Cascade runs on our domain crate — engineered in Rust since 2015 and backed by NLnet Labs’ long-standing reputation for clean, predictable solutions that hold under pressure.

No outsourced helpdesk. No AI chat bots. When you need support, you’re talking to the engineers who built Cascade — the ones who know the code and the stakes.

Retain your own validation logic that you've come to trust. Or plug-in industry-standard tools, from us, or from others.

No more searching for vague guides with outdated information and missing steps. Cascade ships with comprehensive, up-to-date docs — built for real-world onboarding.

Cascade starts with the essentials done well. A solid foundation, ready to evolve with you.

Shell-script pipelines are not long-term maintainable solutions. Cascade provides a sustainable system, with flexibility at key points in the process.

No trials. No sales calls. No friction. Just an open source solution that gets the job done — and keeps getting better.

• Essential features, out of the box – Built with the input of TLDs and SREs, with everything you need to get started — and sensible defaults so you’re not stuck hand-editing XML.
• Zero downtime, zero firefighting – Fast, boring reliability. The kind your on-call team will thank you for.
• Run it your way – Native packages for Debian, RHEL and more. Or container images ready to drop into your stack.
• Built-in version control – Full change history and instant rollbacks — because mistakes happen.
• Effortless scaling – From 10 zones to 10,000, with millions of records — no re-architecting required.
• Observability out of the box – Monitoring that fits into your existing setup, plus a clean API for whatever else you need.
• Docs that actually help – Up-to-date manuals, examples, and a community that doesn’t treat questions like bugs.
• Support by people you trust – Actively developed by engineers you already know. And when you need backup, you're talking to the builders.

Cascade is designed from the ground up to meet the needs of critical infrastructure operators, national registries, and anyone who can’t afford a security lapse — or a failed audit.

• Essential features, out of the box – Built with the input of TLDs and SREs, with everything you need to get started — and sensible defaults so you’re not stuck hand-editing XML.
• Zero downtime, zero firefighting – Fast, boring reliability. The kind your on-call team will thank you for.
• Run it your way – Native packages for Debian, RHEL and more. Or container images ready to drop into your stack.
• Built-in version control – Full change history and instant rollbacks — because mistakes happen.
• Effortless scaling – From 10 zones to 10,000, with millions of records — no re-architecting required.
• Observability out of the box – Monitoring that fits into your existing setup, plus a clean API for whatever else you need.
• Docs that actually help – Up-to-date manuals, examples, and a community that doesn’t treat questions like bugs.
• Maintained by people you trust – Actively developed by engineers you already know. And when you need backup, you're talking to the builders.

Cascade is backed by NLnet Labs — with 25 years of engineering integrity, open standards leadership, and real-world operational trust.

• Built and supported by experts – Get direct access to the team behind the code — from architecture to rollout and beyond.
• No lock-in, no limits – Open source, standards-based, and liberally licensed. No freemium features. No usage caps. Run it your way.
• A true successor to OpenDNSSEC – Modern, purpose-built, and ready to replace brittle legacy setups.
• Modern stack, no legacy syntax – No Perl. No fragile XML. Just clean, maintainable tools your team won’t hate.
• Low total cost of ownership – No license fees. Minimal operational overhead. Serious value compared to commercial alternatives.
• Onboarding done right – Clear, comprehensive docs written for production, not prototypes.
• Fits into your stack, cleanly – Designed for integration, with robust APIs and predictable behaviour at scale.

We help you migrate, integrate, and move from testbed to production without friction.

Straightforward setup in complex environments — hybrid, on-prem, or anything in between.

As a CVE Numbering Authority, we coordinate disclosures responsibly — with NDA pre-notifications so you can schedule maintenance ahead. No surprises.

Regular improvements without breaking your workflow — with clear changelogs and optional staged rollouts.

For critical open-source infrastructure, added support isn’t optional - it’s the professional standard. You get direct access to the engineers who built Cascade and know what's at stake. No ticket triage. No outsourced delays. Just real answers from real experts when it matters.

NIS2 puts your critical infrastructure in the spotlight. Our support puts our experts in the room so you're ready when the hard questions come.

We don’t just ship code — we build in conversation. Your experience, feedback, and requests help move the project forward, together.

Two-year EOL notice and help moving forward when the future calls.