Login
Login

Unbound (DNS server)

{{Short description|DNS resolver software}}

{{Infobox software

| name = Unbound

| logo = Unbound DNS resolver logo.svg

| screenshot = Unbound 1.22.0 screenshot.webp

| caption = Screenshot of Unbound 1.22.0, showing version information, build configuration, and usage of unbound-host to check DNSSEC validation

| developer = NLnet Labs

| released = {{Start date and age|2007|02|19}}

| latest release version = {{wikidata|property|preferred|references|edit|P348|P548=Q2804309}} | latest release date = {{Start date and age|{{wikidata|qualifier|preferred|single|P348|P548=Q2804309|P577}}|df=yes}}

| latest preview version =

| latest preview date =

| repo = {{url | https://github.com/NLnetLabs/unbound | Unbound by NLnetLabs on GitHub}}

| programming language = C

| operating system = Unix-like, Windows

| genre = DNS server

| license = BSD license

}}

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

Features

  • Caching resolver with prefetching of popular items before they expire
  • DNS over TLS forwarding and server, with domain-validation{{cite web|title=Actually secure DNS over TLS in Unbound|date=2018-06-07|access-date=2018-06-11|url=https://www.ctrl.blog/entry/unbound-tls-forwarding|website=Ctrl blog}}
  • DNS over HTTPS{{cite web |last1=Wijngaards |first1=Wouter| title=Unbound 1.12.0 released |url=https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/ |website=NLnet Labs |date=8 October 2020 |access-date=26 October 2020 }}{{cite web |last1=Dolmans |first1=Ralph |title=DNS-over-HTTPS in Unbound |url=https://blog.nlnetlabs.nl/dns-over-https-in-unbound/ |website=The NLnet Labs Blog |date=9 October 2020 |access-date=26 October 2020 }}
  • DNS over QUIC{{Cite web |title=Unbound 1.22.0 released |url=https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-released/ |date=2024-12-20 |url-status=live |archive-url=https://web.archive.org/web/20241221212107/https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-released/ |archive-date=2024-12-21 |access-date=2024-12-21 |website=NLnet Labs |orig-date=Thu, 17 October 2024 |language=en}}
  • Query Name Minimization{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.5.7 release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2015-December/004135.html |website=unbound-users (Mailing List) |date=10 December 2015 |access-date=26 October 2020 }}
  • Aggressive Use of DNSSEC-Validated Cache{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.7.0 Release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005106.html |website=unbound-users (Mailing List) |date=15 March 2018 |access-date=26 October 2020 }}
  • Authority zones, for a local copy of the root zone{{cite web |last1=Wijngaards |first1=Wouter |title=Unbound 1.7.0 Release |url=https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005106.html |website=unbound-users (Mailing List) |date=15 March 2018 |access-date=26 October 2020 }}
  • DNS64
  • DNSCrypt{{cite web|title=unbound.conf(5) - Unbound 1.19.0 Documentation|url=https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#dnscrypt-options|website=NLnet Labs|date=8 November 2023|access-date=2 February 2024}}
  • DNSSEC validating
  • EDNS Client Subnet

History

Originally designed by Jakob Schlyter of Kirei and Roy Arends of Nominet in 2004, funding was provided by VeriSign and ep.net to develop a prototype written in Java (David Blacka and Matt Larson, VeriSign). In 2006, the prototype was re-written for high-performance in the C programming language by NLnet Labs.{{cite web |url=https://linuxdevices.org/open-source-dns-server-takes-on-bind/|title=Open source DNS server takes on BIND|author1=Eric Brown|access-date=2020-03-21}}

Unbound is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver application programming interface library as an integral part of the architecture. Originally written for POSIX-compatible Unix-like operating system, it runs on FreeBSD, OpenBSD, NetBSD, macOS, and Linux, as well as Microsoft Windows.

Reception

Unbound has supplanted the Berkeley Internet Name Daemon (BIND) as the default, base-system name server in FreeBSD and OpenBSD, where it is perceived as smaller, more modern, and more secure for most applications.{{cite web|url=http://undeadly.org/cgi?action=article&sid=20140823064850|title=Heads Up: BIND Disabled in Base|website=OpenBSD Journal|date=August 23, 2014| access-date=June 10, 2015}}{{cite web|url=http://blog.des.no/2013/09/dns-in-freebsd-10/|title=DNS in FreeBSD 10|date=September 24, 2014 |author=Dag-Erling Smørgrav|website=Dag-Erling Smørgrav's blog|access-date=June 10, 2015}}

See also

References

{{reflist}}

External links

  • {{Official website}}
  • [https://codeopolis.com/docker-unbound Running Unbound in a Docker Container]
  • [https://calomel.org/unbound_dns.html Unbound DNS Tutorial with examples and explanations]

Category:DNS software

Category:Free network-related software

Category:Free software programmed in C

Category:DNS server software for Linux

Category:Software using the BSD license