You will use a TSIG key to authenticate yourself to your Knot server.
Using keymgr shipped in knot-dnsutils (for Debian releases) makes it simple.
keymgr -t <tsig_name> [<algorithm>] [<bits>]
For example, to generate a key named amphineko:
$ keymgr -t amphineko
Then put the generated output into your knot.conf.
# hmac-sha256:amphineko:ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=
key:
- id: amphineko
algorithm: hmac-sha256
secret: ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=
To allow the clients from 127.0.0.1 with the key named amphineko to update the zone example.com:
acl:
- id: update_acl
address: 127.0.0.1
action: update
key: amphineko
zone:
- domain: example.com
acl: update_acl
file: example.com.zone
And reload your new knot.conf:
# knotc reload
You may use knsupdate shipped in knot-dnsutils to send your dynamic updates.
For example, to add a CNAME record www.example.com pointing to example.com:
$ knsupdate -y hmac-sha256:amphineko:ZWh2R5wD4W6LsmaEXxs9K169L0w0FKwiSXerV7rfrQA=
> server 127.0.0.1
> zone example.com.
> add www.example.com. 300 CNAME example.com.
> send
> answer
Note that domains should fully be qualified here.
You should say www.example.com. instead of www.example.com which omits the trailing period and produces a record www.example.com.example.com..
See Knot DNS documents for other commands.