DNS softwareHere is a list of DNS software that is open source, is currently (as of 2016) being maintained, and that has authoritative and recursive DNSSEC support:
- BIND is
the swiss army knife of DNS servers. It has a lot of
features and can do pretty much everything. It's also
a big binary and sometimes difficult to configure. CVE BIND supports DNSSec.
- Unbound and NSD make up a suite of
DNS servers; they are both from NLnet Labs.
Basically, one (NSD) puts your web page on the Internet; the other (Unbound) looks for web pages on the Internet. NSD CVE (None of those entries look to point to NSD; it appears to have no CVE entries) Unbound CVE Both support DNSSec.
- Knot DNS and
Knot Resolver are two
DNS servers which came out in the 2010s (an authoritative and recursive
component); the recursive resolver is from 2016. Both support modern
DNS features, such as DNSSec. Like NSD and Unbound, Knot DNS serves
DNS records and Knot Resolver looks for DNS records on the Internet.
So far, there do not appear to be any CVE reports for either server, but both packages are fairly new. There’s a good writeup at LWN by the implementer about Knot DNS.
- PowerDNS (which
like Unbound/NSD, is two separate programs) has a lot of
flexibility with connecting to databases or what not to
resolve a DNS name. Used by Wikimedia, among others. CVE.
- DjbDNS. Great
tiny two-program DNS suite that sadly hasn't been updated by DJB since 2001. Yes,
it does have security problems (That's a CVE link). Note that
there are at least two security issues with DjbDNS which do not
have CVE numbers.
For anyone who wants to use DjbDNS, use N-DjbDNS, which is patched against all known security holes. I am now maintaining this branch of DjbDNS; the only updates I do are root server IP updates, security updates, and updates to ensure it compiles in (as of 2021) Ubuntu 20.04 LTS.
There are patches to give the authoritative half DNSSEC support; there is no DNSSEC support for the recursor.
- MaraDNS. It was once a single program,
now two separate programs (like Unbound/BSD and PowerDNS)
Easy-to-configure; tiny binary suitable for embedded systems. CVE
MaraDNS does not support DNSSEC nor EDNS.
There are many many other DNS servers, both open source and non-open source. Here is an incomplete list of the open source ones: DnsMasq, pdnsd, Posadis, MyDNS, MyDNS-ng, SDNS (Public domain, local download link), DnsJAVA