Unbound

nlnetlabs.nl/projects/unbound
Unbound Icon

Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)

Open Source

Unbound Source Code

Author

NLnetLabs

Description

Unbound is a validating, recursive, and caching DNS resolver.

#dns#dns-privacy#dnssec#recursor#resolver

Homepage

https://nlnetlabs.nl/unbound

License

BSD-3-Clause

Created

13 Jun 17

Last Updated

21 Jun 24

Latest version

release-1.20.0

Primary Language

C

Size

102,885 KB

Stars

2,881

Forks

337

Watchers

2,881

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Yorgos Thessalonikefs (21 Jun 24)

    - Fix pkg-config availability check in dnstap/dnstap.m4 and systemd.m4. - autoconf.

  • Yorgos Thessalonikefs (19 Jun 24)

    - Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by adding helpful text for the Python interpreter version and allowing the default pkg-config unavailability error message to be shown. - autoconf.

  • W.C.A. Wijngaards (17 Jun 24)

    - Fix #1091: Build fails with OpenSSL >= 3.0 built with OPENSSL_NO_DEPRECATED.

  • W.C.A. Wijngaards (07 Jun 24)

    - Add unit test for validation of repeated use of a DNAME record.

  • W.C.A. Wijngaards (06 Jun 24)

    - Fix validation for repeated use of a DNAME record.

  • W.C.A. Wijngaards (06 Jun 24)

    - Fix typos for 'the the' in text.

  • W.C.A. Wijngaards (06 Jun 24)

    - Fix memory leak in setup of dsa sig.

  • Yorgos Thessalonikefs (04 Jun 24)

    - Merge #1080: AddressSanitizer detection in tdir tests and memory leak fixes.

  • Yorgos Thessalonikefs (04 Jun 24)

    - Skip unbound-dnstap-socket unit test when not compiled with --enable-debug.

  • W.C.A. Wijngaards (03 Jun 24)

    - Fix to squelch connection reset by peer errors from log. And fix that the tcp read errors are labeled as initial for the first calls.

  • Yorgos Thessalonikefs (31 May 24)

    - Fix memory leak on exit for unbound-dnstap-socket; creates false negatives during testing.

  • Yorgos Thessalonikefs (31 May 24)

    - Fix memory leak when reload_keep_cache is used and num-threads changes.

  • Yorgos Thessalonikefs (31 May 24)

    - Enable AddressSanitizer error detection in tdir tests.

  • W.C.A. Wijngaards (30 May 24)

    - Fix for #1079: fix RPZ taglist in iterator callback that no client info is like no taglist intersection.

  • W.C.A. Wijngaards (30 May 24)

    - Fix #1079: tags from tagged rpz zones are no longer honored after upgrade from 1.19.3 to 1.20.0.

  • W.C.A. Wijngaards (29 May 24)

    Changelog note for #1078. - Merge #1078: Only check old pid if no username.

  • Wouter Wijngaards (29 May 24)

    Merge pull request #1078 from vopatek/master Only check old pid if no username

  • Martin Vopatek (29 May 24)

    Only check old pid if no username Do as the comment says and only check old pid if there is no username configured.

  • Yorgos Thessalonikefs (27 May 24)

    - Update patch to remove 'command' shell builtin and update error text.

  • Michael Tokarev (19 Apr 22)

    unbound-control-setup: check openssl Before doing anything, check if openssl binary (which we will use) is available, and print a useful error message if it is not found.

  • Yorgos Thessalonikefs (27 May 24)

    - Fix unused variable warning on compilation with no thread support.

  • W.C.A. Wijngaards (27 May 24)

    - Fix spelling of tcp-idle-timeout docs, from Michael Tokarev.

  • W.C.A. Wijngaards (27 May 24)

    - Fix to enable that SERVFAIL is cached, for a short period, for more cases. In the cases where limits are exceeded.

  • Yorgos Thessalonikefs (24 May 24)

    Changelog entry for #1059: - Fix #1059: Intermittent DNS blocking failure with local-zone and always_nxdomain. Addition of local_zones dynamically via unbound-control was not finding the zone's parent correctly.

