Erre con erre cigarro
Erre con erre barril
Rápido ruedan los carros
En el ferrocarril

Support MaraDNS or listen to my music

DNS software

Here is a list of DNS software that is open source, is currently (as of 2016) being maintained, and that has authoritative and recursive DNSSEC support:
  • BIND is the swiss army knife of DNS servers. It has a lot of features and can do pretty much everything. It's also a big binary and sometimes difficult to configure. CVE BIND supports DNSSec.

  • Unbound and NSD make up a suite of DNS servers; they are both from NLnet Labs.

    Basically, one (NSD) puts your web page on the Internet; the other (Unbound) looks for web pages on the Internet. NSD CVE (None of those entries look to point to NSD; it appears to have no CVE entries) Unbound CVE Both support DNSSec.

  • Knot DNS and Knot Resolver are two DNS servers which came out in the 2010s (an authoritative and recursive component); the recursive resolver is from 2016. Both support modern DNS features, such as DNSSec. Like NSD and Unbound, Knot DNS serves DNS records and Knot Resolver looks for DNS records on the Internet.

    So far, there do not appear to be any CVE reports for either server, but both packages are fairly new. There’s a good writeup at LWN by the implementer about Knot DNS.

  • PowerDNS (which like Unbound/NSD, is two separate programs) has a lot of flexibility with connecting to databases or what not to resolve a DNS name. Used by Wikimedia, among others. CVE.

Here are some other DNS servers:
  • DjbDNS. Great tiny two-program DNS suite that sadly hasn't been updated by DJB since 2001. Yes, it does have security problems (That's a CVE link). Note that there are at least two security issues with DjbDNS which do not have CVE numbers.

    For anyone who wants to use DjbDNS, use N-DjbDNS, which is patched against all known security holes. I am now maintaining this branch of DjbDNS; the only updates I do are root server IP updates, security updates, and updates to ensure it compiles in (as of 2021) Ubuntu 20.04 LTS.

    There are patches to give the authoritative half DNSSEC support; there is no DNSSEC support for the recursor.

  • MaraDNS. It was once a single program, now two separate programs (like Unbound/BSD and PowerDNS) Easy-to-configure; tiny binary suitable for embedded systems. CVE

    MaraDNS does not support DNSSEC nor EDNS.

There are many many other DNS servers, both open source and non-open source. Here is an incomplete list of the open source ones: DnsMasq, pdnsd, Posadis, MyDNS, MyDNS-ng, SDNS (Public domain, local download link), DnsJAVA

Other lists