New Open Source DNS Server Released Today
Unbound – A Secure, High-Performance Alternative to BIND – Makes its
Debut within Open Source Community
Amsterdam, The Netherlands, Oxford, UK and Mountain View, CA – May
20, 2008 – Unbound – a new open source alternative to the BIND
domain name system (DNS) server– makes its worldwide debut today with
the public release of Unbound 1.0 at http://unbound.net.
Released to open source developers by NLnet Labs,
VeriSign, Inc. (NASDAQ: VRSN), Nominet, and Kirei, Unbound is a validating,
recursive, and caching DNS server designed as a high-performance alternative
for BIND (Berkeley Internet Name Domain). Unbound will be supported
by NLnet Labs.
An essential component of the Internet, the DNS ties
domain names (such as www.verisign.com)
to the IP addresses and other information that Web browsers need to
access and interact with specific sites. Though it is unknown to the
vast majority of Web users, DNS is at the heart of a range of Internet-based
services beyond Web browsing, including email, messaging and Voice Over
Internet Protocol (VOIP) telecommunications.
Although BIND has been the de facto choice for DNS
servers since the 1980s, a desire to seek an alternative server that
excels in security, performance and ease of use prompted an effort to
develop an open source DNS implementation. Unbound is the result of
that effort. Mostly deployed by ISPs and enterprise users, Unbound will
also be available for embedding in customer devices, such as dedicated
DNS appliances and ADSL modems.
By making Unbound code available to open source developers,
its originators hope to enable rapid development of features that have
not traditionally been associated with DNS. One is an implementation
of DNSSEC, a security enhancement that Unbound adds to the DNS protocol
and that is essential to help protect DNS transactions. The only
open source DNS implementations that support the DNSSEC standard are
Unbound and BIND.
"We have released the software under the BSD
license that allows use in other products without any major restrictions,”
said Olaf Kolkman, director of NLnet Labs, a not-for-profit research
and development foundation in the Netherlands. “We hope that making
our software freely available will aid the deployment of DNSSEC, which
fits straight into NLnet Labs charter.”
"Although simplicity and performance have always
been primary goals for Unbound, we have placed extra attention on security
features, particularly since DNSSEC is not yet deployed widely,” said
Wouter Wijngaards, lead Unbound developer at NLnet Labs. “Unbound
provides defenses against forgery while suffering minimal degradation
in performance. In addition, we have worked hard to produce well
documented, readable and elegant code. With that we try to make the
barrier for security audit and code review as low as possible."
Four Years in the Making
Unbound was architected in January of 2004 by Jakob Schlyter of Kirei
and Roy Arends of Nominet. VeriSign and EP.Net funded development of
the prototype, which was built by David Blacka and Matt Larson of VeriSign.
Late in 2006, NLnet Labs joined the effort, writing an implementation
in C based on the existing prototype and using experience NLnet Labs
gained during the development of NSD, a DNS server targeted at information
publishers.
"The prototype of Unbound demonstrated that we
had made good architectural decisions and that the complex security
algorithms worked. The Java implementation, however, would never be
able to meet the performance characteristics that real-world use would
demand," said David Blacka, senior research engineer at VeriSign.
Roy Arends, Senior Researcher at Nominet UK, said
the Unbound prototype served “to swiftly test new interoperability of
DNS protocol extensions. The original modular design has proved to work
well and kept the overall design straightforward and clean. The Java
prototype was used for several new DNS protocol features in use today.”
"The prototype was too promising to shelve. We
were happy NLnet Labs could commit to the development of the C version
of Unbound,” said Matt Larson, director of DNS Research at VeriSign.
“NLnet Labs has the appropriate expertise and are committed to continue
support for Unbound.”
"Nominet is pleased that the C version of unbound
is built with the same dedication and by the same team that brought
us NSD,” added Nominet’s Arends.
‘Fastest
caching server we tested’
During its development phase, Unbound was tested extensively at NLnet
Labs. Meanwhile, a number of volunteers have deployed development releases
in their labs and production networks.
"We are very impressed with Unbound,” said Jan-Piet
Mens, author of the forthcoming book, "Alternative DNS Servers.”
“It is great code, very versatile, and it is the fastest caching server
we tested."
