News

New Open-source DNS Server Released

A group of experts has released an open source alternative to the BIND DNS server software that boasts higher performance and better security.

By Carolyn Duffy Marsan, Network World (US)

May 21, 2008

A group of experts has released an open source alternative to the BIND DNS server software that boasts higher performance and better security.

The new DNS server - dubbed Unbound 1.0 - is available here.

Unbound is a recursive DNS server, which is used by ISPs and enterprises to support DNS look-ups by users. DNS is the feature of the Internet that matches domain names with IP addresses, and it is used for Web browsing, e-mail and Internet-based telephony.

Unbound was released Tuesday to open source developers by NLnet Labs, VeriSign, Nominet and Kirei. NLnet Labs, a nonprofit research firm based in The Netherlands, will provide ongoing support for the software. From its first prototype in 2004, Unbound was designed to be a faster, more secure replacement for BIND. Unbound supports DNS security extensions (DNSSEC), which authenticate DNS lookups but are not yet widely deployed because they rely on a public key infrastructure.

"One of the main advantages is that it's high performing. We designed it from the beginning to be fast," says Matt Larson, director of DNS research with VeriSign. "We also designed it from the beginning to support DNSSEC. Other DNS servers had to bolt that on, but we were able to start fresh."

VeriSign has tested Unbound but isn't using it in production mode.

VeriSign runs the authoritative DNS servers for .com and .net, which are the servers that respond to queries from recursive DNS servers like Unbound. VeriSign uses homegrown software it calls ATLAS for its authoritative DNS servers.

VeriSign said that by offering Unbound to the open source community, it is trying to give back to the Internet community.

"Our goal [with Unbound] is to have an active community. We want to get to the point where the community is looking at it, monitoring it and adding patches," Larson says. "This is just another example of VeriSign's innovation. We're always moving forward."

Developed in the early 1980s, BIND (Berkeley Internet Name Domain) is the most popular DNS server software on the Internet. However, BIND has suffered from serious security flaws, even in its current release, BIND 9.

BIND alternatives already exist, including DNS server software from Microsoft and Cisco and appliances from Infoblox, InfoWeapons and others. Another option is free DNS services from OpenDNS and NeuStar.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Ponemon Study: How Much Does a Data Breach "Cost"?

Data Protection: Challenges for the Traveling User

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Prepare for (ISC)2® Certification With Villanova - Online

Key strategies for C-level executives and security staff

Configuration Assessment: Choosing the Right Solution

ITCi White Paper: Challenges and Opportunities of PCI

Effective Security with a Continuous Approach to ISO 27001 Compliance

Rolling the dice with your security? Take the Self-Assessment Test now

Digital Identity Protection and Data Security Get Personal

Solving Online Credit Fraud Using Device Reputation

Take our CSO role survey and receive a copy of the results

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Revolutionizing Endpoint Security with a Single Agent

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

The Case for Business Software Assurance ~ Securing Your Applications

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Envision Identity-Based Access Control for the Datacenter

IT Service Management: Metrics That Matter

Configuration Audit and Control for Virtualized Environments

The PCI Data Security Standard

Configuration Audit and Control for Virtualized Environments

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage