A group of experts has released an open source alternative to the BIND DNS server software that boasts higher performance and better security.
The new DNS server - dubbed Unbound 1.0 - is available here.
Unbound is a recursive DNS server, which is used by ISPs and enterprises to support DNS look-ups by users. DNS is the feature of the Internet that matches domain names with IP addresses, and it is used for web browsing, email and Internet-based telephony.
Unbound was released Tuesday to open source developers by NLnet Labs, VeriSign, Nominet and Kirei. NLnet Labs, a non-profit research firm based in The Netherlands, will provide ongoing support for the software.
From its first prototype in 2004, Unbound was designed to be a faster, more secure replacement for BIND. Unbound supports DNS security extensions (DNSSEC), which authenticate DNS lookups but are not yet widely deployed because they rely on a public key infrastructure.
"One of the main advantages is that it's high performing. We designed it from the beginning to be fast," says Matt Larson, director of DNS research with VeriSign. "We also designed it from the beginning to support DNSSEC. Other DNS servers had to bolt that on, but we were able to start fresh."
VeriSign has tested Unbound but isn't using it in production mode.
VeriSign runs the authoritative DNS servers for .com and .net, which are the servers that respond to queries from recursive DNS servers like Unbound. VeriSign uses homegrown software it calls ATLAS for its authoritative DNS servers.
VeriSign said that by offering Unbound to the open source community, it is trying to give back to the Internet community.
"Our goal [with Unbound] is to have an active community. We want to get to the point where the community is looking at it, monitoring it and adding patches," Larson says. "This is just another example of VeriSign's innovation. We're always moving forward."
Developed in the early 1980s, BIND (Berkeley Internet Name Domain) is the most popular DNS server software on the Internet. However, BIND has suffered from serious security flaws, even in its current release, BIND 9.
BIND alternatives already exist, including DNS server software from Microsoft and Cisco and appliances from Infoblox, InfoWeapons and others. Another option is free DNS services from OpenDNS and NeuStar.