Loop

Loop is a DNS software suite consisting of a resolver, an authoritative nameserver, and various DNS and DNSSEC utilities.

Install Loop 1.99.7 Documentation Support

Contents

What is Loop?

Loop is an enterprise-grade DNS software distribution. It is maintained as a DNS reference implementation by closely adhering to the DNS standards. Loop includes the following programs:

DNS nameserver

  • named — DNS nameserver daemon that implements authoritative server and recursive resolver features

DNS clients

  • dig — DNS client with comprehensive DNS query capabilities
  • host — Simple DNS lookup client
  • mdig — DNS client that uses pipelining when sending multiple queries
  • nsupdate — DNS client that submits dynamic DNS UPDATEs to a nameserver

DNS and Loop utilities

  • arpaname — Translates an IP address to its corresponding reverse name in the in-addr.arpa. and ip6.arpa. domains
  • ddns-confgen — Generates TSIG keys and configuration for use with nsupdate for dynamic DNS UPDATEs
  • named-checkconf — Checks a named.conf config file for syntax and correctness
  • named-checkzone — Checks a zone master file for syntax and correctness
  • named-journalprint — Prints the contents of a zone journal file in a human-readable format
  • named-rrchecker — Checks a single resource record for syntax and correctness
  • nsec3hash — Generates an NSEC3 hash based on a set of NSEC3 parameters
  • rndc — Utility to send control messages to a running named process
  • rndc-confgen — Generates rndc keys and configuration to authenticate control messages

DNSSEC utilities

  • dnssec-keygen — Generates DNSKEYs for DNSSEC, and KEYs for use with TSIG
  • dnssec-signzone — Signs a DNS zone by generating RRSIG and NSEC/NSEC3 records
  • dnssec-verify — Verifies that a zone is fully signed, and that its NSEC/NSEC3 chains are complete
  • dnssec-dsfromkey — Generates DS and CDS resource records from DNSKEYs
  • dnssec-importkey — Imports an externally created public DNSKEY so it can be used with Loop
  • dnssec-keyfromlabel — Generates a DNSKEY keypair for a key object stored in a HSM so it can be used with Loop
  • dnssec-revoke — Sets the REVOKE bit (RFC 5011) in the DNSKEY flags
  • dnssec-settime — Sets DNSKEY timing metadata used in key scheduling
  • delv — DNS client that performs DNSSEC lookups and validation

DNS performance testing utilities

  • dnsperf — DNS client that measures DNS nameserver performance
  • resperf — DNS client that measures DNS resolver performance
  • resperf-report — Runs resperf and generates a HTML report with graphs

These programs implement various DNS protocols and features. Loop programs and their config files are extensively documented in the Loop User Manual and manpages.

Why use Loop?

Here are some reasons for using Loop:

  • You want to serve your authoritative zones.
  • You want to run a local caching resolver in your LAN for higher performance and better privacy.
  • You would like to have control over your local network's DNS responses by running a local resolver that filters or rewrites queries to web domains.
  • You want to use different DNS configurations that process DNS queries differently depending on their properties.
  • You have a large number of authoritative zones or a large number of clients requiring large cache sizes, and want a DNS implementation that scales and performs well.
  • You want a well-documented DNS product.
  • You want to use DNS software packages where the very same binaries have been tested before being published.
  • You like a distributed global DNS infrastructure that is not concentrated among some CDNs for a more healthy internet.

Loop features

The following are some of the features implemented by Loop. named can be run in mixed-mode with both resolver and authoritative functions.

Resolver features

  • Query resolution
    • Upstream nameserver selection policies
    • Smoothed round-trip time computation (for fastest server selection)
    • Forwarding to other nameservers and various modes for it
    • Dual-stack support (IPv4 and IPv6) for upstream fetches
    • DNS64 support (IPv6 synthesis from A records)
    • Empty zones (e.g. to suppress RFC 1918 queries)
  • Security & DNSSEC validation
    • DNSSEC validation (checking authenticity of upstream answers)
    • Dynamic trust anchor management
    • Built-in root trust anchor support
    • DNSSEC-validating resolver configuration options
  • Filtering & control
    • Response Policy Zones (RPZ) for blocking/mapping domains
    • Access Control Lists (ACLs) for queries
    • Response Rate Limiting (RRL) to protect against response floods or abusive query loads
    • Built-in content filtering (blocklists etc.)
  • Performance & statistics
    • Cache tuning and sizing
    • Resolver statistics including cache hits/misses, upstream timing
    • Socket and resource usage counters
  • Diagnostic features and tools
    • Detailed and configurable logging
    • Integrated tools for debugging such as dig and delv
    • Integrated tools for performance testing such as resperf

