 |
Press Release |
|
|
New Open Source DNS Server Released Today
Unbound – A Secure, High-Performance Alternative to BIND – Makes its
Debut within Open Source Community
Oxford, UK – May 20, 2008 – Unbound – a new open source alternative
to the BIND domain name system (DNS) server– makes its worldwide debut
today with the public release of Unbound 1.0 at http://unbound.net.
Released to open source developers by NLnet Labs,
VeriSign, Inc. (NASDAQ: VRSN), Nominet, and Kirei, Unbound is a validating,
recursive, and caching DNS server designed as a high-performance alternative
for BIND (Berkeley Internet Name Domain). Unbound will be supported
by NLnet Labs.
An essential component of the Internet, the DNS ties
domain names (such as www.verisign.com)
to the IP addresses and other information that Web browsers need to
access and interact with specific sites. Though it is unknown to the
vast majority of Web users, DNS is at the heart of a range of Internet-based
services beyond Web browsing, including email, messaging and Voice Over
Internet Protocol (VOIP) telecommunications.
Although BIND has been the de facto choice for DNS
servers since the 1980s, a desire to seek an alternative server that
excels in security, performance and ease of use prompted an effort to
develop an open source DNS implementation. Unbound is the result of
that effort. Mostly deployed by ISPs and enterprise users, Unbound will
also be available for embedding in customer devices, such as dedicated
DNS appliances and ADSL modems.
By making Unbound code available to open source developers,
its originators hope to enable rapid development of features that have
not traditionally been associated with DNS. One is an implementation
of DNSSEC, a security enhancement that Unbound adds to the DNS protocol
and that is essential to help protect DNS transactions. The only open
source DNS implementations that support the DNSSEC standard are Unbound
and BIND.
"We have released the software under the BSD
license that allows use in other products without any major restrictions,”
said Olaf Kolkman, director of NLnet Labs, a not-for-profit research
and development foundation in the Netherlands. “We hope that making
our software freely available will aid the deployment of DNSSEC, which
fits straight into NLnet Labs charter.”
"Although simplicity and performance have always
been primary goals for Unbound, we have placed extra attention on security
features, particularly since DNSSEC is not yet deployed widely,” said
Wouter Wijngaards, lead Unbound developer at NLnet Labs. “Unbound provides
defences against forgery while suffering minimal degradation in performance.
In addition, we have worked hard to produce well documented, readable
and elegant code. With that we try to make the barrier for security
audit and code review as low as possible."
Four Years in the Making
Unbound was architected in January of 2004 by Jakob Schlyter
of Kirei and Roy Arends of Nominet. VeriSign and EP.Net funded development
of the prototype, which was built by David Blacka and Matt Larson of
VeriSign. Late in 2006, NLnet Labs joined the effort, writing an implementation
in C based on the existing prototype and using experience NLnet Labs
gained during the development of NSD, a DNS server targeted at information
publishers.
"The prototype of Unbound demonstrated that we
had made good architectural decisions and that the complex security
algorithms worked. The Java implementation, however, would never be
able to meet the performance characteristics that real-world use would
demand," said David Blacka, senior research engineer at VeriSign.
Roy Arends, Senior Researcher at Nominet UK, said
the Unbound prototype served “to swiftly test new interoperability of
DNS protocol extensions. The original modular design has proved to work
well and kept the overall design straightforward and clean. The Java
prototype was used for several new DNS protocol features in use today.”
"The prototype was too promising to shelve. We
were happy NLnet Labs could commit to the development of the C version
of Unbound,” said Matt Larson, director of DNS Research at VeriSign.
“NLnet Labs has the appropriate expertise and are committed to continue
support for Unbound.”
"Nominet is pleased that the C version of unbound
is built with the same dedication and by the same team that brought
us NSD,” added Nominet’s Arends.
‘Fastest
caching server we tested’
During its development phase, Unbound was tested extensively
at NLnet Labs. Meanwhile, a number of volunteers have deployed development
releases in their labs and production networks.
"We are very impressed with Unbound,” said Jan-Piet
Mens, author of the forthcoming book, "Alternative DNS Servers.”
“It is great code, very versatile, and it is the fastest caching server
we tested."