  • Yorgos Thessalonikefs (24 May 24)

    Proper parent identification for dynamically entered local zones (#1076) - Fix #1059: Intermittent DNS blocking failure with local-zone and always_nxdomain. Addition of local_zones dynamically via unbound-control was not finding the zone's parent correctly.

  • W.C.A. Wijngaards (24 May 24)

    - Fix #1064: Unbound 1.20 Cachedb broken? Add unit test for validation status commit.

  • W.C.A. Wijngaards (21 May 24)

    - Fix for #1064: Fix that cachedb expired messages are considered insecure, and thus can be served to clients when dnssec is enabled.

  • W.C.A. Wijngaards (21 May 24)

    - Fix for parse end of forward-zone, stub-zone and view.

  • W.C.A. Wijngaards (21 May 24)

    - Fix to print a parse error when config is read with no name for a forward-zone, stub-zone or view.

  • W.C.A. Wijngaards (21 May 24)

    Changelog note for #1073. - Merge #1073: fix null pointer dereference issue in function ub_ctx_set_fwd.

Unbound Website

Website

NLnet Labs - Unbound - About

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit …

Redirects

Redirects to https://nlnetlabs.nl/projects/unbound/about/

Security Checks

All 66 security checks passed

Server Details

  • IP Address 185.49.140.10
  • Hostname open.nlnetlabs.nl
  • Location Amsterdam, Noord-Holland, Netherlands (Kingdom of the), EU
  • ISP Stichting NLnet Labs
  • ASN AS8587

Associated Countries

  • NL
  • US
  • DE

Saftey Score

Website marked as safe

100%

Blacklist Check

nlnetlabs.nl was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Unbound Docker

Container Info

pihole-unbound

A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. This version has Ubound software installed on it so you don't need to rely on external DNS providers. When the installation is complete, navigate to your.ip.goes.here:1010/admin. Follow the article <a href='https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f'>here</a>

#Other#Tools

DockerHub Metrics

  • Pull Count 2,173,817
  • Stars 62
  • Date Created 31 Dec 20
  • Last Updated 1 month ago

View on DockerHub

cbcrowe/pihole-unbound

Run Command

docker run -d \ 
  -p 53:53/tcp \
  -p 53:53/udp \
  -p 1010:80/tcp \
  -p 4443:443/tcp \
  -e ServerIP=${ServerIP} \
  -e TZ=${TZ} \
  -e DNSSEC=${DNSSEC} \
  -e DNS1=${DNS1} \
  -e DNS2=${DNS2} \
  -v /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole \
  -v /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d \
  --restart=unless-stopped \
  cbcrowe/pihole-unbound:latest

Compose File

version: 3.8
services:
  pi-hole-unbound:
    image: cbcrowe/pihole-unbound:latest
    ports:
      - 53:53:tcp
      - 53:53:udp
      - 1010:80:tcp
      - 4443:443:tcp
    environment:
      ServerIP: 192.168.0.X
      TZ: Europe\London
      DNSSEC: 
      DNS1: 127.0.0.1#5335
      DNS2: 127.0.0.1#5335
    volumes:
      - /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole
      - /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d
    restart: unless-stopped

Environment Variables

  • Var Name Default
  • ServerIP 192.168.0.X
  • TZ Europe\London
  • DNSSEC null
  • DNS1 127.0.0.1#5335
  • DNS2 127.0.0.1#5335

Port List

  • 53:53/tcp
  • 53:53/udp
  • 1010:80/tcp
  • 4443:443/tcp

Volume Mounting

  • /portainer/Files/AppData/Config/PiHole-Unbound /etc/pihole
  • /portainer/Files/AppData/Config/PiHole-Unbound/DNS /etc/dnsmasq.d

Permissions

  • read ✅ Yes
  • write ✅ Yes
  • admin ✅ Yes

Unbound Reviews

More DNS Clients

About the Data: Unbound

API

You can access Unbound's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/dns-clients/unbound

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Unbound

Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share Unbound and Awesome Privacy with your network!

View DNS Clients (6)