NLnet Labs offers support for Unbound through a bug-tracking
system and user mailing lists. "We realize that people will run
this code in critical environments, and NLnet Labs is committed to actively
supporting Unbound,” added NLnet Lab’s Kolkman. “Should we ever cease
to support Unbound, we will announce this at least two years in advance".
Unbound runs on posix-based operating systems such
as Linux, MacOS X, FreeBSD, and Solaris. The code, its documentation,
and additional information are all freely available for download at http://unbound.net/.
About NLnet Labs
NLnet Labs (http://www.nlnetlabs.nl), founded in 1999 by the NLnet
Foundation, is a research and development foundation that focuses on
those developments in Internet technology where bridges between
theory and practical deployment need to be build; areas where
development, engineering, and standardization takes place. NLnet
Labs strives to play an active and relevant role in these areas through
the development of open source software, through participating in development
of open standards, and through the dissemination of knowledge. Within
that context NLnet Labs has become a recognized expertise centre in
the area of DNS and DNSSEC. NLnet Labs' DNS software has found
its way to important components of the Internet infrastructure and we
contribute actively in multiple facets of the standards development
process. A subsidy from the NLnet Foundation (http://www.nlnet.nl/)
is the main source of income for NLnet Labs.
About VeriSign
VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure
services for the networked world. Billions of times each day, VeriSign
helps companies and consumers all over the world engage in communications
and commerce with confidence. Additional news and information about
the company is available at www.verisign.com.
About Nominet
Nominet UK operates at the heart of e-commerce in the UK, running one
of the world’s largest Internet registries and managing over six million
domain names. With highly respected industry credentials it is entrusted
with the safe, stable and secure management of the .uk Internet name
space. Nominet runs the technology which locates a computer on the Internet
hosting the web site or email system you are looking for when you type
in a web address or send an email that ends in .uk.
Nominet is a not-for-profit company with members instead
of shareholders and is recognized as the .uk domain name registry by
the Internet industry and the UK Government. It is not a governing or
regulatory body, but provides a public service for the .uk namespace
on behalf of the UK Internet community.
About Kirei
Kirei AB (http://www.kirei.se), founded in 2005 by Jakob Schlyter and
Fredrik Ljunggren, is a consultancy company with its main focus on information
security management and network architectures. The Kirei founders
has been working with DNS and DNS Security within the IETF community
since 1999 and has played an active role in the DNSSEC standardization
process as well in the deployment of DNSSEC in several top level domains.
Contacts
VeriSign Media Relations: Rufus Manning, rmanning@verisign.com,
+1.703.948.4126
VeriSign Investor Relations: Nancy Fazioli, nfazioli@verisign.com,
+1.650.426.5416
NLnet Labs: labs@nlnetlabs.nl,
+31 20 888 4551
For Nominet: Gemma Griffiths, nominet@racepointgroup.co.uk,
Racepoint Group UK, +44 020 8752 3200
Kirei: info@kirei.se
Statements in this announcement other than historical
data and information constitute forward-looking statements within the
meaning of Section 27A of the Securities Act of 1933 and Section 21E
of the Securities Exchange Act of 1934. These statements involve risks
and uncertainties that could cause VeriSign's actual results to differ
materially from those stated or implied by such forward-looking statements.
The potential risks and uncertainties include, among others, the uncertainty
of future revenue and profitability and potential fluctuations in quarterly
operating results due to such factors as the inability of VeriSign to
successfully develop and market new products and services and customer
acceptance of any new products or services, including VeriSign domain
name services and infrastructure; the possibility that VeriSign’s
announced new services may not result in additional customers, profits
or revenues; and increased competition and pricing pressures. More information
about potential factors that could affect the company's business and
financial results is included in VeriSign's filings with the Securities
and Exchange Commission, including in the company's Annual Report on
Form 10-K for the year ended December 31, 2007 and quarterly reports
on Form 10-Q. VeriSign undertakes no obligation to update any of the
forward-looking statements after the date of this press release.
©2008 VeriSign, Inc., NLnet Labs and Nominet.
All rights reserved. VeriSign, the VeriSign logo, the checkmark circle,
and other trademarks, service marks, and designs are registered or unregistered
trademarks of VeriSign, Inc., and its subsidiaries in the United States
and in foreign countries. All other trademarks are property of their
respective owners.
Worldwide Sites
