Comparison of DNS server software

Last updated

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

Contents

Servers compared

Each of these DNS servers is an independent implementation of the DNS protocols, capable of resolving DNS names for other computers, publishing the DNS names of computers, or both. Excluded from consideration are single-feature DNS tools (such as proxies, filters, and firewalls) and redistributions of servers listed here (many products repackage BIND, for instance, with proprietary user interfaces).

DNS servers are grouped into several categories of specialization of servicing domain name system queries. The two principal roles, which may be implemented either uniquely or combined in a given product are:

BIG-IP DNS

F5 Networks BIG-IP product line offers DNS as an authoritative or recursive server and adds additional security measures. Key advantage is to use the same application delivery controller to support DNS and application acceleration.[ citation needed ]

BIND

BIND is the de facto standard DNS server. It is a free software product and is distributed with most Unix and Linux platforms, where it is most often also referred to as named (name daemon). It is the most widely deployed DNS server. [1] Historically, BIND underwent three major revisions, each with significantly different architectures: BIND4, BIND8, and BIND9. BIND4 and BIND8 are now technically obsolete and not considered in this article. BIND9 is a ground-up rewrite of BIND featuring complete DNSSEC support in addition to other features and enhancements.

Internet Systems Consortium started development of a new version, BIND 10. Its first release was in April 2010, but ISC involvement concluded with the release of BIND 10 version 1.2 in April 2014. ISC cited a lack of resources to continue development of BIND 10, and they reaffirmed their commitment to BIND9. [2]

The BIND 10 codebase continues on as an open source project. It is not included in this comparison at this time.

Cisco Network Registrar

CNR includes a commercial DNS server from Cisco Systems usually used in conjunction with the CNR DHCP (Dynamic Host Configuration Protocol) server. It supports high rates of dynamic update.

CoreDNS

CoreDNS is the recommended DNS server [3] for Kubernetes and graduated from the CNCF in 2019. [4]

Dnsmasq

Dnsmasq is a lightweight, easy to configure DNS forwarder, designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale network. It can serve the names of local machines which are not in the global DNS.

Dnsmasq accepts DNS queries and either answers them from a small, local cache or forwards them to a real, recursive DNS server. It loads the contents of /etc/hosts, so that local host names which do not appear in the global DNS can be resolved.

djbdns

Djbdns is a collection of DNS applications, including tinydns, which was the second most used free software DNS server in 2004. [1] It was designed by Daniel J. Bernstein, author of qmail, with an emphasis on security considerations. In March 2009, Bernstein paid $1000 to the first person finding a security hole in djbdns. [5] The source code is not centrally maintained and was released into the public domain in 2007. There are multiple forks and more than a dozen patches to add additional features to djbdns.

gdnsd

gdnsd is a DNS server designed for geographic balancing. [6] gdnsd is the DNS server used by Wikipedia for its servers and networking. [7]

Knot DNS

Knot DNS is a free software authoritative DNS server by CZ.NIC. Knot DNS aims to be a fast, resilient DNS server usable for infrastructure (root and TLD) and DNS hosting services. Knot DNS supports DNSSEC signing and among others hosts root zone (B, K, and L root name servers), several top-level domains.

Knot Resolver

Knot Resolver is an open source modern resolver implementation designed for scalability, resiliency, and flexibility. Its core architecture is tiny and efficient, and most of the rich features are implemented as optional modules, which limits attack surface and improves performance. Many resolver features are available out-of-the-box as modules while keeping core tiny and efficient. Modular architecture provides a state-machine like API for extensions, such as C and Lua modules. [8]

MaraDNS

MaraDNS is a free software DNS server by Sam Trenholme that claims a good security history and ease of use. [9] [10] In order to change any DNS records, MaraDNS needs to be restarted. Like djbdns dnscache, the MaraDNS 2.0 stand-alone recursive resolver ("Deadwood") does not use threads. [11]

