Donate
‹ Back
Domain Name System (DNS) 18 October 2013

DNS Servers Supporting DNSSEC

When you install a DNS “server” on your network, it generally acts as either: 1) an “authoritative server” serving out DNS records on behalf of a zone; or 2) a “recursive nameserver” (also called a “caching nameserver“, a “caching recursive nameserver” or simply a “resolver“) that performs DNS queries.

The following DNS software is known to support DNSSEC.  If you have additions, please contact us.

[EDITORIAL NOTE: This page is still a work in progress.  Individual pages are being created for each of the servers listed that will link to the server website but also to specific pages and tutorials about using that server with DNSSEC.]

Authoritative DNS servers

The following DNS servers can serve out DNSSEC-signed zones and typically also include mechanisms for directly performing DNSSEC-signing within the software (listed alphabetically):

  • BIND
  • Knot DNS
  • Microsoft Windows Server 2012
  • NSD
  • PowerDNS

Recursive DNS servers (a.k.a. “resolvers”)

The following DNS servers can perform validation of DNSSEC signatures when performing DNS queries (listed alphabetically):

  • BIND
  • Microsoft Windows Server 2012
  • Unbound

If you know of additional software we should list here, please contact us.

‹ Back

Related articles

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)
Deploy36011 November 2013

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)

An Internet Service Provider needs to offer high value while containing costs. One way to increase your services' value is...

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

Join the conversation with Internet Society members around the world