Unbound

nlnetlabs.nl/projects/unbound
Unbound Icon

Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)

Open Source

Unbound Source Code

Author

NLnetLabs

Description

Unbound is a validating, recursive, and caching DNS resolver.

#dns#dns-privacy#dnssec#recursor#resolver

Homepage

https://nlnetlabs.nl/unbound

License

BSD-3-Clause

Created

13 Jun 17

Last Updated

13 Sept 24

Latest version

release-1.21.0

Primary Language

C

Size

101,376 KB

Stars

3,021

Forks

346

Watchers

3,021

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Yorgos Thessalonikefs (11 Sept 24)

    - Fix and add comments in testdata/val_negcache_ttl.rpl.

  • W.C.A. Wijngaards (10 Sept 24)

    - Add unit test for ttl limit for aggressive nsec.

  • W.C.A. Wijngaards (10 Sept 24)

    - Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled (RFC9077).

  • Yorgos Thessalonikefs (06 Sept 24)

    - Fix comment to not trigger doxygen unknown command.

  • Yorgos Thessalonikefs (06 Sept 24)

    - Fix alloc-size and calloc-transposed-args compiler warnings.

  • W.C.A. Wijngaards (05 Sept 24)

    - Fix config file read for dnstap-sample-rate.

  • W.C.A. Wijngaards (02 Sept 24)

    Changelog note for #1135 - Merge #1135: Add new IANA trust anchor.

  • Keelan Cannoo (02 Sept 24)

    Add new IANA trust anchor (#1135) Signed-off-by: Keelan Cannoo <[email protected]> Co-authored-by: Keelan10 <[email protected]>

  • W.C.A. Wijngaards (30 Aug 24)

    - Fix for #1132, comment about adjusted copy of reference check.

  • W.C.A. Wijngaards (30 Aug 24)

    Changelog note for #1132 and fix for #1132. - Merge #1132: b.root renumbering. - Fix for #1132, adjusted unit test for change in the test file.

  • Loganaden Velvindron (30 Aug 24)

    b.root renumbering (#1132) https://b.root-servers.org/news/2023/05/16/new-addresses.html Worked together with Jaykishan Muktawoa <[email protected]>

  • W.C.A. Wijngaards (29 Aug 24)

    - Fix to print port number in logs for auth zone transfer activities.

  • W.C.A. Wijngaards (29 Aug 24)

    - Unit test for auth zone transfer TLS, and TLS failure.

  • W.C.A. Wijngaards (28 Aug 24)

    - Fix that stub-zone and forward-zone clauses do not exhaust memory for long content.

  • W.C.A. Wijngaards (28 Aug 24)

    - Fix that when rpz is applied the message does not get picked up by the validator. That stops validation failures for the message.

  • W.C.A. Wijngaards (27 Aug 24)

    - Fix #1130: Loads of logs: "validation failure: key for validation <domain>. is marked as invalid because of a previous" for non-DNSSEC signed zone.

  • W.C.A. Wijngaards (23 Aug 24)

    - Fix documentation for cache_fill_missing function.

  • W.C.A. Wijngaards (23 Aug 24)

    - Fix #1127: error: "memory exhausted" when defining more than 9994 local-zones.

  • W.C.A. Wijngaards (23 Aug 24)

    - Merge patch to fix for glue that is outside of zone, with `harden-unverified-glue`, from Karthik Umashankar (Microsoft). Enabling this option protects the Unbound resolver against bad glue, that is unverified out of zone glue, by resolving them. It uses the records as last resort if there is no other working glue.

  • W.C.A. Wijngaards (21 Aug 24)

    Enable ci back after debug.

  • W.C.A. Wijngaards (21 Aug 24)

    - Fix for char signedness warnings on NetBSD.

  • W.C.A. Wijngaards (21 Aug 24)

    - Add cross platform netbsd to github ci.

  • W.C.A. Wijngaards (21 Aug 24)

    - Add cross platform openbsd to github ci.