Microsoft DNS

Windows DNS Server [12] component of Microsoft DNS. The same software can be configured to support authoritative, recursive and hybrid mode. The software is integrated with Active Directory which makes it the default DNS software for many enterprise networks that are based on Active Directory. It also allows creating zones by the standard DNS zone file. The software comes packaged as a role in Windows Server. The server software is shipped with a command line application dnscmd, [13] a DNS management GUI wizard, and a DNS PowerShell [14] package. In Windows Server 2012, the Windows DNS added support for DNSSEC, [15] with full-fledged online signing, with Dynamic DNS and NSEC3 support, along with RSASHA and ECDSA signing algorithms. It provides an inbuilt key storage provider and support for any third party CNG compliant key storage provider. User interface and PowerShell support for managing DNS and DNSSEC were improved as well. In the Windows Server 2016, the DNS Server supports DNS policies using which the admins can have more control over the name resolution process. [16]

NSD

NSD is a free software authoritative server provided by NLNet Labs. NSD is a test-bed server for DNSSEC; new DNSSEC protocol features are often prototyped using the NSD code base. NSD hosts several top-level domains, and operates three of the root nameservers.

pdnsd

Pdnsd is a caching DNS proxy server that stores cached DNS records on disk for long term retention. Pdnsd is designed to be highly adaptable to situations where net connectivity is slow, unreliable, unavailable, or highly dynamic, with limited capability of acting as an authoritative nameserver. It is licensed under the GPL. [17]

Posadis

Posadis is a free software DNS server, written in C++, featuring Dynamic DNS update support.

PowerDNS

PowerDNS is a free software DNS server with a variety of data storage back-ends and load balancing features. Authoritative and recursive server functions are implemented as separate applications, as well as a separate DNS caching proxy (dnsdist) which implements features such as DNS over HTTPS.

Secure64 DNS

DNS Authority is commercial authoritative name server software from Secure64, the company that built Genuinely Secure DNS applications and operating system and completely automated the deployment of DNSSEC.

DNS Cache is scalable, highly secure recursive DNS software from Secure64 which provides built-in protection against high-volume denial of service attacks, including Pseudo Random Sub Domain (PRSD) attacks.

Simple DNS Plus

Simple DNS Plus is a commercial DNS server product that runs under Microsoft Windows with an emphasis on a simple-to-use GUI. Maintenance of the software appears to have slackened in recent years.

Technitium DNS Server

Technitium DNS Server [18] [19] is a free, opensource [20] (GPLv3), [21] cross platform, authoritative, caching and recursive DNS server software. It supports DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC encrypted DNS protocols. [22] It also supports DNSSEC signing and validation for RSA and ECDSA algorithms with both NSEC and NSEC3.

The DNS server also features blocking domain names using block lists [23] and also supports using HTTP or SOCKS5, for transport of DNS requests over Tor network. [24]

The DNS server supports running independently developed plugins that can be used to process and respond to DNS requests. It also provides a HTTP API that can be used by 3rd party software to manage the DNS server. [25]

Unbound

Unbound is a validating, recursive and caching DNS server designed for high performance. It was released on May 20, 2008 (version 1.0.0) as free software licensed under the BSD license by NLnet Labs. It is installed as part of the base system in FreeBSD starting with version 10.0, and in NetBSD with version 8.0. A version is also available in OpenBSD version 5.6 and beyond. (Previous versions of FreeBSD shipped with BIND.)

YADIFA

YADIFA is a BSD-licensed, memory-efficient DNS server written in C. The acronym YADIFA stands for Yet Another DNS Implementation For All. It was created by EURid, which operates the .eu top-level domain. [26]

Features

Some DNS features are relevant only to recursive servers, or to authoritative servers. As a result, a feature matrix such as the one in this article cannot by itself represent the effectiveness or maturity of a given implementation.

Another important qualifier is the server architecture. Some DNS servers provide support for both server roles in a single, "monolithic" program. Others are divided into smaller programs, each implementing a subsystem of the server. As in the classic Computer Science microkernel debate, the importance and utility of this distinction is hotly debated. The feature matrix in this article does not discuss whether DNS features are provided in a single program or several, so long as those features are provided with the base server package and not with third-party add-on software.

