Unbound
nlnetlabs.nl/projects/unbound Desktop [Linux, Mac, OpenWrt & Windows]
Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)
- Homepage: nlnetlabs.nl/projects/unbound
- GitHub: github.com/NLnetLabs/unbound
- Privacy: unboundapp.com/privacy-policy.html
- Web info: web-check.xyz/results/nlnetlabs.nl
Unbound Source Code
Author
Description
Unbound is a validating, recursive, and caching DNS resolver.
Homepage
https://nlnetlabs.nl/unboundLicense
BSD-3-Clause
Created
13 Jun 17
Last Updated
05 Apr 24
Latest version
Primary Language
C
Size
102,390 KB
Stars
2,761
Forks
329
Watchers
2,761
Language Usage
Star History
Top Contributors
-
@wcawijngaards (6332)
-
@gthess (465)
-
@ralphdolmans (325)
-
@wtoorop (55)
-
@Philip-NLnetLabs (37)
-
@fobser (19)
-
@noloader (17)
-
@TCY16 (17)
-
@Maryse47 (11)
-
@PMunch (8)
-
@countsudoku (8)
-
@pemensik (7)
-
@episource (7)
-
@AlexanderBand (6)
-
@Talkabout (6)
-
@vvfedorenko (6)
-
@k9982874 (6)
-
@ziollek (5)
-
@Shchelk (5)
-
@kimheino (5)
-
@cgallred (5)
-
@rcmcdonald91 (3)
-
@FGasper (3)
-
@fhriley (3)
-
@eaglegai (3)
-
@dyunwei (3)
-
@edmonds (3)
-
@hardfalcon (2)
-
@rijswijk (2)
-
@sthen (2)
Recent Commits
-
- Fix comment syntax for view function views_find_view.
-
- Merge #1027: Introduce 'cache-min-negative-ttl' option.
-
- Fix #369: dnstap showing extra responses; for client responses right from the cache when replying with expired data or prefetching.
-
- Fix #1035: Potential Bug while parsing port from the "stub-host" string; also affected forward-zones and remote-control host directives.
-
- For #1040: adjust error text and disallow negative ports in other parts of cfg_mark_ports.
-
Changelog note for #1040 - Fix #1040: fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c.
-
Merge pull request #1040 from xiaoxiaoafeifei/master fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c
-
zhailiangliang (03 Apr 24)
fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c
-
- Fix for crypto related failures to have a better error string.
-
- Fix #1034: DoT forward-zone via unbound-control.
-
- Fix that the server does not chown the pidfile.
-
- Fix that when the server truncates the pidfile, it does not follow symbolic links.
-
- Fix to add unit test for lruhash space that exercises the routines.
-
- Fix comment in lruhash space function.
-
- Fix for #1032, add safeguard to make table space positive.
-
- Fix #1032: The size of subnet_msg_cache calculation mistake cause memory usage increased beyond expectations.
-
- Fix name of unit test for subnet cache response.
-
- For #831: Format text, use exclamation icon and explicit label names.
-
Changelog entry for #831 - Merge #831 from Pierre4012: Improve Windows NSIS installer script (setup.nsi).
-
Pierre4012 (25 Mar 24)
Improve Windows NSIS installer script (setup.nsi) (#831) * Improve Windows NSIS installer script (setup.nsi) Two improvements of installer script : - avoid error message when Unbound is running, - add "DisplayVersion" in registry thus Windows package manager (Winget) can handle Unbound. * Update setup.nsi ask user to stop unbound service + DisplayVersion in Windows registry
-
- Fix localdata and rpz localdata to match CNAME only if no direct type match is available.
-
- Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that clientip and nsip can give a CNAME.
-
- Fix rpz for qtype CNAME after nameserver trigger.
-
- Add rpz unit test for nsip action override.
-
- Fix rpz that copies the cname override completely to the temp region, so there are no references to the rpz region.
-
- Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets the reply query_info values, that is better for debug logging.
