Unbound (DNS server)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Developer(s)NLnet Labs
Initial releaseFebruary 19, 2007; 14 years ago (2007-02-19)
Stable release
1.13.1 / February 9, 2021; 9 months ago (2021-02-09)[1]
Written inC
Operating systemUnix-like, Windows
TypeDNS server
LicenseBSD license
Websiteunbound.net Edit this on Wikidata

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.


  • Caching resolver with prefetching of popular items before they expire
  • DNS over TLS forwarding and server, with domain-validation[2]
  • DNS over HTTPS[3][4]
  • Query Name Minimization[5]
  • Aggressive Use of DNSSEC-Validated Cache[6]
  • Authority zones, for a local copy of the root zone[7]
  • DNS64
  • DNSCrypt[8]
  • DNSSEC validating
  • EDNS Client Subnet


Originally designed by Jakob Schlyter of Kirei and Roy Arends of Nominet in 2004, funding was provided by VeriSign and ep.net to develop a prototype written in Java (David Blacka and Matt Larson, VeriSign). In 2006, the prototype was re-written for high-performance in the C programming language by NLnet Labs. [9]

Unbound is designed as a set of modular components that incorporate modern features, such as enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver application programming interface library as an integral part of the architecture. Originally written for POSIX-compatible Unix-like operating system, it runs on FreeBSD, OpenBSD, NetBSD, OS X, and Linux, as well as Microsoft Windows.


Unbound has supplanted the Berkeley Internet Name Daemon (BIND) as the default, base-system name server in FreeBSD and OpenBSD, where it is perceived as smaller, more modern, and more secure for most applications.[10][11]

See also[edit]


  1. ^ Wijngaards, Wouter (9 February 2021). "Unbound 1.13.1 released". unbound-users (Mailing list). Retrieved 13 February 2021.
  2. ^ "Actually secure DNS over TLS in Unbound". Ctrl blog. 2018-06-07. Retrieved 2018-06-11.
  3. ^ Wijngaards, Wouter. "Unbound 1.12.0 released". NLnet Labs. Retrieved 26 October 2020.
  4. ^ Dolmans, Ralph. "DNS-over-HTTPS in Unbound". The NLnet Labs Blog. Retrieved 26 October 2020.
  5. ^ Wijngaards, Wouter. "Unbound 1.5.7 release". unbound-users (Mailing List). Retrieved 26 October 2020.
  6. ^ Wijngaards, Wouter. "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
  7. ^ Wijngaards, Wouter. "Unbound 1.7.0 Release". unbound-users (Mailing List). Retrieved 26 October 2020.
  8. ^ "Adding DNSCrypt to Unbound". ProToxin. 2017-04-14. Retrieved 2018-06-11.
  9. ^ Eric Brown. "Open source DNS server takes on BIND". Retrieved 2020-03-21.
  10. ^ "Heads Up: BIND Disabled in Base". OpenBSD Journal. August 23, 2014. Retrieved June 10, 2015.
  11. ^ Dag-Erling Smørgrav (September 24, 2014). "DNS in FreeBSD 10". Dag-Erling Smørgrav's blog. Retrieved June 10, 2015.

External links[edit]