Deploy360 18 October 2013

DNS Servers Supporting DNSSEC

When you install a DNS “server” on your network, it generally acts as either: 1) an “authoritative server” serving out DNS records on behalf of a zone; or 2) a “recursive nameserver” (also called a “caching nameserver“, a “caching recursive nameserver” or simply a “resolver“) that performs DNS queries.

The following DNS software is known to support DNSSEC.  If you have additions, please contact us.

[EDITORIAL NOTE: This page is still a work in progress.  Individual pages are being created for each of the servers listed that will link to the server website but also to specific pages and tutorials about using that server with DNSSEC.]

Authoritative DNS servers

The following DNS servers can serve out DNSSEC-signed zones and typically also include mechanisms for directly performing DNSSEC-signing within the software (listed alphabetically):

  • BIND
  • Knot DNS
  • Microsoft Windows Server 2012
  • NSD
  • PowerDNS

Recursive DNS servers (a.k.a. “resolvers”)

The following DNS servers can perform validation of DNSSEC signatures when performing DNS queries (listed alphabetically):

  • BIND
  • Microsoft Windows Server 2012
  • Unbound

If you know of additional software we should list here, please contact us.

Related articles

Deploy360 1 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map...

Deploy360 1 March 2019

IPv6 Security for IPv4 Engineers

This document provides an overview of IPv6 security that is specifically aimed at IPv4 engineers and operators. Rather than...

Deploy360 27 February 2019

Introduction to DNS Privacy

Abstract Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to...