Convert Figma logo to code with AI

NLnetLabs logounbound

Unbound is a validating, recursive, and caching DNS resolver.

3,013
346
3,013
303
View on GitHub

Top Related Projects

PowerDNS's avatar

pdns

3,614

PowerDNS Authoritative, PowerDNS Recursor, dnsdist

coredns's avatar

coredns

12,196

CoreDNS is a DNS server that chains plugins

DNSCrypt's avatar

dnscrypt-proxy

11,288

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Quick Overview

Unbound is a validating, recursive, and caching DNS resolver. It is designed to be fast and lean, and offers modern features such as DNS Security Extensions (DNSSEC) validation, DNS over TLS, and DNS over HTTPS. Unbound is suitable for use in both small networks and large-scale deployments.

Pros

  • High performance and low memory footprint
  • Strong security features, including DNSSEC validation
  • Flexible configuration options for various use cases
  • Active development and community support

Cons

  • Steeper learning curve compared to some other DNS resolvers
  • Configuration can be complex for advanced setups
  • Limited built-in monitoring and reporting capabilities
  • May require additional tools for comprehensive DNS management

Code Examples

As Unbound is a DNS resolver and not a code library, there are no code examples to provide. However, here are some configuration examples:

# Basic configuration
server:
    verbosity: 1
    interface: 0.0.0.0
    port: 53
    do-ip4: yes
    do-ip6: yes
    do-udp: yes
    do-tcp: yes
    access-control: 0.0.0.0/0 allow

This configuration sets up a basic Unbound server listening on all interfaces.

# DNSSEC validation
server:
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    val-clean-additional: yes

This snippet enables DNSSEC validation using a trust anchor file.

# DNS over TLS
server:
    tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
    tls-upstream: yes
forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 1.1.1.1@853#cloudflare-dns.com
    forward-addr: 1.0.0.1@853#cloudflare-dns.com

This configuration sets up DNS over TLS using Cloudflare's DNS servers.

Getting Started

To get started with Unbound:

  1. Install Unbound on your system (e.g., apt install unbound on Ubuntu)
  2. Create a basic configuration file at /etc/unbound/unbound.conf
  3. Start the Unbound service: systemctl start unbound
  4. Test the resolver: dig @127.0.0.1 example.com

For more advanced configurations, refer to the Unbound documentation and examples provided in the GitHub repository.

Competitor Comparisons

PowerDNS logo

pdns

3,614

PowerDNS Authoritative, PowerDNS Recursor, dnsdist

Pros of pdns

  • More versatile with support for multiple backend databases
  • Offers both authoritative and recursive DNS server functionality
  • Provides a web-based management interface for easier administration

Cons of pdns

  • Generally consumes more system resources than Unbound
  • Configuration can be more complex due to its extensive feature set
  • May have a steeper learning curve for newcomers

Code Comparison

pdns (C++):

void PacketCache::insert(DNSPacket *q, DNSPacket *r, unsigned int maxttl)
{
  if(d_ttl < 0)
    return;
  
  uint32_t ourttl = std::min((uint32_t)d_ttl, maxttl);

Unbound (C):

int cache_insert(struct module_env* env, struct query_info* qinfo,
        struct reply_info* rep, int is_referral, time_t ttl)
{
    struct lruhash_entry* e;
    size_t size;

Both projects use different programming languages and have distinct code structures. pdns uses C++ with object-oriented design, while Unbound is written in C with a more procedural approach. The code snippets show similar functionality (cache insertion) but with different implementations tailored to their respective architectures.

coredns logo

coredns

12,196

CoreDNS is a DNS server that chains plugins

Pros of CoreDNS

  • More flexible and extensible plugin architecture
  • Better suited for cloud-native environments and Kubernetes integration
  • Supports multiple backends and protocols beyond just DNS

Cons of CoreDNS

  • May have higher resource usage for simple DNS resolution tasks
  • Less focused on security features compared to Unbound
  • Potentially more complex configuration for basic use cases

Code Comparison

Unbound configuration example:

server:
    verbosity: 1
    interface: 0.0.0.0
    port: 53
    do-ip4: yes
    do-udp: yes
    do-tcp: yes

forward-zone:
    name: "."
    forward-addr: 8.8.8.8

CoreDNS configuration example:

.:53 {
    forward . 8.8.8.8
    cache 30
    log
    errors
}

Both configurations set up a basic DNS forwarder, but CoreDNS uses a more concise syntax with its plugin-based approach. Unbound's configuration is more verbose but offers fine-grained control over server settings. CoreDNS's modular design allows for easy extension with additional plugins, while Unbound focuses on providing a robust, security-oriented DNS resolver out of the box.

DNSCrypt logo

dnscrypt-proxy

11,288

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

Pros of dnscrypt-proxy

  • Focuses on DNS encryption and privacy, offering strong protection against eavesdropping and DNS spoofing
  • Supports multiple DNS protocols, including DNSCrypt, DNS-over-HTTPS, and DNS-over-TLS
  • Lightweight and easy to set up, with a single executable file

Cons of dnscrypt-proxy

  • Limited DNS caching capabilities compared to Unbound
  • Does not perform DNSSEC validation natively, relying on upstream servers for this feature
  • May have slightly higher latency due to encryption overhead

Code Comparison

dnscrypt-proxy (Go):

func (proxy *Proxy) exchangeWithCache(serverInfo *ServerInfo, encryptedQuery []byte, clientNonce []byte) ([]byte, error) {
    // Implementation details
}

Unbound (C):

int unbound_resolve(struct ub_ctx* ctx, const char* name, int rrtype, int rrclass, void* mydata, unbound_callback_type callback, int* async_id) {
    // Implementation details
}

The code snippets show different approaches: dnscrypt-proxy focuses on encrypted exchanges, while Unbound emphasizes general DNS resolution with additional features like caching and DNSSEC validation.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Unbound

Github Build Status Packaging status Fuzzing Status Documentation Status Mastodon Follow

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to create an issue on Github or post a message on the Unbound mailing list. You can learn more about Unbound by reading our documentation.

Compiling

Make sure you have the C toolchain, OpenSSL and its include files, and libexpat installed. If building from the repository source you also need flex and bison installed. Unbound can be compiled and installed using:

./configure && make && make install

You can use libevent if you want. libevent is useful when using many (10000) outgoing ports. By default max 256 ports are opened at the same time and the builtin alternative is equally capable and a little faster.

Use the --with-libevent configure option to compile Unbound with libevent support.

Unbound configuration

All of Unbound's configuration options are described in the man pages, which will be installed and are available on the Unbound documentation page.

An example configuration file is located in doc/example.conf.