1.\" $OpenBSD: unwind.8,v 1.10 2021/01/25 16:57:00 florian Exp $ 2.\" 3.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> 4.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: January 25 2021 $ 19.Dt UNWIND 8 20.Os 21.Sh NAME 22.Nm unwind 23.Nd validating DNS resolver 24.Sh SYNOPSIS 25.Nm 26.Op Fl dnv 27.Op Fl f Ar file 28.Op Fl s Ar socket 29.Sh DESCRIPTION 30.Nm 31is a validating DNS resolver. 32It is intended to run on client machines like workstations or laptops and only 33listens on localhost. 34.Nm 35sends DNS queries to nameservers to answer queries and switches to resolvers 36learned from 37.Xr dhclient 8 38if it detects that DNS queries are blocked by the local network. 39It periodically probes if DNS is no longer blocked and switches back to 40querying nameservers itself. 41.Pp 42.Nm 43keeps the DNS answers in a cache shared by the different DNS name 44server types. 45.Nm 46manages the cache size by deleting oldest entries when needed. 47The cache is non-configurable and is lost upon process restart. 48.Pp 49To have 50.Nm 51enabled at boot time, use 52.Dq rcctl enable unwind , 53which sets 54.Pp 55.Dl unwind_flags=\(dq\(dq 56.Pp 57in 58.Xr rc.conf.local 8 . 59.Pp 60Adding 61.Pp 62.Dl supersede domain-name-servers 127.0.0.1; 63.Pp 64to 65.Pa /etc/dhclient.conf 66configures a machine using DHCP to use 67.Nm . 68.Pp 69A running 70.Nm 71can be controlled with the 72.Xr unwindctl 8 73utility. 74.Pp 75The options are as follows: 76.Bl -tag -width Ds 77.It Fl d 78Do not daemonize. 79If this option is specified, 80.Nm 81will run in the foreground and log to 82.Em stderr . 83.It Fl f Ar file 84Specify an alternative configuration file. 85.It Fl n 86Configtest mode. 87Only check the configuration file for validity. 88.It Fl s Ar socket 89Use an alternate location for the default control socket. 90.It Fl v 91Produce more verbose output. 92Multiple 93.Fl v 94options increase the verbosity. 95Debug output from libunbound is only available when logging to 96.Em stderr . 97.El 98.Sh FILES 99.Bl -tag -width "/var/db/unwind.keyXXX" -compact 100.It Pa /etc/unwind.conf 101Default 102.Nm 103configuration file. 104.It Pa /var/db/unwind.key 105Trust anchor for DNSSEC validation. 106.It Pa /dev/unwind.sock 107.Ux Ns -domain 108socket used for communication with 109.Xr unwindctl 8 . 110.El 111.Sh SEE ALSO 112.Xr unwind.conf 5 , 113.Xr dhclient 8 , 114.Xr unbound 8 , 115.Xr unwindctl 8 116.Sh STANDARDS 117.Rs 118.%A P. Mockapetris 119.%D November 1987 120.%R RFC 1034 121.%T DOMAIN NAMES - CONCEPTS AND FACILITIES 122.Re 123.Pp 124.Rs 125.%A P. Mockapetris 126.%D November 1987 127.%R RFC 1035 128.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 129.Re 130.Sh HISTORY 131The 132.Nm 133program first appeared in 134.Ox 6.5 . 135.Sh AUTHORS 136.An -nosplit 137The 138.Nm 139program was written by 140.An Florian Obser Aq Mt florian@openbsd.org . 141