Evaluation of validating resolvers on Linux: Unbound and Knot Resolver recommended

Tore Anderson, Senior Systems Consultant at Redpill Linpro, has evaluated six widely used DNSSEC-validating resolvers: Bind, Dnsmasq, Knot Resolver, PowerDNS Recursor, systemd-resolved and Unbound. He considered how well (strictly) the software worked, as well as support for recursion (as opposed to stub resolvers), private domains and negative trust anchors (NTAs). Because his evaluation was performed using the Linux platform (Fedora 30 and Ubuntu 19.04), he additionally looked at integration with NetworkManager.

One of Anderson's most significant findings was serious bugs in the basic functionality (validation results) of systemd-resolved and Dnsmasq. Unbound and the Knot Resolver emerged as highly recommended. Anderson reported that the latest versions of PowerDNS Recursor and Bind worked well too, but had no advantages over Unbound or the Knot Resolver. Read Anderson's full evaluation report.

  • Thursday 11 April 2019

    .nl domain name

    Is domaining a good thing or not?


    .au plans to actively enforce ban on domaining

    Read more
  • Thursday 23 May 2019

    About SIDN

    SIDN Fund helps ten more Pioneer Projects get started

    Thumbnail SIDN fonds

    New wave of internet initiatives unveiled

    Read more
  • Wednesday 30 January 2019

    About SIDN

    Developers want to clean up DNS software code


    "Nearly a quarter of the code is now for workarounds and corner cases"

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.