KNOCKDNS - NO KNOCK EDITION FAQ
A dynamic DNS service updated by visiting a secret HTTPS URL
Well nobody has asked any questions yet, but if they did maybe they would go something like this...
- Whats your email address?
knockdns@ ... then the domain name of this site.
- What kind of DNS records can I get?
Each update creates an address record (A for IPv4, AAAA for IPv6) and an MX record with priority 10 pointing to that hostname, so you can use the hostname for email as well. You can fetch the update URL via both IPv4 and IPv6 to get both A and AAAA records.
- What subdomains are there?
Right now only two subdomains are on offer dyn.koan.net and knockdns.com, but more may be added.
- How do I update my DNS record?
When you register you receive a secret URL by email. Simply fetch that URL using wget or curl from the IP address you want your hostname to point to. The server will detect your IP and update the DNS record automatically. No knock software needed.
- How do I force IPv4 or IPv6?
Use wget -4 or wget -6 (or curl -4 / curl -6) to select the address family when fetching your update URL.
- I have multiple network interfaces or IP addresses — how do I control which one is used for the update?
Use curl's --interface option to bind to a specific interface or source IP:
# Bind to a specific network interface
curl -s -o /dev/null --interface eth1 https://your-update-url-here
# Bind to a specific source IP address
curl -s -o /dev/null --interface 203.0.113.42 https://your-update-url-here
This tells curl which IP to send the request from, so the server sees that address and updates the DNS record accordingly. You can run the command multiple times with different --interface values to register multiple IPs — one will create an A or AAAA record per address family. With wget use --bind-address=203.0.113.42 instead.
- How do I use this on OpenWRT?
Create a script in /etc/hotplug.d/iface/ containing:
#!/bin/sh
wget -q -O /dev/null https://your-update-url-here
and make it executable with chmod +x /etc/hotplug.d/iface/knockdns.sh. The DNS update will be triggered whenever OpenWRT connects. Replace the URL with the one you were emailed when you signed up.
- I am unfortunately using Windows 10 or 11 and would like to update my DNS record without installing a real operating system first, is this possible?
Amazingly, yes. Microsoft finally bundled a real tool with Windows in 2018, so even cmd.exe users can participate. Open the Command Prompt (or Task Scheduler for automatic updates) and run:
curl -s -o NUL https://your-update-url-here
NUL is Windows' touching attempt at /dev/null. Congratulations on achieving in three clicks of the Start menu what a Linux user would do in one line of a cron job.
- How do I use this on an Apple Mac?
macOS ships with both curl and wget so the usual one-liner works fine in Terminal:
curl -s -o /dev/null https://your-update-url-here
For automatic updates on network change, add it to a launchd plist in ~/Library/LaunchAgents/, or simply paste it into a login item script. If you prefer a GUI, any tool that can fetch a URL on a schedule will do — even a shortcut in the Shortcuts app.
- How do I use this on Android?
The simplest option is to install Termux from F-Droid, which gives you a proper shell with curl:
curl -s -o /dev/null https://your-update-url-here
For automatic updates you can use Termux:Boot to run a script on startup, or pair it with Tasker to trigger the update whenever the network changes. If installing Termux sounds like too much effort, any Android automation app (Tasker, MacroDroid, Automate) can fire an HTTP GET request directly without needing a shell at all.
- How do I use this on a TRS-80?
Excellent question. The TRS-80 Model I was released in 1977 and runs TRS-DOS on a 1.77 MHz Z80 processor with up to 48KB of RAM, none of which is particularly conducive to TLS 1.3. Your best approach is to first solve the following subproblems: (1) obtain an Ethernet interface for a 40-year-old 8-bit computer, (2) implement a TCP/IP stack in BASIC or Z80 assembly, (3) implement TLS, (4) implement HTTP/1.1. Alternatively, sit the TRS-80 next to a machine made after 1995 and run the curl command on that instead. The TRS-80 can observe and learn.
- How permanent or free will this site be?
Thats hard to say. Right now its just a small project to test the waters after an earlier rough version filled a need better than the other big name services out there. Donations will help keep us interested in keeping this project afloat. domains registered with cryptocurrency donations will help keep the enthusiasm levels up for reworking the site as it gets close to the limit.
- Why is it called KNOCKDNS if there's no knocking?
The original version of this service used TCP port knocking to trigger DNS updates — you'd send a sequence of connection attempts to specific ports in the right order, and the server would detect the sequence and update your record. It was a neat trick, but it didn't scale well as more hostnames were registered, required custom client software, and was fiddly to set up on anything that wasn't Linux. The current "No Knock Edition" replaces all of that with a secret HTTPS URL: simpler, more reliable, and works out of the box on any OS with a halfway decent HTTP client — including, reluctantly, Windows. The name stuck because changing it would require updating all the DNS records.
- Did an AI write this site?
The original concept, architecture, and most of the code were written by a human. Claude Code (Anthropic's AI coding assistant) did however have a small hand in finishing it off — security hardening, the SQLite migration, the frontend redesign, the admin interface, and a few other bits. It was either that or actually learn CSS properly. The human remains in charge and takes full responsibility for any bugs, opinions about Windows, and questionable design decisions.
- I have an excess of useless cryptocurrency and want to donate it to KNOCKDNS, where should I send it?
Here are the donation addresses for three common cryptocurrencies:
bitcoin:3CKL2rezLUSaFqjekRUhoErUmLa7ez4xKi
litecoin:MJniE7y7eTSUQt4u199gpvC1zbTqvpuWyT
dogecoin:D8j8Jk9JbCABU21G3r2UCdqnguixo2Qv8c