Explanation of features

Authoritative
A major category of DNS server functionality, see above.
Recursive
A major category of DNS server functionality, see above.
Recursion Access Control
Servers with this feature provide control over which hosts are permitted DNS recursive lookups. This is useful for load balancing and service protection.
Secondary Mode (or Slave Mode)
Authoritative servers can publish content that originates from primary data storage (such as zone files or databases connected to business administration processes)--sometimes also called 'master' servers--or can be secondary (or slave) servers, republishing content fetched from and synchronized with such primary servers. Servers with a "secondary mode" feature have a built-in capability to retrieve and republish content from other servers. This is typically, though not always, provided using the AXFR DNS protocol.
Caching
Servers with this feature provide recursive services for applications, and cache the results so that future requests for the same name can be answered quickly, without a full DNS lookup. This is an important performance feature, as it significantly reduces the latency of DNS requests.
DNSSEC
Servers with this feature implement some variant of the DNSSEC protocols. They may publish names with resource record signatures (providing a "secure authority service"), and may validate those signatures during recursive lookups (providing a "secure resolver"). DNSSEC is becoming more widespread as the deployment of a DNSSEC root key has been done by ICANN. Deployment to individual sites is growing as top level domains start to deploy DNSSEC too. The presence of DNSSEC features is a notable characteristic of a DNS server.
TSIG
Servers with this feature typically provide DNSSEC services. In addition, they support the TSIG (Transaction SIGnature) protocol, which allows DNS clients to establish a secure session with the server to publish Dynamic DNS records or to request secure DNS lookups without incurring the cost and complexity of full DNSSEC support.
IPv6
Servers with this feature are capable of publishing or handling DNS records that refer to IPv6 addresses. In addition to be fully IPv6 capable they must implement IPv6 transport protocol for queries and zone transfers in secondary/primary relationships and forwarder functions.
Wildcard
Servers with this feature can publish information for wildcard records, which provide data about DNS names in DNS zones that are not specifically listed in the zone.
Split horizon
Servers with the split-horizon DNS feature can give different answers depending on the source IP address of the query.

