Unbound: More Thoughts on a New DNS Server
A new player has entered the arena: Unbound is an open-source DNS server written, maintained, and distributed by a consortium of Internet companies that specialize in domain-name sales and management (NLnet Labs, Verisign, Nominet, and Kirei), and released under the BSD license. As Mike noted, Unbound has the potential to challenge the DNS monoculture.
One of the great successes of open-source software is BIND, the Berkeley Internet Daemon. This piece of software is almost unknown to most Internet users, but provides a crucial function to nearly all operations. That's because BIND translates the computer and domains names we know so well, from ibm.com to whitehouse.gov -- into numeric "IP addresses." It is these numeric addresses that computers actually use in their communication tasks. Without DNS, people would have to use numbers, or we would have a static, centrally controlled translation system that would be far less flexible than the current setup.
BIND is both one of the oldest open-source projects, and one of the most commonly used. Most name-to-address translation today, whether in a local office or an ISP, is handled by BIND, or by a version of it. The only serious competitor to BIND that I have seen over the years is djbdns, a nameserver written by Daniel J. Bernstein. djbdns is one of the programs that Bernstein put into the public domain several months ago; even so, BIND continues to dominate the world of DNS servers.
As of yesterday, a new player has entered the arena: Unbound is an open-source DNS server written, maintained, and distributed by a consortium of Internet companies that specialize in domain-name sales and management (NLnet Labs, Verisign, Nominet, and Kirei), and released under the BSD license.
To the average Internet user, Unbound won't make much difference. But to network administrators, Unbound offers the promise of many new features, particularly many having to do with security that BIND didn't offer, or didn't make available fast enough. In addition, the Unbound "TODO" list indicates that the authors plan to make it possible to run their server under Windows, to automatically update the software when new versions come out, and handle traffic problems more gracefully than before.
The fact that many big names from the Internet -- the best-known being Verisign, best known for being the original domain registrar before it was split up and privatized among many companies -- are sponsoring this software -- is reason to take it more seriously than many other DNS servers that have emerged over the years. But DNS is such a crucial service, underlying everything that we do on the Internet, that I have to wonder how quickly network administrators will begin to use it.
Even with many built-in tests, it remains to be seen if Unbound will make life easier and better for network administrators, breathing new life into the world of DNS servers. If nothing else, the open-source world has frequently seen that competition is good for all of the projects involved; even if Unbound doesn't end up dominating the world of DNS, we can hope that it will spur the BIND developers to improve.