Unbound
nlnetlabs.nl/projects/unbound Desktop [Linux, Mac, OpenWrt & Windows]Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)
- Homepage: nlnetlabs.nl/projects/unbound
- GitHub: github.com/NLnetLabs/unbound
- Privacy: unboundapp.com/privacy-policy.html
- Web info: web-check.xyz/results/nlnetlabs.nl
Unbound Source Code
Author
Description
Unbound is a validating, recursive, and caching DNS resolver.
Homepage
https://nlnetlabs.nl/unboundLicense
BSD-3-Clause
Created
13 Jun 17
Last Updated
29 Apr 24
Latest version
Primary Language
C
Size
100,830 KB
Stars
2,797
Forks
329
Watchers
2,797
Language Usage
Star History
Top Contributors
- @wcawijngaards (6363)
- @gthess (474)
- @ralphdolmans (325)
- @wtoorop (55)
- @Philip-NLnetLabs (37)
- @fobser (19)
- @noloader (17)
- @TCY16 (17)
- @Maryse47 (11)
- @pemensik (9)
- @countsudoku (8)
- @PMunch (8)
- @episource (7)
- @AlexanderBand (6)
- @Talkabout (6)
- @vvfedorenko (6)
- @k9982874 (6)
- @cgallred (5)
- @kimheino (5)
- @Shchelk (5)
- @ziollek (5)
- @edmonds (3)
- @dyunwei (3)
- @eaglegai (3)
- @fhriley (3)
- @FGasper (3)
- @rcmcdonald91 (3)
- @xiaoxiaoafeifei (2)
- @orbea (2)
- @mibere (2)
Recent Commits
- W.C.A. Wijngaards (29 Apr 24)
- Fix doxygen comment for errinf_to_str_bogus.
- Yorgos Thessalonikefs (29 Apr 24)
- Cleanup unnecessary strdup calls for EDE strings.
- W.C.A. Wijngaards (26 Apr 24)
- Man page entry for unbound-checkconf -q.
- Yorgos Thessalonikefs (26 Apr 24)
- Fix #876: [FR] can unbound-checkconf be silenced when configuration is valid?
- W.C.A. Wijngaards (26 Apr 24)
- Add unit tests for cachedb and subnet cache expired data.
- W.C.A. Wijngaards (26 Apr 24)
- Fix cachedb with serve-expired-client-timeout disabled. The edns subnet module deletes global cache and cachedb cache when it stores a result, and serve-expired is enabled, so that the global reply, that is older than the ecs reply, does not return after the ecs reply expires.
- W.C.A. Wijngaards (25 Apr 24)
- Fix doc unit test for out of directory build.
- W.C.A. Wijngaards (25 Apr 24)
- Fix to disable fragmentation on systems with IP_DONTFRAG, with a nonzero value for the socket option argument.
- W.C.A. Wijngaards (25 Apr 24)
Changelog note for #1041 and #1038. - Merge #1041: Stub and Forward unshare. This has one structure for them and fixes #1038: fatal error: Could not initialize thread / error: reading root hints.
- Wouter Wijngaards (25 Apr 24)
Merge pull request #1041 from NLnetLabs/stubfwd-unshare Stub and Forward unshare
- Yorgos Thessalonikefs (25 Apr 24)
Update locking management for iter_fwd and iter_hints methods. (#1054) fast reload, move most of the locking management to iter_fwd and iter_hints methods. The caller still has the ability to handle its own locking, if desired, for atomic operations on sets of different structs. Co-authored-by: Wouter Wijngaards <[email protected]>
- W.C.A. Wijngaards (25 Apr 24)
- Fix configure flto check error, by finding grep for it.
- W.C.A. Wijngaards (24 Apr 24)
- Fix ci workflow for macos for moved install locations.
- Yorgos Thessalonikefs (23 Apr 24)
- Merge #1053: Remove child delegations from cache when grandchild delegations are returned from parent.
- Yorgos Thessalonikefs (22 Apr 24)
- When a granchild delegation is returned, remove any cached child delegations up to parent to not cause delegation invalidation because of an expired child delegation that would never be updated. Most likely to happen without qname-minimisation. Reported by Roland van Rijswijk-Deij.
- W.C.A. Wijngaards (22 Apr 24)
- Fix edns subnet to sort rrset references when storing messages in the cache. This fixes a race condition in the rrset locks.
- W.C.A. Wijngaards (22 Apr 24)
- Add checklock feature verbose_locking to trace locks and unlocks.
- Yorgos Thessalonikefs (15 Apr 24)
Changelog entry for #1049: - Merge #1049 from Petr MenΕ‘Γk: Py_NoSiteFlag is not needed since Python 3.8
- Yorgos Thessalonikefs (15 Apr 24)
Merge pull request #1049 from InfrastructureServices/python3.12-Py_NoSiteFlag-warning Py_NoSiteFlag is not needed since Python 3.8
- Petr Mensik (15 Apr 24)
Py_NoSiteFlag is not needed since Python 3.8 Python since 3.12 prints warning about Py_NoSiteFlag is deprecated. It seems that variable is not needed since Python 3.8, since it sets in such cases directly config.site_import variable few moments later. Move using deprecated variable to versions before that flag in config could be used only. This should fix warning like: pythonmod/pythonmod.c: In function 'pythonmod_init': pythonmod/pythonmod.c:359:7: warning: 'Py_NoSiteFlag' is deprecated [-Wdeprecated-declarations] 359 | Py_NoSiteFlag = 1; | ^~~~~~~~~~~~~ In file included from /usr/include/python3.12/Python.h:48, from pythonmod/pythonmod.c:54: /usr/include/python3.12/cpython/pydebug.h:14:37: note: declared here 14 | Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_NoSiteFlag; | ^~~~~~~~~~~~~ https://docs.python.org/3/c-api/init.html#c.Py_NoSiteFlag
- W.C.A. Wijngaards (15 Apr 24)
- Fix configure, autoconf for #1048.
