@node Security Considerations, Troubleshooting, Running Knot DNS, Top
@chapter Security Considerations

[TODO]
- faces the internet

If libcap-ng is available, Knot DNS on Linux takes advantage of
the POSIX 1003.1e capabilities. This mechanism breaks the a set of privileges
traditionally associated with the root into groups that can be set per-thread
and independently enabled or disabled. For more information, look up manual page
for capabilities(7).

Knot DNS uses strips exposed threads of most capabilities like file access,
privileged socket operations and such.
This mitigates potential remote exploits or at least the impact.