Unbound is a validating, recursive, and caching DNS resolver developed and maintained by NLnet Labs (a non-profit organization).
Why Use an Unbound Domain Name System Server?
Easy to configure
Unbound is very easy to configure. It is configured through a configuration file that is quite like YAML (Yet Another Markup Language). There are not a great number of configuration directives needed to set up Unbound since the service has a relatively simple and single role.
Unbound’s lightweight code structure, simple and modular design contribute to making Unbound an extremely high-performing recursive name server. Initial benchmark testing has shown Unbound to offer up to 2x the performance over other name servers (with or without DNSSEC Validation enabled). Unbound essentially has two (2) modes of operation: - Threaded mode uses the Libevent cross compiled wrapper library for added scalability - Forked mode allows Unbound to operate unthreaded and forks separate processes
Supports DNSSEC validation
Unbound was designed to perform DNSSEC validation, a mechanism to protect DNS data, from the ground up. DNSSEC validation is not implemented as a plug-in or bolt-on like some other DNS management software. Additional features for trust anchor management (RFC 5011) are in the works and that will only serve to enhance an already great product.
Adds software diversity
Enterprise customers and ISPs can now introduce a proven and reliable alternative to BIND for providing a validating, recursive, caching-only layer of DNS servers with Unbound. Unbound introduces software diversity to the masses. Software and code diversity allow us to mix different DNS vendor solutions to provide the same or better service. A bug in one vendor’s product will not likely be visible in the others.
Because Unbound was coded to be a validating, recursive, and caching resolver, it doesn’t suffer from split- or dual personalities that oth DNS server solutions do. Unbound is, for the most part, a single-purpose server. Since Unbound is not authoritative for data, the code and function becomes simplified. There is no code to support Dynamic DNS updates, or zone transfers, etc. Instead, this single purpose server is best-in-class at what it was coded to support: recursion, validation, and caching resolution.
Unbound has not skimped on DNS Security at the expense of simplicity and performance. On the contrary. Unbound is feature-rich with DNS Security with its harden-glue, access control, max randomness for query ID and ports, response scrubbing, case preservation, and Denial of Service or DoS protection features. These are just some of the features that make Unbound one of the most secure DNS server implementations.
Unbound has been ported to run on a wide range of hardware OS platforms, including Linux, BSD, Solaris SPARC and X86, MacOS/X, and Windows. Windows 32-bit pre-compiled binary packages are available directly from NLnet Labs, or you can download the source package and compile it yourself.
How Does Micetro Work with Unbound?
Micetro will connect to Unbound as it would any DNS server to pull information into the Micetro overlay solution.
Once the Unbound server is added you get centralized visibility and control of all your Unbound DNS information along with any other DNS information you’re pulling in from any other DNS server. This information is synced regularly, according to your IT policies, or may be manually synced when necessary.
While Unbound does offer APIs, using the Micetro API will allow you to create consistent workflows for automated network management in your entire DDI environment. Micetro essentially creates a standardized API through the overlay, or abstraction layer, so that you can use the same workflow no matter where your workloads reside.