NEW CGI Directory

Home Press Releases New Open Source DNS Server Rel ...

Press Releases by

New Open Source DNS Server Released Today

May 20, 2008; 09:36 AM

Amsterdam, The Netherlands, Oxford, UK and Mountain View, CA – May 20, 2008 – Unbound – a new open source alternative to the BIND domain name system (DNS) server– makes its worldwide debut today with the public release of Unbound 1.0 at

Released to open source developers by NLnet Labs, VeriSign, Inc. (NASDAQ: VRSN), Nominet, and Kirei, Unbound is a validating, recursive, and caching DNS server designed as a high-performance alternative for BIND (Berkeley Internet Name Domain). Unbound will be supported by NLnet Labs.

An essential component of the Internet, the DNS ties domain names (such as to the IP addresses and other information that Web browsers need to access and interact with specific sites. Though it is unknown to the vast majority of Web users, DNS is at the heart of a range of Internet-based services beyond Web browsing, including email, messaging and Voice Over Internet Protocol (VOIP) telecommunications.

Although BIND has been the de facto choice for DNS servers since the 1980s, a desire to seek an alternative server that excels in security, performance and ease of use prompted an effort to develop an open source DNS implementation. Unbound is the result of that effort. Mostly deployed by ISPs and enterprise users, Unbound will also be available for embedding in customer devices, such as dedicated DNS appliances and ADSL modems.

By making Unbound code available to open source developers, its originators hope to enable rapid development of features that have not traditionally been associated with DNS. One is an implementation of DNSSEC, a security enhancement that Unbound adds to the DNS protocol and that is essential to help protect DNS transactions. The only open source DNS implementations that support the DNSSEC standard are Unbound and BIND.

"We have released the software under the BSD license that allows use in other products without any major restrictions,” said Olaf Kolkman, director of NLnet Labs, a not-for-profit research and development foundation in the Netherlands. “We hope that making our software freely available will aid the deployment of DNSSEC, which fits straight into NLnet Labs charter.”

"Although simplicity and performance have always been primary goals for Unbound, we have placed extra attention on security features, particularly since DNSSEC is not yet deployed widely,” said Wouter Wijngaards, lead Unbound developer at NLnet Labs. “Unbound provides defenses against forgery while suffering minimal degradation in performance. In addition, we have worked hard to produce well documented, readable and elegant code. With that we try to make the barrier for security audit and code review as low as possible."

Four Years in the Making
Unbound was architected in January of 2004 by Jakob Schlyter of Kirei and Roy Arends of Nominet. VeriSign and EP.Net funded development of the prototype, which was built by David Blacka and Matt Larson of VeriSign. Late in 2006, NLnet Labs joined the effort, writing an implementation in C based on the existing prototype and using experience NLnet Labs gained during the development of NSD, a DNS server targeted at information publishers.

"The prototype of Unbound demonstrated that we had made good architectural decisions and that the complex security algorithms worked. The Java implementation, however, would never be able to meet the performance characteristics that real-world use would demand," said David Blacka, senior research engineer at VeriSign.

Roy Arends, Senior Researcher at Nominet UK, said the Unbound prototype served “to swiftly test new interoperability of DNS protocol extensions. The original modular design has proved to work well and kept the overall design straightforward and clean. The Java prototype was used for several new DNS protocol features in use today.”

"The prototype was too promising to shelve. We were happy NLnet Labs could commit to the development of the C version of Unbound,” said Matt Larson, director of DNS Research at VeriSign. “NLnet Labs has the appropriate expertise and are committed to continue support for Unbound.”

"Nominet is pleased that the C version of unbound is built with the same dedication and by the same team that brought us NSD,” added Nominet’s Arends.

Fastest caching server we tested’
During its development phase, Unbound was tested extensively at NLnet Labs. Meanwhile, a number of volunteers have deployed development releases in their labs and production networks.

"We are very impressed with Unbound,” said Jan-Piet Mens, author of the forthcoming book, "Alternative DNS Servers.” “It is great code, very versatile, and it is the fastest caching server we tested."

NLnet Labs offers support for Unbound through a bug-tracking system and user mailing lists. "We realize that people will run this code in critical environments, and NLnet Labs is committed to actively supporting Unbound,” added NLnet Lab’s Kolkman. “Should we ever cease to support Unbound, we will announce this at least two years in advance".

Unbound runs on posix-based operating systems such as Linux, MacOS X, FreeBSD, and Solaris. The code, its documentation, and additional information are all freely available for download at

About NLnet Labs
NLnet Labs (, founded in 1999 by the NLnet Foundation, is a research and development foundation that focuses on those developments in Internet technology where bridges between theory and practical deployment need to be build; areas where development, engineering, and standardization takes place. NLnet Labs strives to play an active and relevant role in these areas through the development of open source software, through participating in development of open standards, and through the dissemination of knowledge. Within that context NLnet Labs has become a recognized expertise centre in the area of DNS and DNSSEC. NLnet Labs' DNS software has found its way to important components of the Internet infrastructure and we contribute actively in multiple facets of the standards development process. A subsidy from the NLnet Foundation ( is the main source of income for NLnet Labs.

About VeriSign
VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at

About Nominet
Nominet UK operates at the heart of e-commerce in the UK, running one of the world’s largest Internet registries and managing over six million domain names. With highly respected industry credentials it is entrusted with the safe, stable and secure management of the .uk Internet name space. Nominet runs the technology which locates a computer on the Internet hosting the web site or email system you are looking for when you type in a web address or send an email that ends in .uk.

Nominet is a not-for-profit company with members instead of shareholders and is recognized as the .uk domain name registry by the Internet industry and the UK Government. It is not a governing or regulatory body, but provides a public service for the .uk namespace on behalf of the UK Internet community.

About Kirei
Kirei AB (, founded in 2005 by Jakob Schlyter and Fredrik Ljunggren, is a consultancy company with its main focus on information security management and network architectures. The Kirei founders has been working with DNS and DNS Security within the IETF community since 1999 and has played an active role in the DNSSEC standardization process as well in the deployment of DNSSEC in several top level domains.

VeriSign Media Relations: Rufus Manning, [email protected], +1.703.948.4126
VeriSign Investor Relations: Nancy Fazioli, [email protected], +1.650.426.5416

NLnet Labs: [email protected], +31 20 888 4551

For Nominet: Gemma Griffiths, [email protected], Racepoint Group UK, +44 020 8752 3200

Kirei: [email protected]




Related Resources

Other Resources