Unbound (DNS server): Difference between revisions

Line 1: Line 1:

{{Infobox software

| name = Unbound

Line 17: Line 17:

}}

”’Unbound”’ is a validating, recursive, and caching [[Resolver (DNS)|DNS resolver]] product from [[NLnet Labs]]. It is distributed free of charge in [[open-source software|open-source]] form under the [[Modified BSD License]].

==Features==

* Caching resolver with prefetching of popular items before they expire

* [[DNS over TLS]] forwarding and server, with domain-validation<ref>{{cite web|title=Actually secure DNS over TLS in Unbound|date=2018-06-07|access-date=2018-06-11|url=https://www.ctrl.blog/entry/unbound-tls-forwarding|website=Ctrl blog}}</ref>

* [[DNS over HTTPS]]<ref>{{cite web |last1=Wijngaards |first1=Wouter| title=Unbound 1.12.0 released |url=https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/ |website=NLnet Labs |date=8 October 2020 |access-date=26 October 2020 }}</ref><ref>{{cite web |last1=Dolmans |first1=Ralph |title=DNS-over-HTTPS in Unbound |url=https://blog.nlnetlabs.nl/dns-over-https-in-unbound/ |website=The NLnet Labs Blog |date=9 October 2020 |access-date=26 October 2020 }}</ref>

* [[Domain_Name_System#DNS over QUIC (DoQ)|DNS over QUIC]]<ref>{{Cite web |title=Unbound 1.22.0 released |url=https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-released/ |date=2024-12-20 |url-status=live |archive-url=https://web.archive.org/web/20241221212107/https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-released/ |archive-date=2024-12-21 |access-date=2024-12-21 |website=NLnet Labs |orig-date=Thu, 17 October 2024 |language=en}}</ref>

* Query ~~Name~~ ~~Minimization~~<ref>{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.5.7 release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2015-December/004135.html |website=unbound-users (Mailing List) |date=10 December 2015 |access-date=26 October 2020 }}</ref>

* Query <ref>{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.5.7 release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2015-December/004135.html |website=unbound-users (Mailing List) |date=10 December 2015 |access-date=26 October 2020 }}</ref>

* Aggressive ~~Use~~ of DNSSEC-Validated Cache<ref>{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.7.0 Release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005106.html |website=unbound-users (Mailing List) |date=15 March 2018 |access-date=26 October 2020 }}</ref>

* Aggressive of DNSSEC-Validated Cache<ref>{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.7.0 Release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005106.html |website=unbound-users (Mailing List) |date=15 March 2018 |access-date=26 October 2020 }}</ref>

* Authority zones, for a local copy of the root zone<ref>{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.7.0 Release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005106.html |website=unbound-users (Mailing List) |date=15 March 2018 |access-date=26 October 2020 }}</ref>

* [[IPv6 transition mechanism#DNS64|DNS64]]

* [[DNSCrypt]]<ref>{{cite web|title=unbound.conf(5) – Unbound 1.19.0 Documentation|url=https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#dnscrypt-options|website=NLnet Labs|date=8 November 2023|access-date=2 February 2024}}</ref>

* [[Domain Name System Security Extensions~~|DNSSEC~~]] validating

* [[Domain Name System Security Extensions]] validating

* EDNS ~~Client~~ ~~Subnet~~

* EDNS

==History==

Domain Name System software

Unbound is a validating, recursive, and caching DNS resolver software product from NLnet Labs. It is distributed free of charge in open-source form under the Modified BSD License.

Originally designed by Jakob Schlyter of Kirei and Roy Arends of Nominet in 2004, funding was provided by VeriSign and ep.net to develop a prototype written in Java (David Blacka and Matt Larson, VeriSign). In 2006, the prototype was re-written for high-performance in the C programming language by NLnet Labs.^[10]

Unbound is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver application programming interface library as an integral part of the architecture. Originally written for POSIX-compatible Unix-like operating system, it runs on FreeBSD, OpenBSD, NetBSD, macOS, and Linux, as well as Microsoft Windows.

Unbound has supplanted the Berkeley Internet Name Daemon (BIND) as the default, base-system name server in FreeBSD and OpenBSD, where it is perceived as smaller, more modern, and more secure for most applications.^[11]^[12]

^ NLnetLabs. “Release Unbound 1.24.2 · NLnetLabs/unbound”. Retrieved 27 November 2025.
^ “Actually secure DNS over TLS in Unbound”. Ctrl blog. 2018-06-07. Retrieved 2018-06-11.
^ Wijngaards, Wouter (8 October 2020). “Unbound 1.12.0 released”. NLnet Labs. Retrieved 26 October 2020.
^ Dolmans, Ralph (9 October 2020). “DNS-over-HTTPS in Unbound”. The NLnet Labs Blog. Retrieved 26 October 2020.
^ “Unbound 1.22.0 released”. NLnet Labs. 2024-12-20 [Thu, 17 October 2024]. Archived from the original on 2024-12-21. Retrieved 2024-12-21.
^ Wijngaards, Wouter (10 December 2015). “Unbound 1.5.7 release”. unbound-users (Mailing List). Retrieved 26 October 2020.
^ Wijngaards, Wouter (15 March 2018). “Unbound 1.7.0 Release”. unbound-users (Mailing List). Retrieved 26 October 2020.
^ Wijngaards, Wouter (15 March 2018). “Unbound 1.7.0 Release”. unbound-users (Mailing List). Retrieved 26 October 2020.
^ “unbound.conf(5) – Unbound 1.19.0 Documentation”. NLnet Labs. 8 November 2023. Retrieved 2 February 2024.
^ Eric Brown. “Open source DNS server takes on BIND”. Retrieved 2020-03-21.
^ “Heads Up: BIND Disabled in Base”. OpenBSD Journal. August 23, 2014. Retrieved June 10, 2015.
^ Dag-Erling Smørgrav (September 24, 2014). “DNS in FreeBSD 10”. Dag-Erling Smørgrav’s blog. Retrieved June 10, 2015.

Must Read

Leave a Comment Cancel Reply

Leave a Comment