Evaluation of validating resolvers on Linux: Unbound and Knot Resolver recommended

"Systemd-resolved and Dnsmasq have serious bugs"

Tore Anderson, Senior Systems Consultant at Redpill Linpro, has evaluated six widely used DNSSEC-validating resolvers: Bind, Dnsmasq, Knot Resolver, PowerDNS Recursor, systemd-resolved and Unbound. He considered how well (strictly) the software worked, as well as support for recursion (as opposed to stub resolvers), private domains and negative trust anchors (NTAs). Because his evaluation was performed using the Linux platform (Fedora 30 and Ubuntu 19.04), he additionally looked at integration with NetworkManager.

One of Anderson's most significant findings was serious bugs in the basic functionality (validation results) of systemd-resolved and Dnsmasq. Unbound and the Knot Resolver emerged as highly recommended. Anderson reported that the latest versions of PowerDNS Recursor and Bind worked well too, but had no advantages over Unbound or the Knot Resolver. Read Anderson's full evaluation report.

  • Tuesday 12 February 2019

    About SIDN

    IPv6 is vital for the Internet of Things


    Netherlands risks missing the boat

    Read more
  • Thursday 28 November 2019

    About SIDN

    Satisfaction with SIDN remains high


    Registrars give our services 8.3 out of ten

    Read more
  • Thursday 21 March 2019

    About SIDN

    Suggestion tool launched at Start-ups Day


    With more than five million tips, the .nl suggestion tool is the ideal way to find a new domain name for your business

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.