Feature matrix

Server Authoritative Recursive Recursion ACL Secondary mode Caching DNSSEC TSIG IPv6 Wildcard Free SoftwareInterface split horizon DNS over HTTPS DNS over QUIC
BIG-IP DNS YesYesYesYesYesYesYesYesYesNoAPI, command lineYesYesNo
BIND YesYesYesYesYesYesYesYes (since 9.x)Yes (since 4.x)YesWeb [Note 1] , command lineYesYesNo [Note 2]
PowerDNS YesYesYesYes [Note 3] YesYes (since 3.0) [Note 4] Yes (since 3.0)Yes [Note 3] YesYesREST, Web [Note 5] , command linePartial [Note 6] Yes (in dnsdist)No [Note 7]
CoreDNS YesPartial via proxyingYesYesYesYesYesYesYesYesAPIYesYesNo
djbdns YesYesYesYes [Note 8] YesPartial [Note 9] NoPartial via generic records. Partial [Note 10] Yescommand line and web (VegaDNS & NicTool)Yes [Note 11] NoNo
dbndns YesYesYesYesYesNoNoYesPartialYescommand line and webYesNoNo
pdnsd PartialYesPartialPartialYesNo [27] PartialYesYesYescommand line, pdnsd-ctl programPartialNoNo
MaraDNS YesYesYesPartial [Note 12] YesNoNoPartialYesYescommand lineNoNoNo
Posadis YesYesYesYesYesNoNoYesYesYescommand line, APINoNoNo
Unbound PartialYesYesYesYesNoYesYesYescommand line, APIYesYesPartial
Dnsmasq Partial [Note 13] NoNoNoYesYes (since 2.69) [Note 14] NoYesYesYescommand linePartial [Note 15] No
NSD YesNoYesYesYesYesYesYescommand lineNoNo
Knot DNS YesNoYesYesYesYesYesYescommand lineYes [Note 16] Yes [Note 17]
Knot Resolver NoYesYesYesYesNo [Note 18] YesNoYescli / socketNo [Note 19] YesNo
YADIFA YesNoYesYesYesYesYesYescommand lineNoNoNo
Microsoft DNS YesYesYes [Note 20] YesYesYes [Note 21] Yes [Note 22] Yes [Note 23] YesNoGUI, command line, API [Note 24] , WMI [Note 25] , RPC [Note 26] Yes [Note 20] No
Simple DNS Plus YesYesYesYesYesYesYesYesYesNoGUI, Web, command lineYes [Note 27] YesNo
Secure64 DNS Authority YesNoNoYesNoYesYesYesYesNoCommand Line or Web GUIYesNo
Secure64 DNS Cache NoYesYesNoYesYesNoYesYesNoCommand Line or Web GUIYesNo
Technitium DNS ServerYesYesYesYesYesYesYesYesYesYesWeb GUI or HTTP APIYesYesYes
ServerAuthoritativeRecursiveRecursion ACL Secondary modeCaching DNSSEC TSIG IPv6 WildcardFree SoftwareInterface split horizon DNS over HTTPS DNS over QUIC
  1. A BIND configuration module is available for Webmin in many Linux distributions.
  2. BIND does not support DoQ yet
  3. 1 2 IPv6 primary/secondary support in PowerDNS is incomplete in versions <3.0. Zone transfers in primary/secondary replication over IPv6 is supported since 3.0.
  4. Full DNSSEC support in PowerDNS arrived in version 3.0. In lower versions, it is currently restricted to being able to serve DNSSEC-related RRs.
  5. Powerdns.com suggested enhancements at
  6. Use the geoip backend for a split-horizon configuration.
  7. PowerDNS does not support DoQ yet and may only support it in the separate package dnsdist.
  8. djbdns provides facilities to transfer zones; after completing the zone transfer, djbdns can act as an authoritative server for that zone. Consult the axfr-get documentation for further information.
  9. A patch for publishing authoritative DNSSEC-protected data is available at .
  10. djbdns supports wildcard DNS records, but not in a way that conforms with the RFCs.
  11. This is not the same as views in bind. But it is a solution with comparable capabilities. See: section of tinydns-data.
  12. MaraDNS cannot directly provide secondary support. Instead, a zone transfer is needed, after which MaraDNS will act as an authoritative server for that zone. See DNS Slave for further information.
  13. dnsmasq has limited authoritative support, intended for internal network use rather than public Internet use.[ citation needed ] A records are supported via /etc/hosts, and there is some MX, TXT and SRV record support via the command line.
  14. DNSSEC validation was added in Dnsmasq version 2.69 . Earlier versions could only pass through validation results from their own upstream nameservers.
  15. Dnsmasq can do basic split-horizon DNS based on the interface of the source request using the localise-queries configuration parameter.
  16. Knot DNS provides query source address based responses via its geoip and queryacl modules.
  17. Knot DNS Version 3.3.0
  18. As of v5.5.2 This just selects rule based on the key name, it doesn’t verify the key or signature yet.
  19. Setups like split-horizon which depend on isolated DNS caches are explicitly not supported. https://knot-resolver.readthedocs.io/en/v5.5.2/modules-view.html
  20. 1 2 In Windows Server technical Preview (2016), you can create DNS policies to control how a DNS Server handles DNS queries based on different parameters. This supports Recursion control, location aware responses, split-brain deployment, filters etc. configuration parameter.
  21. Windows Server 2008 R2 supports DNSSEC, however dynamic DNS is not supported for DNSSEC-signed zones. It is fully supported in Windows Server 2012. For earlier versions, including Windows Server 2003, DNSSEC functionality must be manually activated in the registry Archived 2008-03-25 at the Wayback Machine . In these versions, the DNSSEC support is sufficient to act as a slave/secondary server for a signed zone, but not sufficient to create a signed zone (lack of key generation and signing utilities).
  22. Microsoft DNS supports the GSS-TSIG algorithm for Secure Dynamic Update when integrated with Active Directory, using RFC 3645, an application of GSS-API RFC 2743.
  23. IPv6 functionality in the Microsoft DNS server is only available on Windows Server 2003 and newer.
  24. "Microsoft DNS Server API Reference". Msdn.microsoft.com. Retrieved 2011-10-26.
  25. "Microsoft DNS WMI Provider Specification". Msdn.microsoft.com. Retrieved 2011-10-26.
  26. MS-DNSP DNS Server Management Protocol Specification (uses RPCs)
  27. Simple DNS Plus does not have "views" in the same way as BIND, but has a "NAT IP Alias" feature which allows host records to resolve to different IP addresses depending on where the DNS request comes from.

