Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.
Developer(s) | NLnet Labs |
---|---|
Initial release | February 19, 2007 |
Stable release | 1.22.0[1]
/ 17 October 2024 |
Repository | Unbound by NLnetLabs on GitHub |
Written in | C |
Operating system | Unix-like, Windows |
Type | DNS server |
License | BSD license |
Website | unbound |
Features
edit- Caching resolver with prefetching of popular items before they expire
- DNS over TLS forwarding and server, with domain-validation[2]
- DNS over HTTPS[3][4]
- DNS over QUIC[5]
- Query Name Minimization[6]
- Aggressive Use of DNSSEC-Validated Cache[7]
- Authority zones, for a local copy of the root zone[8]
- DNS64
- DNSCrypt[9]
- DNSSEC validating
- EDNS Client Subnet
History
editOriginally designed by Jakob Schlyter of Kirei and Roy Arends of Nominet in 2004, funding was provided by VeriSign and ep.net to develop a prototype written in Java (David Blacka and Matt Larson, VeriSign). In 2006, the prototype was re-written for high-performance in the C programming language by NLnet Labs.[10]
Unbound is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver application programming interface library as an integral part of the architecture. Originally written for POSIX-compatible Unix-like operating system, it runs on FreeBSD, OpenBSD, NetBSD, macOS, and Linux, as well as Microsoft Windows.
Reception
editUnbound has supplanted the Berkeley Internet Name Daemon (BIND) as the default, base-system name server in FreeBSD and OpenBSD, where it is perceived as smaller, more modern, and more secure for most applications.[11][12]
See also
edit- NSD, an authoritative name server, also from NLnet Labs
- Comparison of DNS server software
References
edit- ^ "Release Unbound 1.22.0 · NLnetLabs/unbound". Retrieved 20 October 2024.
- ^ "Actually secure DNS over TLS in Unbound". Ctrl blog. 2018-06-07. Retrieved 2018-06-11.
- ^ Wijngaards, Wouter (8 October 2020). "Unbound 1.12.0 released". NLnet Labs. Retrieved 26 October 2020.
- ^ Dolmans, Ralph (9 October 2020). "DNS-over-HTTPS in Unbound". The NLnet Labs Blog. Retrieved 26 October 2020.
- ^ "Unbound 1.22.0 released". NLnet Labs. 2024-12-20 [Thu, 17 October 2024]. Archived from the original on 2024-12-21. Retrieved 2024-12-21.
- ^ Wijngaards, Wouter (10 December 2015). "Unbound 1.5.7 release". unbound-users (Mailing List). Retrieved 26 October 2020.
- ^ Wijngaards, Wouter (15 March 2018). "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
- ^ Wijngaards, Wouter (15 March 2018). "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
- ^ "unbound.conf(5) - Unbound 1.19.0 Documentation". NLnet Labs. 8 November 2023. Retrieved 2 February 2024.
- ^ Eric Brown. "Open source DNS server takes on BIND". Retrieved 2020-03-21.
- ^ "Heads Up: BIND Disabled in Base". OpenBSD Journal. August 23, 2014. Retrieved June 10, 2015.
- ^ Dag-Erling Smørgrav (September 24, 2014). "DNS in FreeBSD 10". Dag-Erling Smørgrav's blog. Retrieved June 10, 2015.