-
- Fix that rpz CNAME content is limited to the max number of cnames.
-
Merge branch 'features/makedist-persist-windir'
-
- For windows build, persist the openssl and expat directories for repeated builds while debugging.
-
- Fix that addrinfo is not kept around but copied and freed, so that log-destaddr uses a copy of the information, much like NSD does.
Unbound Website
Website
NLnet Labs - Unbound - About
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit …
Redirects
Redirects to https://nlnetlabs.nl/projects/unbound/about/
Security Checks
All 66 security checks passed
Server Details
- IP Address 185.49.140.10
- Hostname open.nlnetlabs.nl
- Location Amsterdam, Noord-Holland, Netherlands (Kingdom of the), EU
- ISP Stichting NLnet Labs
- ASN AS8587
Associated Countries
-
NL -
US -
DE
Saftey Score
Website marked as safe
100%
Blacklist Check
nlnetlabs.nl was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
Unbound Docker
Container Info
pihole-unbound
A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. This version has Ubound software installed on it so you don't need to rely on external DNS providers. When the installation is complete, navigate to your.ip.goes.here:1010/admin. Follow the article <a href='https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f'>here</a>
DockerHub Metrics
- Pull Count 2,123,520
- Stars 58
- Date Created 31 Dec 20
- Last Updated 3 months ago
View on DockerHub
cbcrowe/pihole-unboundRun Command
docker run -d \
-p 53:53/tcp \
-p 53:53/udp \
-p 1010:80/tcp \
-p 4443:443/tcp \
-e ServerIP=${ServerIP} \
-e TZ=${TZ} \
-e DNSSEC=${DNSSEC} \
-e DNS1=${DNS1} \
-e DNS2=${DNS2} \
-v /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole \
-v /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d \
--restart=unless-stopped \
cbcrowe/pihole-unbound:latest Compose File
version: 3.8
services:
pi-hole-unbound:
image: cbcrowe/pihole-unbound:latest
ports:
- 53:53:tcp
- 53:53:udp
- 1010:80:tcp
- 4443:443:tcp
environment:
ServerIP: 192.168.0.X
TZ: Europe\London
DNSSEC:
DNS1: 127.0.0.1#5335
DNS2: 127.0.0.1#5335
volumes:
- /portainer/Files/AppData/Config/PiHole-Unbound:/etc/pihole
- /portainer/Files/AppData/Config/PiHole-Unbound/DNS:/etc/dnsmasq.d
restart: unless-stopped Environment Variables
- Var Name Default
- ServerIP 192.168.0.X
- TZ Europe\London
- DNSSEC null
- DNS1 127.0.0.1#5335
- DNS2 127.0.0.1#5335
Port List
- 53:53/tcp
- 53:53/udp
- 1010:80/tcp
- 4443:443/tcp
Volume Mounting
- /portainer/Files/AppData/Config/PiHole-Unbound /etc/pihole
- /portainer/Files/AppData/Config/PiHole-Unbound/DNS /etc/dnsmasq.d
Permissions
- read ✅ Yes
- write ✅ Yes
- admin ✅ Yes
Unbound Reviews
More DNS Clients
-
A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2, DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.
-
Non-root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo.)
-
Free and open source DNS changer with support for DNS-over-HTTPS, DNS-over-Tor, and DNSCrypt v3 with Anonymized Relays. (Note, since this uses Android's VPN API, it is not possible to run a VPN while using RethinkDNS + Firewall.)
-
Simple all that allows for the use for dnscrypt-proxy 2 on an iPhone.
-
Stubby
(Desktop [Linux, Mac, OpenWrt & Windows])
dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+StubbyActs as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), see example configuration.
About the Data: Unbound
API
You can access Unbound's data programmatically via our API.
Simply make a GET request to:
https://api.awesome-privacy.xyz/networking/dns-clients/unboundThe REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share Unbound
Help your friends compare DNS Clients, and pick privacy-respecting software and services.
Share Unbound and Awesome Privacy with your network!