Platforms

In this overview of operating system support for the discussed DNS server, the following terms indicate the level of support:

This compilation is not exhaustive, but rather reflects the most common platforms today.

Server BSD Solaris Linux Mac OS X Windows
BIND YesYesYesYesPartial [Note 1] [Note 2]
Microsoft DNS NoNoNoNoIncluded [Note 3]
djbdns YesYesYesYesNo
Dnsmasq YesYesYesYesNo
Simple DNS Plus NoNoNoNoYes
NSD YesYesYesYesNo
Knot DNS YesNoYesYesNo
Knot Resolver Yes?YesYes?
PowerDNS YesYes Yes Beta No
MaraDNS YesYes YesYesPartial
pdnsd YesPartial [28] YesYesNo
Posadis YesYesYesYesYes
Unbound YesYesYesYesYes
Cisco Network Registrar NoYesYesNoYes
YADIFA YesYesYesYesNo
Secure64 DNS Authority NoNoYesNoNo
Secure64 DNS Cache NoNoYesNoNo
Technitium DNS ServerNoNoYesYesYes
  1. BIND is available for Windows NT-based systems by ftp (including Windows 2000, XP, and Server 2003) in a port (in contrib directory) known as ntbind (from version 9.3.3 Windows builds are present).
  2. Support for compiling and running BIND 9 natively on Windows has been completely removed as of 9.18.0.
  3. The functionality available with the Microsoft DNS server varies depending on the version of the underlying operating system; such as most Windows Server components, it is upgraded only with the rest of the operating system. Certain functionality, such as DNSSEC and IPv6 support, is only available in the Windows Server 2000-2003 version. Windows 2000 Server includes TSIG support. The Microsoft DNS Server is not available on Windows client operating systems such as Windows XP.

Packaging

ServerCreatorCost (USD)Public source code Software license
BIND Internet Systems Consortium FreeYes BSD, MPL 2.0 for 9.11+
Microsoft DNS Microsoft Included with Windows Server No Clickwrap license
djbdns Daniel J. Bernstein FreeYes Public domain
Dnsmasq Simon KelleyFreeYes GPL
Simple DNS Plus JH Software$79 – $379No Clickwrap license
NSD NLnet LabsFreeYes BSD variant
Knot DNS CZ.NIC FreeYes GPL
Knot Resolver CZ.NIC FreeYes GPL
PowerDNS PowerDNS.COM BV / Bert HubertFreeYes GPL
MaraDNS Sam TrenholmeFreeYes BSD variant
pdnsd Thomas Moestl and Paul RomboutsFreeYes GPL
Posadis Meilof VeeningenFreeYes GPL
Unbound NLnet LabsFreeYes BSD
YADIFA EURidFreeYes BSD
Secure64 DNS Authority Secure64 Unpublished priceNo Clickwrap license
Secure64 DNS Cache Secure64 Unpublished priceNo Clickwrap license
Technitium DNS ServerTechnitiumFreeYes GPL

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

BIND is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named, performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software, and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for the first person to find a security hole in djbdns, which was awarded in March 2009 to Matthew Dempsky.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

<span class="mw-page-title-main">Root name server</span> Name server for the DNS root zone

A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in resolving human-readable host names into IP addresses that are used in communication between Internet hosts.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.

