RCFs
http://www.statdns.com/rfc/
DNS resources A collection of DNS related resources
DNS Servers
| Name | Description |
|---|---|
| BIND | The most widely used DNS software on the Internet |
| Bundy | Integrated authoritative DNS and DHCP server (the continuation of the BIND 10) |
| Dnsmasq | A lightweight, easy to configure DNS forwarder and DHCP server |
| Knot DNS | Knot DNS is a high-performance authoritative-only DNS server |
| MaraDNS | A small open-source DNS server |
| NSD | NSD (Name Server Daemon) : authoritative only, high performance name server |
| PowerDNS | A versatile nameserver which supports a large number of backends |
| SheerDNS | Light-weight, simple and fast DNS server, written with security in mind |
| Unbound | A validating, recursive, and caching DNS resolver |
| YADIFA | A name server implementation developed from scratch by .eu |
DNS Libraries
| Name | Description |
|---|---|
| c-ares | C library that performs DNS requests and name resolves asynchronously |
| dns.c | Asynchronous DNS and SPF Resolver |
| dnsjava | An implementation of DNS in Java |
| dnspython | A DNS toolkit for Python |
| getdns | A modern and asynchronous DNS API with DNSSEC support |
| GNU adns | Advanced, easy to use, asynchronous-capable DNS client library and utilities |
| Go DNS | DNS library in Go |
| JDNS | A simple DNS implementation written in C with no direct dependencies |
| ldns | C library to simplify DNS programming, supporting DNSSEC |
| Net::DNS | DNS resolver implemented in Perl |
DNS Tools
| Name | Description |
|---|---|
| Atomia DNS | An open source and free to use DNS management system |
| Bind Guard | Protect your BIND-based DNS server (Blocking DDoS Attacks and DNS Amplification) |
| DNS Flood Detector | A tool to detect abusive usage levels on high traffic nameservers |
| dines | The definitive DNS packet forger |
| dnscap | Network capture utility designed specifically for DNS traffic |
| dnscat2 | DNS tunnel, allowing two hosts over the Internet to talk to each other |
| dnstap | A flexible, structured binary log format (using Protocol Buffers) for DNS software |
| DNSCheck | DNS delegation quality checker |
| DNSChef | A highly configurable DNS proxy for Penetration Testers and Malware Analysts |
| DNSCurve | Usable security for DNS |
| DNSCrypt | A tool for securing communications between a client and a DNS resolver |
| dnsdist | Highly DNS-, DoS- and abuse-aware loadbalancer |
| dnslogger | A tool for doing Passive DNS Replication |
| dnsmap | Passive DNS network mapper a.k.a. subdomains bruteforcer |
| DNSharness | A framework for funcational testing of multiple name server implementations |
| DNSmezzo | A framework for the capture and analysis of DNS packets |
| Dq | DNS and DNSCurve related software package |
| DSCng | DNS server monitoring application |
| DNSPerf | A tool to gather accurate latency and throughput metrics for DNS |
| DNSQuerySniffer | DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your Windows system |
| DNSSEC-Tools | A set of tools and plugins that will help ease the deployment of DNSSEC |
| dnsSnoopy | A tool made to snoop DNS cache and check if some domains have been resolved before |
| dnstop | A curses-based application that displays various tables of DNS statistics |
| DNSViz | A DNS visualization tool |
| DNSwitness | DNSwitness is a AFNIC scientific program to gather information from the DNS |
| Domain Name Relay Daemon | Domain Name Relay Daemon is a caching, forwarding DNS proxy server |
| DSC | A system for collecting and exploring statistics from busy DNS servers |
| ext-Dns | A toolkit to build DNS servers |
| Fastresolve | Package to process web log files to get DNS and domain ownership information |
| fpdns | A fpdns is a program that remotely determines DNS server versions |
| GitNamed | A project that manage name servers with Git |
| iodine | Tunnel IPv4 data through a DNS server (IP over DNS) |
| myresolver | Displays the source IP address of the recursive DNS resolver currently in use |
| namebench | Open source DNS Benchmark Utility |
| NicTool | An open source DNS management solution |
| nsdiff | Create an "nsupdate" script from DNS zone file differences |
| nsnotifyd | Handle DNS NOTIFY messages by running a command |
| openresolv | DNS management framework |
| PassiveDNS | A network sniffer that logs all DNS server replies for use in a passive DNS setup |
| RRDA | REST API written in Go allowing to perform DNS queries over HTTP |
| Sentry | A DNS proxy that allows you to inspect, block, rewrite, redirect and resolve queries in-flight |
| sshfp | Generate DNS SSHFP records from SSH public keys |
| StatZone | DNS zone file analyzer targeted at TLD zones |
| validns | A high performance DNS/DNSSEC zone validator |
| YAZVS | Yet Another Zone Validation Script |
