When you install a DNS “server” on your network, it generally acts as either: 1) an “authoritative server” serving out DNS records on behalf of a zone; or 2) a “recursive nameserver” (also called a “caching nameserver“, a “caching recursive nameserver” or simply a “resolver“) that performs DNS queries.
The following DNS software is known to support DNSSEC. If you have additions, please contact us.
[EDITORIAL NOTE: This page is still a work in progress. Individual pages are being created for each of the servers listed that will link to the server website but also to specific pages and tutorials about using that server with DNSSEC.]
Authoritative DNS servers
The following DNS servers can serve out DNSSEC-signed zones and typically also include mechanisms for directly performing DNSSEC-signing within the software (listed alphabetically):
- BIND
- Knot DNS
- Microsoft Windows Server 2012
- NSD
- PowerDNS
Recursive DNS servers (a.k.a. “resolvers”)
The following DNS servers can perform validation of DNSSEC signatures when performing DNS queries (listed alphabetically):
- BIND
- Microsoft Windows Server 2012
- Unbound
If you know of additional software we should list here, please contact us.