- W.C.A. Wijngaards (15 Apr 24)
Changelog note for #1048. - Fix #1048: Update ax_pkg_swig.m4 and ax_pthread.m4.
- Wouter Wijngaards (15 Apr 24)
Merge pull request #1048 from InfrastructureServices/configure-m4-refresh Update ax_pkg_swig.m4 and ax_pthread.m4
- Petr Mensik (15 Apr 24)
Update ax_pkg_swig.m4 and ax_pthread.m4 Use vanilla m4 files with known source. Prepared for possible removal at build time if the system already has autoconf-archive source present. Switch to AX_PKG_SWIG macro for versioned or unversioned swig detection.
- W.C.A. Wijngaards (12 Apr 24)
- Fixup cachedb to not refetch when serve-expired-client-timeout is used.
- W.C.A. Wijngaards (12 Apr 24)
- Fixup unit test for cachedb server expired client timeout with a check if response if from upstream or from cachedb.
- W.C.A. Wijngaards (12 Apr 24)
- Fix cachedb for serve-expired with serve-expired-client-timeout.
- W.C.A. Wijngaards (10 Apr 24)
- Fix to not reply serve expired unless enabled for cachedb.
- W.C.A. Wijngaards (10 Apr 24)
- Fix cachedb for serve-expired with serve-expired-reply-ttl.
- W.C.A. Wijngaards (10 Apr 24)
- Fix makefile dependencies for fake_event.c.
Unbound Website
Website
NLnet Labs - Unbound - About
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit β¦
Redirects
Redirects to https://nlnetlabs.nl/projects/unbound/about/
Security Checks
All 66 security checks passed
Server Details
- IP Address 185.49.140.10
- Hostname open.nlnetlabs.nl
- Location Amsterdam, Noord-Holland, Netherlands (Kingdom of the), EU
- ISP Stichting NLnet Labs
- ASN AS8587
Associated Countries
- NL
- US
- DE
Saftey Score
Website marked as safe
100%
Blacklist Check
nlnetlabs.nl was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
Unbound Docker
Container Info
pihole-unbound
A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. This version has Ubound software installed on it so you don't need to rely on external DNS providers. When the installation is complete, navigate to your.ip.goes.here:1010/admin. Follow the article <a href='https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f'>here</a>
DockerHub Metrics
- Pull Count 2,123,520
- Stars 58
- Date Created 31 Dec 20
- Last Updated 4 months ago
View on DockerHub
cbcrowe/pihole-unboundRun Command
docker run -d \ -p 53:53/tcp \ -p 53:53/udp \ -p 1010:80/tcp \ -p 4443:443/tcp \ -e ServerIP=${ServerIP} \ -e TZ=${TZ} \ -e DNSSEC=${DNSSEC} \ -e DNS1=${DNS1} \ -e DNS2=${DNS2} \ -v /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole \ -v /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d \ --restart=unless-stopped \ cbcrowe/pihole-unbound:latest
Compose File
version: 3.8 services: pi-hole-unbound: image: cbcrowe/pihole-unbound:latest ports: - 53:53:tcp - 53:53:udp - 1010:80:tcp - 4443:443:tcp environment: ServerIP: 192.168.0.X TZ: Europe\London DNSSEC: DNS1: 127.0.0.1#5335 DNS2: 127.0.0.1#5335 volumes: - /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole - /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d restart: unless-stopped
Environment Variables
- Var Name Default
- ServerIP 192.168.0.X
- TZ Europe\London
- DNSSEC null
- DNS1 127.0.0.1#5335
- DNS2 127.0.0.1#5335
Port List
- 53:53/tcp
- 53:53/udp
- 1010:80/tcp
- 4443:443/tcp
Volume Mounting
- /portainer/Files/AppData/Config/PiHole-Unbound /etc/pihole
- /portainer/Files/AppData/Config/PiHole-Unbound/DNS /etc/dnsmasq.d
Permissions
- read β Yes
- write β Yes
- admin β Yes
Unbound Reviews
More DNS Clients
-
A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2, DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.
-
Non-root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo.)
-
Free and open source DNS changer with support for DNS-over-HTTPS, DNS-over-Tor, and DNSCrypt v3 with Anonymized Relays. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using RethinkDNS + Firewall.)
-
Simple all that allows for the use for dnscrypt-proxy 2 on an iPhone.
-
Stubby
(Desktop [Linux, Mac, OpenWrt & Windows])
dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+StubbyActs as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), see example configuration.
About the Data: Unbound
API
You can access Unbound's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/networking/dns-clients/unbound
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share Unbound
Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share Unbound and Awesome Privacy with your network!