Unbound is a a very secure non-authoritative, validating, recursive, caching DNS resolver, with support for DNSSEC validation.

It is designed to be fast and lean and incorporates modern features based on open standards.

It is written with a high security focus!

Unbound is not as feature rich as Bind, but it is easy to configure and quick to set up.

Unbound communicates directly with the root servers on the internet and the other authoritative domain name servers, so does not use Cloudflare, Google or any of the others. The DNS traffic is not encrypted but it is authenticated for validity.

Authority Zones

Blacklist a domain

Configure Access

Configure Local Zones

Configure Encrypted DNS with Caching

Forward Zones

Local Data

Secure DNS over TLS

Views

https://nlnetlabs.nl/documentation/unbound/

https://www.nlnetlabs.nl/projects/unbound/about/

https://fossies.org/linux/unbound/doc/example.conf.in