version 3). The project is currently in the beta stage; source code and other information is available at Despite the fact that Knot DNS is still in the beta, its heart already powers several domains in the CZ.NIC association (such as

Any contribution from the wider audience is more than welcome. A testing in the real world naturally covers more scenarios of DNS server use than any in- house testing in an artificial environment. Therefore we make a call to the professional community to be actively involved in the testing and reporting bugs back to the Knot DNS project. Bug reports can be submitted either via a web interface at, using an email conference at or by mailing developers at

In the coming months, the development team plans to finish missing features, squash bugs, debug, test and stabilize the code. Long term goals are to further optimize and speed-up the code. From the operational perspective, CZ.NIC will deploy Knot DNS in the anycast infrastructure of DNS servers for the .CZ domain by the end of this year.