A group of experts has released an open source alternative to the BIND DNS server software that boasts higher performance and better security.
The new DNS server -- dubbed Unbound 1.0 -- is available here.
Unbound is a recursive DNS server, which is used by ISPs and enterprises to support DNS look-ups by users. DNS is the feature of the Internet that matches domain names with IP addresses, and it is used for Web browsing, e-mail and Internet-based telephony.
Unbound was released Tuesday to open source developers by NLnet Labs, VeriSign, Nominet and Kirei. NLnet Labs, a nonprofit research firm based in The Netherlands, will provide ongoing support for the software.
From its first prototype in 2004, Unbound was designed to be a faster, more secure replacement for BIND. Unbound supports DNS security extensions (DNSSEC), which authenticate DNS lookups but are not yet widely deployed because they rely on a public key infrastructure.
"One of the main advantages is that it's high performing. We designed it from the beginning to be fast," says Matt Larson, director of DNS research with VeriSign. "We also designed it from the beginning to support DNSSEC. Other DNS servers had to bolt that on, but we were able to start fresh."
VeriSign has tested Unbound but isn't using it in production mode.
VeriSign runs the authoritative DNS servers for .com and .net, which are the servers that respond to queries from recursive DNS servers like Unbound. VeriSign uses homegrown software it calls ATLAS for its authoritative DNS servers.
VeriSign said that by offering Unbound to the open source community, it is trying to give back to the Internet community.
"Our goal [with Unbound] is to have an active community. We want to get to the point where the community is looking at it, monitoring it and adding patches," Larson says. "This is just another example of VeriSign's innovation. We're always moving forward."
Developed in the early 1980s, BIND (Berkeley Internet Name Domain) is the most popular DNS server software on the Internet. However, BIND has suffered from serious security flaws, even in its current release, BIND 9.
BIND alternatives already exist, including DNS server software from Microsoft and Cisco and appliances from Infoblox, InfoWeapons and others. Another option is free DNS services from OpenDNS and NeuStar.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (7)
Security? Source is not e-signed!!!By Anonymous on May 21, 2008, 10:16 amIf the goal of the project is better security by design, why the source tarballs are not e-signed? What kind of security is providing of anonymous code? Just...
Reply | Read entire comment
WTF is esigned ?? By Anonymous on May 21, 2008, 11:48 amIf you are going to complain about something .. dont make things up. e-signed sounds like some marketing trademarked buzzword ..
Reply | Read entire comment
djbdnsBy Anonymous on May 21, 2008, 2:23 pmNo mention is made of djbdns...
Reply | Read entire comment
AppliancesBy Anonymous on May 21, 2008, 3:15 pmMost appliances are based on BIND, including the Infoblox solution.
Reply | Read entire comment
djbdns is great, but not free enoughBy Anonymous on May 21, 2008, 4:02 pmI am a big fan of Dan Bernstein and a long time user of his software, but djbdns has specific restrictions that make community development problematic. Anyway, more...
Reply | Read entire comment
I've had good luck with SimpleDNS.com on Windows ServerBy Anonymous on May 21, 2008, 5:00 pmI've had good luck with SimpleDNS.com on Windows Server. I don't have tons of traffic, but I do have a few hundred domains in my two Internet nameservers. The...
Reply | Read entire comment
View all comments