Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit the amount of data exchanged with authoritative servers. These standards do not only improve privacy but also help making the DNS more robust. The most important are Query Name Minimisation, the Aggressive Use of DNSSEC-Validated Cache and support for authority zones, which can be used to load a copy of the root zone.
Unbound runs on FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows, with packages available for most platforms. It is included in the base-system of FreeBSD and OpenBSD and in the standard repositories of most Linux distributions. Installation and configuration is designed to be easy. Setting up a resolver for your machine or network can be done with only a few lines of configuration.
It is free, open source software under the BSD license. The guiding principles for our product development roadmap are first and foremost the security and privacy of the user. In addition, all functionality must be backed by well established open standards. We continually improve the functionality of Unbound for all of our users. This means we do not make custom builds or provide specific features to paying customers only. Our priorities are guided by the feedback of our user base, in particular those users with a support contract, as well as the wider Internet community. Sponsored functionality will be given a higher priority where possible and is evaluated on a case-by-case basis.