explaingit

nlnetlabs/unbound

4,531CAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

A self-hosted DNS resolver that validates, caches, and recursively resolves domain names, run your own secure DNS server instead of relying on your internet provider's.

Mindmap

mindmap
  root((Unbound DNS))
    What it does
      Resolves domain names
      Validates with DNSSEC
      Caches lookups
    How it works
      Recursive resolver
      unbound.conf config
      C server software
    Use Cases
      Self-hosted DNS
      Network privacy
      DNS security
    Maintenance
      NLnet Labs
      Mailing list support
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run your own DNS resolver on a server or home network instead of using your ISP's DNS.

USE CASE 2

Enable DNSSEC validation so your DNS resolver rejects forged or tampered DNS records.

USE CASE 3

Cache DNS responses locally on your network to speed up repeated domain lookups.

USE CASE 4

Compile Unbound from source to deploy a custom or patched DNS resolver on a server.

Tech stack

C

Getting it running

Difficulty · hard Time to first run · 1h+

Server software written in C, requires compilation from source or package manager install, then manual configuration via unbound.conf with extensive options documented in an external manual.

No license information was mentioned in the explanation.

In plain English

Unbound is a DNS resolver, which is a piece of software responsible for looking up website addresses on the internet. When you type a domain name into a browser, your computer needs to translate that name into a numerical address. A DNS resolver handles that translation. Unbound is the program that does this work for a server or network that wants to run its own resolver rather than relying on one provided by an internet service provider. Unbound is described as validating, recursive, and caching. Validating means it checks the authenticity of DNS records using a system called DNSSEC, which helps protect against certain kinds of attacks where someone might redirect your traffic to a fake website. Recursive means it does the full chain of lookups on your behalf, tracing the answer from the top-level naming authorities down to the specific record you need. Caching means it saves the results of those lookups so repeated requests for the same address are answered quickly without going back out to the internet. The project is maintained by NLnet Labs, a non-profit organization focused on internet infrastructure. It is written in C and is designed to run on servers. The README is brief and mostly covers compilation steps for developers who want to build it from source. Configuration is handled through a file called unbound.conf, and the full list of options is documented in an external manual. Feedback and questions go through a mailing list or GitHub issues.

Copy-paste prompts

Prompt 1
Walk me through installing and configuring Unbound as a local DNS resolver on Ubuntu. Include a minimal unbound.conf that enables caching and DNSSEC validation.
Prompt 2
How do I set up Unbound to block ads and tracking domains at the DNS level for my home network?
Prompt 3
Explain DNSSEC validation in plain English, what attack does it protect against and how does Unbound verify a DNS record is authentic?
Prompt 4
How do I compile Unbound from source on Linux? What dependencies do I need and what configure flags are important for a production setup?
Prompt 5
How do I test that my Unbound resolver is working correctly and that DNSSEC validation is active? What commands should I run?
Open on GitHub → Explain another repo

← nlnetlabs on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.