Software Update: Knot Resolver 5.1.1

Knot Resolver is an open source DNS recursor written in C and LuaJIT. When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. cloudflare uses Knot Resolver for example for its dns service. The developers of CZ NIC previously released version 5.1.1 with the following changes:

Knot Resolver 5.1.1 released


  • fix CVE-2020-12667: mitigation for NXNSAttack DNS protocol vulnerability

Bug fixes

  • control sockets: recognize newline as command boundary

For more information please see blog post about NXNSattack.

Version number 5.1.1
Release status Final
Website CZ NIC
License type Conditions (GNU/BSD/etc.)