Four companies led by Dutch non-profit NLnet Labs have launched an open source, Linux-compatible DNS (Domain Name System) server. "Unbound," which is also sponsored by VeriSign, Nominet, and Kirei, claims to offer a validating, recursive, and caching DNS server that is faster than the open source DNS mainstay BIND.
Targeted primarily at ISPs and enterprise users, Unbound will also be available for embedding in customer devices such as dedicated DNS appliances and ADSL modems, say the developers. A DNS server ties domain names to the IP addresses and other information required by Web browsers, driving Internet-related services including browsing, email, messaging, and VoIP.
Since the 1980s, the open source BIND (Berkeley Internet Name Domain) has been the de facto DNS standard in the Unix and Linux worlds. Last year, BIND was updated to version 9, adding support for DNSSEC (DNS Security Extensions), a security enhancement to the DNS protocol that protects against attacks such as DNS cache poisoning.
DNSSEC support is also a central focus of Unbound. The DNS server provides a modular architecture, and is claimed to be faster, more secure, easier to use, and more flexible than BIND. Like BIND, Unbound is released under a BSD license.
The Unbound project was originally developed in 2004 by Jakob Schlyter of Swedish DNS consultancy Kirei, and Roy Arends of British Internet non-profit Nominet. The project was initially funded by Internet infrastructure services vendor VeriSign, and Internet consultancy and services provider EP.Net. At VeriSign, David Blacka and Matt Larson developed a Java-based prototype, but it was decided that a C version would be needed to achieve the required performance.
In late 2006, NLnet Labs joined the group and took over development of a C-based version. An R&D spinoff of the Dutch non-profit NLnet Foundation, NLnet Labs was founded to develop new protocols and applications for the Internet, in particular related to DNS, DNSSEC, IPv6, and routing.
Stated Wouter Wijngaards, lead Unbound developer at NLnet Labs, "We have placed extra attention on security features, particularly since DNSSEC is not yet deployed widely. Unbound provides defenses against forgery while suffering minimal degradation in performance. In addition, we have worked hard to produce well documented, readable, and elegant code. With that we try to make the barrier for security audit and code review as low as possible."
Stated Matt Larson, director of DNS Research at VeriSign, "The prototype was too promising to shelve. We were happy NLnet Labs could commit to the development of the C version of Unbound. NLnet Labs has the appropriate expertise and are committed to continue support for Unbound."
Availability
Unbound 1.0 is available for free download under a BSD license from the Unbound site, here. NLnet Labs offers support for Unbound through a bug-tracking system and user mailing lists, and promises to provide two years warning if the company ever decides to cease providing support. Unbound runs on POSIX-based operating systems such as Linux, MacOS X, FreeBSD, and Solaris, says the group.
RHSA-2008:0270-01 Important: libvorbis security update
This entry was posted
on 6:37 PM
.
Archives
-
▼
2008
(457)
-
▼
May
(43)
- Eye of GNOME 2.22.2
- DSA 1588-2: New Linux 2.6.18 packages fix several ...
- samba (SSA:2008-149-01)
- DSA 1588-1: New Linux 2.6.18 packages fix several ...
- RHSA-2008:0289-01 Critical: samba security update
- CESA-2008:0288 Critical CentOS 3 x86_64 samba - se...
- Via unveils "Nano" processors
- DSA 1589-1: New libxslt packages fix execution of ...
- Gnome Games 2.22.2
- Linux gains "embedded" maintainers
- Banshee 1.0 Beta 2 (0.99.2) Released
- Orca v2.22.2
- DSA 1587-1: New mtr packages fix execution of arbi...
- CEEA-2008:0274 CentOS 5 i386 xenpv Update
- Ubuntu 8.04 LTS vs. Windows XP SP3: Application Pe...
- CESA-2008:0287 Important CentOS 3 s390(x) libxslt ...
- CESA-2008:0489 Critical CentOS 5 i386 gnutls Update
- CESA-2008:0287 Important CentOS 4 s390(x) libxslt ...
- CESA-2008:0287-01: Important CentOS 2 i386 libxslt...
- GLSA 200805-20 GnuTLS: Execution of arbitrary code
- DSA 1586-1: New xine-lib packages fix several vuln...
- Virtual Users And Domains With Postfix, Courier, M...
- Wind River, Intel tag-team "infotainment" Linux
- GLSA 200805-19 ClamAV: Multiple vulnerabilities
- RHSA-2008:0364-01 Low: mysql security and bug fix ...
- Open source DNS server takes on BIND
- GLSA 200805-17 Perl: Execution of arbitrary code
- DSA 1580-1: New phpgedview packages fix privilege ...
- World's cheapest Linux-based laptop?
- CESA-2008:0270 Important CentOS 5 x86_64 libvorbis...
- DSA 1576-2: New openssh packages fix predictable r...
- openSUSE 11.0 Beta 3
- DSA 1578-1: New php4 packages fix several vulnerab...
- Verizon Wireless, seven others join Linux phone org
- GLSA 200805-15 libid3tag: Denial of Service
- GARNOME 2.23.2
- Debian adding low-power NAS devices
- DSA 1576-1: New openssh packages fix predictable r...
- USN-612-5: OpenSSH update
- GLSA 200805-14 Common Data Format library: User-a...
- DSA 1577-1: New gforge packages fix insecure tempo...
- Orca v2.23.2
- RHSA-2008:0270-01 Important: libvorbis security up...
-
▼
May
(43)