Diverse DNS Code

TCPWave IPAM comes with ISC’s BIND and NSD. TCPWave has chosen NSD as a safe alternate name server implementation developed by NLnetLabs of Amsterdam. NLnetLabs developed NSD in cooperation with the RIPE NCC, from scratch to add variance to the “gene pool” of DNS implementations used by higher level name servers and thus increase the resilience of DNS against software flaws or exploits. TCPWave’s backup authoritative DNS server software is an authoritative name server, in both a master and slave configuration, RFC compliant, written from scratch in C, uses a clean implementation leveraging the openssl library, supports EDNS0, supports DNSSEC with NSEC and NSEC3, has full and incremental zone transfer handling (AXFR and IXFR ), contains source code updates to support dynamic updates from TCPWave’s IPAM securely, supports SNMP and it is not exposed to the BIND vulnerabilities since the code base is completely different. TCPWave has chosen Unbound as a component for the cache appliances controlled and managed by the TCPWave IPAM. Unbound is a very secure validating, recursive, and caching DNS server primarily developed by NLnet Labs, VeriSign Inc, Nominet, and Kirei. The binaries are written with a high security focus, tight C code with enhancements done by the TCPWave product development team. Unbound’s design is a set of modular components which incorporate features including enhanced security (DNSSEC) validation, Internet Protocol Version 6 (IPv6), and a client resolver library API as an integral part of the architecture.