1*335c7cdaSCy SchubertREADME for Unbound 1.20.0 2b7579f77SDag-Erling SmørgravCopyright 2007 NLnet Labs 3b7579f77SDag-Erling Smørgravhttp://unbound.net 4b7579f77SDag-Erling Smørgrav 5b7579f77SDag-Erling SmørgravThis software is under BSD license, see LICENSE for details. 6ff825849SDag-Erling SmørgravThe DNS64 module has BSD license in dns64/dns64.c. 7ff825849SDag-Erling SmørgravThe DNSTAP code has BSD license in dnstap/dnstap.c. 8b7579f77SDag-Erling Smørgrav 9b7579f77SDag-Erling Smørgrav* Download the latest release version of this software from 10b7579f77SDag-Erling Smørgrav http://unbound.net 11b7579f77SDag-Erling Smørgrav or get a beta version from the svn repository at 12b7579f77SDag-Erling Smørgrav http://unbound.net/svn/ 13b7579f77SDag-Erling Smørgrav 14b7579f77SDag-Erling Smørgrav* Uses the following libraries; 15b7579f77SDag-Erling Smørgrav * libevent http://www.monkey.org/~provos/libevent/ (BSD license) 16b7579f77SDag-Erling Smørgrav (optional) can use builtin alternative instead. 1717d15b25SDag-Erling Smørgrav * libexpat (for the unbound-anchor helper program) (MIT license) 18b7579f77SDag-Erling Smørgrav 19b7579f77SDag-Erling Smørgrav* Make and install: ./configure; make; make install 20b7579f77SDag-Erling Smørgrav * --with-libevent=/path/to/libevent 21b7579f77SDag-Erling Smørgrav Can be set to either the system install or the build directory. 22b7c0c8c1SCy Schubert --with-libevent=no gives a builtin alternative implementation. 23b7c0c8c1SCy Schubert Libevent is enabled by default, it is useful when having many 24b7c0c8c1SCy Schubert (thousands) of outgoing ports. This improves randomization and spoof 25b7c0c8c1SCy Schubert resistance. It also allows a higher number of outgoing queries. 26b7579f77SDag-Erling Smørgrav * --with-libexpat=/path/to/libexpat 27b7579f77SDag-Erling Smørgrav Can be set to the install directory of libexpat. 28b7579f77SDag-Erling Smørgrav * --without-pthreads 29b7579f77SDag-Erling Smørgrav This disables pthreads. Without this option the pthreads library 30b7579f77SDag-Erling Smørgrav is detected automatically. Use this option to disable threading 31b7579f77SDag-Erling Smørgrav altogether, or, on Solaris, also use --with(out)-solaris-threads. 32b7579f77SDag-Erling Smørgrav * --enable-checking 33b7579f77SDag-Erling Smørgrav This enables assertions in the code that guard against a variety of 34b7579f77SDag-Erling Smørgrav programming errors, among which buffer overflows. The program exits 35b7579f77SDag-Erling Smørgrav with an error if an assertion fails (but the buffer did not overflow). 36b7579f77SDag-Erling Smørgrav * --enable-static-exe 3717d15b25SDag-Erling Smørgrav This enables a debug option to statically link against the 3817d15b25SDag-Erling Smørgrav libevent library. 39b7579f77SDag-Erling Smørgrav * --enable-lock-checks 40b7579f77SDag-Erling Smørgrav This enables a debug option to check lock and unlock calls. It needs 41b7579f77SDag-Erling Smørgrav a recent pthreads library to work. 42b7579f77SDag-Erling Smørgrav * --enable-alloc-checks 43b7579f77SDag-Erling Smørgrav This enables a debug option to check malloc (calloc, realloc, free). 44b7579f77SDag-Erling Smørgrav The server periodically checks if the amount of memory used fits with 45b7579f77SDag-Erling Smørgrav the amount of memory it thinks it should be using, and reports 46b7579f77SDag-Erling Smørgrav memory usage in detail. 