| ZoneCheck | DNS zone checking tool |
| Zonemaster | Major rewrite of DNSCheck from .SE and Zonecheck from AFNIC |
| zsu | Update serial numbers in DNS zone files |
DNSSEC Resources
| Name | Description |
|---|---|
| DNSSEC Course | A one hour video course about DNSSEC, presented by Bert Hubert (PowerDNS) |
| DNSSEC Hardware Tester | A software project allowing to test network devices for DNSSEC compatibility |
| DNSSEC Infrastructure Audit Framework | A framework under which to conduct a review or audit of the DNSSEC related aspects of a registry and authoritative DNS name server service operation |
| DNSSEC Reference Card | A DNSSEC reference card covering BIND, NSD, Unbound, and PowerDNS |
| DNSSEC Signer migration | Signer migration : a step-by-step guide |
| Deploying DNSSEC | White paper covering the implemention of DNSSEC validation on DNS resolvers |
| Deploying DNSSEC: what, how and where | An introduction guide about DNSSEC released by AFNIC |
| Costs of DNSSEC Deployment | A study on the costs of DNSSEC deployment |
| Good Practices on deploying DNSSEC | A good practices guide for deploying DNSSEC |
| Recommendations for DNSSEC deployment | Recommendations for DNSSEC deployment at municipal administrations and similar organisations |
| Secure DNS Deployment Guide | NIST Secure Domain Name System (DNS) Deployment Guide |
| BIND DNSSEC Guide | Introductory information on how DNSSEC works, how to configure BIND to support it |
DNSSEC Tools
| Name | Description |
|---|---|
| DNSSEC Validator | DNSSEC Validator add-on for Web Browsers |
| OpenDNSSEC | Open Source software that manages the security of domain names on the Internet |
| ZKT (Zone Key Tool) | A tool to manage keys and signatures for DNSSEC-zones |
| jdnssec-tools | A collection of Java-based DNSSEC command line tools |
DANE Tools
| Name | Description |
|---|---|
| DANE Patrol | A fork of Certificate Patrol which brings in implementation of RFC 6698 (DANE) to validate SSL/TLS certificates |
| DANE Validator | A tool attempting to perform validation of a TLSA/PKI pair, according to the DANE internet standard |
| danish | A tool for generating TLSA records and checking certain properties of certificates |
IANA Resources
| Name | Description |
|---|---|
| DNS Parameters | Domain Name System (DNS) Parameters |
| DNSSEC Algorithm Numbers | Domain Name System Security (DNSSEC) Algorithm Numbers |
| IANA TLD list | List of all TLDs in the root zone, updated daily |
| Root Zone Database | The Root Zone Database represents the delegation details of top-level domains |
Other resources
| Name | Description |
|---|---|
| AS112 Project | Providing a clean, well lit destination for DNS queries concerning RFC1918 and other Special Use networks |
| DNSCurve Community | A community for DNSCurve users |
| DNS LOC | Geo-enabling the Domain Name System |
| DNS LOC | Create DNS LOC records using Google Maps |
| FRED | A set of open source software for running distributed domain registry |
| Generic NIC | A project trying to gather in one place all the documents that could be useful for a new NIC |
| Public Suffix List | A cross-vendor initiative to provide an accurate list of domain name suffixes |
| Root Servers | Root Server Technical Operations Association |
| Yeti DNS Project | A Live Root DNS Server System Testbed |
Organizations
| Name | Description |
|---|---|
| APTLD | Asia Pacific Top Level Domain Association |
| ccNSO | Country Code Names Supporting Organisation |
| CENTR | Council of European National Top Level Domain Registries |
| DNS-OARC | The DNS Operations, Analysis, and Research Center |
| IANA | Internet Assigned Numbers Authority |
| ICANN | Internet Corporation for Assigned Names and Numbers |
| ICANN | ICANN DNS Operations |
| InterNIC | Public Information Regarding Internet Domain Name Registration Services |
Audio resources
| Name | Description |
|---|---|
| Ask Mr. DNS Podcast | Matt Larson and Cricket Liu expound on DNS and other topics |
| BSDtalk 206 | Interview with Peter Losher from the Internet Systems Consortium |
| HPR 1413 | Interview with Bert Hubert from PowerDNS |
Books
| Name | Description |
|---|---|
| Alternative DNS Servers | A very complete book covering open source DNS Servers and running DNS operations |
| DNS for Rocket Scientists | An Open Source book about DNS, offering a very good and detailed introduction on the topic |
Video resources
| Name | Description |
|---|---|
| DNS explained | A short movie explaining very simply how the DNS works |
| DNSSEC Introduction | A video introduction to the Domain Name System Security Extensions |
| The DANE Protocol | What is the DANE protocol and how does it help make the Internet more secure? |
| What is DNSSEC? | A short movie aimed at raising public awareness on DNSSEC |