NLnet Labs offers support for Unbound through a bug-tracking
system and user mailing lists. "We realise that people will run
this code in critical environments, and NLnet Labs is committed to actively
supporting Unbound,” added NLnet Lab’s Kolkman. “Should we ever cease
to support Unbound, we will announce this at least two years in advance".
Unbound runs on posix-based operating systems such
as Linux, MacOS X, FreeBSD, and Solaris. The code, its documentation,
and additional information are all freely available for download at http://unbound.net/.
About NLnet Labs
NLnet Labs (http://www.nlnetlabs.nl),
founded in 1999 by the NLnet Foundation, is a research and development
foundation that focuses on those developments in Internet technology
where bridges between theory and practical deployment need to be build;
areas where development, engineering, and standardization takes place.
NLnet Labs strives to play an active and relevant role in these areas
through the development of open source software, through participating
in development of open standards, and through the dissemination of knowledge.
Within that context NLnet Labs has become a recognised expertise centre
in the area of DNS and DNSSEC. NLnet Labs' DNS software has found its
way to important components of the Internet infrastructure and we contribute
actively in multiple facets of the standards development process. A
subsidy from the NLnet Foundation (http://www.nlnet.nl/)
is the main source of income for NLnet Labs.
About VeriSign
VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet
infrastructure services for the networked world. Billions of times each
day, VeriSign helps companies and consumers all over the world engage in
communications and commerce with confidence. Additional news and information
about the company is available at www.verisign.com.
About Nominet
Nominet UK operates at the heart of e-commerce in the UK, running
one of the world’s largest Internet registries and managing over six
million domain names. With highly respected industry credentials it
is entrusted with the safe, stable and secure management of the .uk
Internet name space. Nominet runs the technology which locates a computer
on the Internet hosting the web site or email system you are looking
for when you type in a web address or send an email that ends in .uk.
Nominet is a not-for-profit company with members instead
of shareholders and is recognised as the .uk domain name registry by
the Internet industry and the UK Government. It is not a governing or
regulatory body, but provides a public service for the .uk namespace
on behalf of the UK Internet community.
About Kirei
Kirei AB (http://www.kirei.se),
founded in 2005 by Jakob Schlyter and Fredrik Ljunggren, is a consultancy
company with its main focus on information security management and network
architectures. The Kirei founders has been working with DNS and DNS
Security within the IETF community since 1999 and has played an active
role in the DNSSEC standardization process as well in the deployment
of DNSSEC in several top level domains.
Contacts
VeriSign Media Relations: Victoria Henry, vhenry@verisign.com,
+44 20 8600 0723
Weber Shandiwck for VeriSign: Lydia Curtis, clcurtis@webershandwick.com,
+44 207 067 0513
VeriSign Investor Relations: Nancy Fazioli, nfazioli@verisign.com,
+1 650 426 5416
NLnet Labs: labs@nlnetlabs.nl,
+31 20 888 4551
For Nominet: Gemma Griffiths, nominet@racepointgroup.co.uk,
Racepoint Group UK, +44 020 8752 3200
Kirei: info@kirei.se
Statements in this
announcement other than historical data and information constitute forward-looking
statements within the meaning of Section 27A of the Securities Act of
1933 and Section 21E of the Securities Exchange Act of 1934. These statements
involve risks and uncertainties that could cause VeriSign's actual results
to differ materially from those stated or implied by such forward-looking
statements. The potential risks and uncertainties include, among others,
the uncertainty of future revenue and profitability and potential fluctuations
in quarterly operating results due to such factors as the inability
of VeriSign to successfully develop and market new products and services
and customer acceptance of any new products or services, including VeriSign
domain name services and infrastructure; the possibility that VeriSign’s
announced new services may not result in additional customers, profits
or revenues; and increased competition and pricing pressures. More information
about potential factors that could affect the company's business and
financial results is included in VeriSign's filings with the Securities
and Exchange Commission, including in the company's Annual Report on
Form 10-K for the year ended December 31, 2007 and quarterly reports
on Form 10-Q. VeriSign undertakes no obligation to update any of the
forward-looking statements after the date of this press release.
©2008 VeriSign, Inc.,
NLnet Labs and Nominet. All rights reserved. VeriSign, the VeriSign
logo, the checkmark circle, and other trademarks, service marks, and
designs are registered or unregistered trademarks of VeriSign, Inc.,
and its subsidiaries in the United States and in foreign countries.
All other trademarks are property of their respective owners.
|
|