<span class="mw-page-title-main">DNS zone</span> Part of the Internets Domain Name System (DNS) organization system

A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which a specific organization or administrator manages. A DNS zone is an administrative space allowing more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into different zones, distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another; however, a DNS zone can contain multiple subdomains, and multiple zones can exist on the same server.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

dnsmasq Lightweight DNS and DHCP server software

dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks.

DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are:

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

MaraDNS is an open-source Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

Google Public DNS is a Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server. Google Public DNS was announced on December 3, 2009, in an effort described as "making the web faster and more secure." As of 2018, it is the largest public DNS service in the world, handling over a trillion queries per day. Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

Cisco Prime Network Registrar (CNR) is a Cisco software product that includes components for Domain Name System (DNS) services, Dynamic Host Configuration Protocol services, Trivial File Transfer Protocol (TFTP) services, and Simple Network Management Protocol functions. CNR provides a regional and local management structure and is supported on server hardware and software based on 32-bit and 64-bit architectures. This product is now called Cisco Prime Network Registrar.

DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.

References

  1. 1 2 Moore, Don (2004). "DNS server survey" . Retrieved 2005-01-06.
  2. "ISC Concludes BIND 10 Development with Release 1.2". 17 April 2014.
  3. "Customizing DNS Service".
  4. Claburn, Thomas (2019-01-24). "CoreDNS is all grown up now and ready to roll: Kubernetes network toolkit graduates at last". The Register. Retrieved 2020-01-20.
  5. "The djbdns prize claimed". Archived from the original on 2009-03-05. Retrieved 2009-03-04.
  6. "gdnsd". gdnsd.org. Retrieved 2022-09-23.
  7. "DNS - Wikitech". wikitech.wikimedia.org. Retrieved 2022-09-23.
  8. "Knot Resolver". Knot Resolver. Retrieved 11 January 2024.
  9. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. ISBN   978-0-9544529-9-5.
  10. Danchev, Dancho. "How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability". ZDNet. Archived from the original on July 29, 2008. Retrieved 2009-10-10.
  11. "MaraDNS - A security-aware DNS server". MaraDNS. Retrieved 2010-12-15.
  12. "Developer tools, technical documentation and coding examples". Microsoft .
  13. "DNSCMD Syntax: Domain Name System(DNS)". 3 September 2012.
  14. "Domain Name System (DNS) Server Cmdlets". Archived from the original on 2015-05-18. Retrieved 2015-05-08.
  15. "DNSSEC in Windows Server 2012". 31 August 2016.
  16. "What's New in DNS Server in Windows Server 2016". 20 October 2021.
  17. "The pdnsd Homepage". Phys.uu.nl. Retrieved 2011-10-26.
  18. "Technitium DNS Server".
  19. "DNS Server (and Related) Software for Unix".
  20. "Source Code". GitHub .
  21. "GPLv3 License". GitHub .
  22. "DNS Privacy Implementation Status".
  23. "5 Top Self-Hosted Opensource DNS Servers Like Pi-Hole". 8 April 2023.
  24. "Configuring DNS Server For Privacy & Security".
  25. "Technitium DNS Server API Documentation". GitHub .
  26. "About YADIFA" . Retrieved 2013-04-11.
  27. "pdns NEWS". Archived from the original on 2013-06-25. Retrieved 2013-03-29. "no support for the DNSSEC protocol itself yet in pdnsd"
  28. "pdnsd homepage" . Retrieved 2013-03-29. "pdnsd was started on Linux, and has since been ported to FreeBSD (and Cygwin and Darwin). 90% of the source code should be easily portable to POSIX- and BSD-compatible systems, provided that those systems support the POSIX threads (pthreads). The rest might need OS-specific rewrites."