Authoritative server features

  • Zone management
    • Static zone file loading (from disk)
    • Zone directives such as $TTL, $ORIGIN, $INCLUDE, $GENERATE, etc.
    • Journal files for consistently updating dynamic changes to zones
    • Dynamic updates (RFC 2136)
    • IXFR (incremental) and AXFR (full) zone transfer support
    • DNS NOTIFY support (to inform secondaries)
    • Built-in server zones and empty zones
  • DNSSEC signing
    • DNSKEY generation (ZSK, KSK)
    • Zone signing
    • DNSSEC verification (dnssec-verify, etc.)
    • Automatic signing of dynamic zones (integrating updates and signing)
    • Automatic key rollover
    • NSEC / NSEC3 support, including rollovers and conversions between NSEC and NSEC3
    • OPTOUT variant for NSEC3
    • PKCS#11 support for HSMs
  • Secure zone transfers and DNS updates
    • TSIG support (authenticated zone transfers and DNS updates)
    • TKEY support (key exchange for TSIG)
    • GSSAPI (Kerberos) support
    • TSIG key management and ACLs
    • Fine-grained DNS UPDATE policies for controlling who may perform dynamic updates
  • Policy & access control
    • Access control by client IP or TSIG key for controlling who may query, update, control the server
    • RRset ordering control in responses
    • Built-in record filtering
    • Per-zone configuration options
  • Zone statistics & maintenance
    • Zone statistics including updates, transfer events, signing status
    • Periodic zone maintenance tasks (re-signing intervals)
    • Zone file syntax checking (named-checkzone, etc.)

Common features (both resolver and authoritative server)

  • Split DNS (i.e. different answers depending on context, view) support
  • Views support
  • IPv6 support (AAAA and reverse mapping)
  • Resource usage controls (sockets, memory, limits)
  • Logging and diagnostics
  • Integrated administration tools such as rndc, named-checkconf, etc.
  • Nameserver statistics in XML format
  • SIG(0) support

Loop installation

Loop software packages are available for the following operating system platforms:

To install Loop version 1.99.7 on Red Hat Enterprise Linux 10 (x86_64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/10/x86_64/akira-release-1.99.7.20250831123527.772ce56e35-1.el10.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Red Hat Enterprise Linux 10 (aarch64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/10/aarch64/akira-release-1.99.7.20250831123527.772ce56e35-1.el10.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Red Hat Enterprise Linux 9 (x86_64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/9/x86_64/akira-release-1.99.7.20250831123527.772ce56e35-1.el9.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Red Hat Enterprise Linux 9 (aarch64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/9/aarch64/akira-release-1.99.7.20250831123527.772ce56e35-1.el9.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Red Hat Enterprise Linux 8 (x86_64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/8/x86_64/akira-release-1.99.7.20250831123527.772ce56e35-1.el8.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Red Hat Enterprise Linux 8 (aarch64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-epel and akira-epel-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/epel/testing/8/aarch64/akira-release-1.99.7.20250831123527.772ce56e35-1.el8.noarch.rpm

Then, enable the akira-epel-testing DNF repository:

# dnf config-manager setopt akira-epel-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Fedora Linux 42 (x86_64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-fedora and akira-fedora-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/fedora/testing/42/x86_64/akira-release-1.99.7.20250831123527.772ce56e35-1.fc42.noarch.rpm

Then, enable the akira-fedora-testing DNF repository:

# dnf config-manager setopt akira-fedora-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Fedora Linux 42 (aarch64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-fedora and akira-fedora-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/fedora/testing/42/aarch64/akira-release-1.99.7.20250831123527.772ce56e35-1.fc42.noarch.rpm

Then, enable the akira-fedora-testing DNF repository:

# dnf config-manager setopt akira-fedora-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Fedora Linux 41 (x86_64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-fedora and akira-fedora-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/fedora/testing/41/x86_64/akira-release-1.99.7.20250831123527.772ce56e35-1.fc41.noarch.rpm

Then, enable the akira-fedora-testing DNF repository:

# dnf config-manager setopt akira-fedora-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

To install Loop version 1.99.7 on Fedora Linux 41 (aarch64), follow these steps as the root user.

First, install the akira-release RPM package that will add the akira-fedora and akira-fedora-testing DNF repositories to your system, as well as associated GPG keys used to verify signed RPM packages from these repositories:

# dnf install https://download.banu.com/packages/akira/1.99/fedora/testing/41/aarch64/akira-release-1.99.7.20250831123527.772ce56e35-1.fc41.noarch.rpm

Then, enable the akira-fedora-testing DNF repository:

# dnf config-manager setopt akira-fedora-testing.enabled=1

Then, install the loop RPM package that will install the Loop software and documentation:

# dnf install loop

Then, if you wish to run the nameserver, configure named suitably by editing /etc/loop/named.conf, and then run it:

# systemctl enable --now named

Loop documentation

Loop is documented in the Loop User Manual, and manpages are provided for the Loop programs and their config files. The user manual and manpages are also included in the software packages.

Branch Type User Manual User Manual Download HTML README License
1.99 Development View PDF View HTML Download HTML ZIP View README View LICENSE.txt

Loop support

  • To report a bug in the product, please email <loop-bugs@banu.com> with detailed information about the issue. Please include sufficient information to allow reproduction of the problem by us.
  • Personal users of Loop may email the Loop mailing lists for support. Please see the mailing lists instructions on how to use the lists.
  • Commercial users of Loop should follow the instructions provided to them for creating support tickets.

Loop support plans

Three different Loop support plans are offered. Paid plans have annual contract periods.

Personal

Free
Install Loop

Business

US $5,000/month
Contact us

Large operator

US $20,000/month
Contact us
Contract period Not applicable 12 months 12 months
Supported instances Not applicable 4 32
Support hours Not applicable Business hours (9 AM—5 PM) 24x7 throughout the year
Response time Not applicable Within 1 business day Immediate
Public discussion forum & mailing lists
Support by email
Support by voice/video
Advance information about vulnerabilities