Evaluation of validating resolvers on Linux: Unbound and Knot Resolver recommended

Tore Anderson, Senior Systems Consultant at Redpill Linpro, has evaluated six widely used DNSSEC-validating resolvers: Bind, Dnsmasq, Knot Resolver, PowerDNS Recursor, systemd-resolved and Unbound. He considered how well (strictly) the software worked, as well as support for recursion (as opposed to stub resolvers), private domains and negative trust anchors (NTAs). Because his evaluation was performed using the Linux platform (Fedora 30 and Ubuntu 19.04), he additionally looked at integration with NetworkManager.

One of Anderson's most significant findings was serious bugs in the basic functionality (validation results) of systemd-resolved and Dnsmasq. Unbound and the Knot Resolver emerged as highly recommended. Anderson reported that the latest versions of PowerDNS Recursor and Bind worked well too, but had no advantages over Unbound or the Knot Resolver. Read Anderson's full evaluation report.

  • Tuesday 30 October 2018

    Internet security

    Unique study sheds light on DDoS attacks


    Greater insight can promote cooperation in the chain

    Read more
  • Friday 20 April 2018

    About SIDN

    A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure


    Acting reactively and individually is insufficient

    Read more
  • Thursday 31 May 2018

    SIDN Labs

    New stats site!


    Insight into the use of .nl

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.