  • W.C.A. Wijngaards (21 Aug 24)

    ci for freebsd nicer, with libevent, faster without static compile, and with grouped output, also the pkg install is conditional on the platform.

  • W.C.A. Wijngaards (21 Aug 24)

    Fix for freebsd ci.

  • W.C.A. Wijngaards (21 Aug 24)

    - Add cross platform freebsd to github ci.

  • W.C.A. Wijngaards (20 Aug 24)

    - Add iter-scrub-ns, iter-scrub-cname and max-global-quota configuration options.

  • W.C.A. Wijngaards (19 Aug 24)

    - Fix #1126: unbound-control-setup hangs while testing for openssl presence starting from version 1.21.0.

  • W.C.A. Wijngaards (15 Aug 24)

    - Tag for release 1.21.0, the repository continues with 1.21.1 in development.

  • W.C.A. Wijngaards (09 Aug 24)

    - Fix spelling for the cache-min-negative-ttl entry in the example.conf.

Unbound Website

Website

NLnet Labs - Unbound - About

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit …

Redirects

Redirects to https://nlnetlabs.nl/projects/unbound/about/

Security Checks

All 66 security checks passed

Server Details

  • IP Address 185.49.140.10
  • Hostname open.nlnetlabs.nl
  • Location Amsterdam, Noord-Holland, Netherlands (Kingdom of the), EU
  • ISP Stichting NLnet Labs
  • ASN AS8587

Associated Countries

  • NL
  • US
  • DE

Saftey Score

Website marked as safe

100%

Blacklist Check

nlnetlabs.nl was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Unbound Docker

Container Info

pihole-unbound

A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. This version has Ubound software installed on it so you don't need to rely on external DNS providers. When the installation is complete, navigate to your.ip.goes.here:1010/admin. Follow the article <a href='https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f'>here</a>

#Other#Tools

DockerHub Metrics

  • Pull Count 2,223,601
  • Stars 63
  • Date Created 31 Dec 20
  • Last Updated 4 months ago

View on DockerHub

cbcrowe/pihole-unbound

Run Command

docker run -d \ 
  -p 53:53/tcp \
  -p 53:53/udp \
  -p 1010:80/tcp \
  -p 4443:443/tcp \
  -e ServerIP=${ServerIP} \
  -e TZ=${TZ} \
  -e DNSSEC=${DNSSEC} \
  -e DNS1=${DNS1} \
  -e DNS2=${DNS2} \
  -v /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole \
  -v /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d \
  --restart=unless-stopped \
  cbcrowe/pihole-unbound:latest

Compose File

version: 3.8
services:
  pi-hole-unbound:
    image: cbcrowe/pihole-unbound:latest
    ports:
      - 53:53:tcp
      - 53:53:udp
      - 1010:80:tcp
      - 4443:443:tcp
    environment:
      ServerIP: 192.168.0.X
      TZ: Europe\London
      DNSSEC: 
      DNS1: 127.0.0.1#5335
      DNS2: 127.0.0.1#5335
    volumes:
      - /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole
      - /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d
    restart: unless-stopped

Environment Variables

  • Var Name Default
  • ServerIP 192.168.0.X
  • TZ Europe\London
  • DNSSEC null
  • DNS1 127.0.0.1#5335
  • DNS2 127.0.0.1#5335

Port List

  • 53:53/tcp
  • 53:53/udp
  • 1010:80/tcp
  • 4443:443/tcp

Volume Mounting

  • /portainer/Files/AppData/Config/PiHole-Unbound /etc/pihole
  • /portainer/Files/AppData/Config/PiHole-Unbound/DNS /etc/dnsmasq.d

Permissions

  • read ✅ Yes
  • write ✅ Yes
  • admin ✅ Yes

Unbound Reviews

More DNS Clients

About the Data: Unbound

API

You can access Unbound's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/dns-clients/unbound

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Unbound

Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share Unbound and Awesome Privacy with your network!

View DNS Clients (6)