Unbound (DNS server)

Unbound

Screenshot of Unbound 1.22.0, showing version information, build configuration, and usage of unbound-host to check DNSSEC validation
Developer(s)	NLnet Labs
Initial release	February 19, 2007;17 years ago (2007-02-19)
Stable release	1.22.0 [1]   / 17 October 2024;3 months ago (17 October 2024)
Repository	Unbound by NLnetLabs on GitHub
Written in	C
Operating system	Unix-like, Windows
Type	DNS server
License	BSD license
Website	unbound.net

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

Features

• Caching resolver with prefetching of popular items before they expire
• DNS over TLS forwarding and server, with domain-validation ^[2]
• DNS over HTTPS ^{[3] [4]}
• DNS over QUIC ^[5]
• Query Name Minimization ^[6]
• Aggressive Use of DNSSEC-Validated Cache ^[7]
• Authority zones, for a local copy of the root zone ^[8]
• DNS64
• DNSCrypt ^[9]
• DNSSEC validating
• EDNS Client Subnet

History

Originally designed by Jakob Schlyter of Kirei and Roy Arends of Nominet in 2004, funding was provided by VeriSign and ep.net to develop a prototype written in Java (David Blacka and Matt Larson, VeriSign). In 2006, the prototype was re-written for high-performance in the C programming language by NLnet Labs. ^[10]

Unbound is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver application programming interface library as an integral part of the architecture. Originally written for POSIX-compatible Unix-like operating system, it runs on FreeBSD, OpenBSD, NetBSD, macOS, and Linux, as well as Microsoft Windows.

Reception

Unbound has supplanted the Berkeley Internet Name Daemon (BIND) as the default, base-system name server in FreeBSD and OpenBSD, where it is perceived as smaller, more modern, and more secure for most applications. ^{[11] [12]}

See also

• NSD, an authoritative name server, also from NLnet Labs
• Comparison of DNS server software

References

1. "Release Unbound 1.22.0 · NLnetLabs/unbound" . Retrieved 20 October 2024.
2. "Actually secure DNS over TLS in Unbound". Ctrl blog. 2018-06-07. Retrieved 2018-06-11.
3. Wijngaards, Wouter (8 October 2020). "Unbound 1.12.0 released". NLnet Labs. Retrieved 26 October 2020.
4. Dolmans, Ralph (9 October 2020). "DNS-over-HTTPS in Unbound". The NLnet Labs Blog. Retrieved 26 October 2020.
5. "Unbound 1.22.0 released". NLnet Labs. 2024-12-20 [Thu, 17 October 2024]. Archived from the original on 2024-12-21. Retrieved 2024-12-21.
6. Wijngaards, Wouter (10 December 2015). "Unbound 1.5.7 release". unbound-users (Mailing List). Retrieved 26 October 2020.
7. Wijngaards, Wouter (15 March 2018). "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
8. Wijngaards, Wouter (15 March 2018). "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
9. "unbound.conf(5) - Unbound 1.19.0 Documentation". NLnet Labs. 8 November 2023. Retrieved 2 February 2024.
10. Eric Brown. "Open source DNS server takes on BIND" . Retrieved 2020-03-21.
11. "Heads Up: BIND Disabled in Base". OpenBSD Journal. August 23, 2014. Retrieved June 10, 2015.
12. Dag-Erling Smørgrav (September 24, 2014). "DNS in FreeBSD 10". Dag-Erling Smørgrav's blog. Retrieved June 10, 2015.

External links

• Official website
• Running Unbound in a Docker Container
• Unbound DNS Tutorial with examples and explanations