47b7579f77SDag-Erling Smørgrav * --with-conf-file=filename 48b7579f77SDag-Erling Smørgrav Set default location of config file, 49b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.conf. 50b7579f77SDag-Erling Smørgrav * --with-pidfile=filename 51b7579f77SDag-Erling Smørgrav Set default location of pidfile, 52b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.pid. 53b7579f77SDag-Erling Smørgrav * --with-run-dir=path 54b7579f77SDag-Erling Smørgrav Set default working directory, 55b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 56b7579f77SDag-Erling Smørgrav * --with-chroot-dir=path 57b7579f77SDag-Erling Smørgrav Set default chroot directory, 58b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 59b7579f77SDag-Erling Smørgrav * --with-rootkey-file=path 60b7579f77SDag-Erling Smørgrav Set the default root.key path. This file is read and written. 61b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/root.key 62b7579f77SDag-Erling Smørgrav * --with-rootcert-file=path 63b7579f77SDag-Erling Smørgrav Set the default root update certificate path. A builtin certificate 64b7579f77SDag-Erling Smørgrav is used if this file is empty or does not exist. 65b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/icannbundle.pem 66b7579f77SDag-Erling Smørgrav * --with-username=user 67b7579f77SDag-Erling Smørgrav Set default user name to change to, 68b7579f77SDag-Erling Smørgrav the default is the "unbound" user. 69b7579f77SDag-Erling Smørgrav * --with-pyunbound 70b7579f77SDag-Erling Smørgrav Create libunbound wrapper usable from python. 71b7579f77SDag-Erling Smørgrav Needs python-devel and swig development tools. 72b7579f77SDag-Erling Smørgrav * --with-pythonmodule 73b7579f77SDag-Erling Smørgrav Compile the python module that processes responses in the server. 74b7579f77SDag-Erling Smørgrav * --disable-sha2 75b7579f77SDag-Erling Smørgrav Disable support for RSASHA256 and RSASHA512 crypto. 76b7579f77SDag-Erling Smørgrav * --disable-gost 77b7579f77SDag-Erling Smørgrav Disable support for GOST crypto, RFC 5933. 784c75e3aaSDag-Erling Smørgrav * --enable-subnet 794c75e3aaSDag-Erling Smørgrav Enable EDNS client subnet processing. 80b7579f77SDag-Erling Smørgrav 81b7579f77SDag-Erling Smørgrav* 'make test' runs a series of self checks. 82b7579f77SDag-Erling Smørgrav 83b7579f77SDag-Erling SmørgravKnown issues 84b7579f77SDag-Erling Smørgrav------------ 85b7579f77SDag-Erling Smørgravo If there are no replies for a forward or stub zone, for a reverse zone, 86b7579f77SDag-Erling Smørgrav you may need to add a local-zone: name transparent or nodefault to the 87b7579f77SDag-Erling Smørgrav server: section of the config file to unblock the reverse zone. 88b7579f77SDag-Erling Smørgrav Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa 89b7579f77SDag-Erling Smørgravo If libevent is older (before 1.3c), unbound will exit instead of reload 90b7579f77SDag-Erling Smørgrav on sighup. On a restart 'did not exit gracefully last time' warning is 91b7579f77SDag-Erling Smørgrav printed. Perform ./configure --with-libevent=no or update libevent, rerun 92b7579f77SDag-Erling Smørgrav configure and recompile unbound to make sighup work correctly. 93b7579f77SDag-Erling Smørgrav It is strongly suggested to use a recent version of libevent. 94b7579f77SDag-Erling Smørgravo If you are not receiving the correct source IP address on replies (e.g. 95b7579f77SDag-Erling Smørgrav you are running a multihomed, anycast server), the interface-automatic 96b7579f77SDag-Erling Smørgrav option can be enabled to set socket options to achieve the correct 97b7579f77SDag-Erling Smørgrav source IP address on UDP replies. Listing all IP addresses explicitly in 98b7579f77SDag-Erling Smørgrav the config file is an alternative. The interface-automatic option uses 99b7579f77SDag-Erling Smørgrav non portable socket options, Linux and FreeBSD should work fine. 100b7579f77SDag-Erling Smørgravo The warning 'openssl has no entropy, seeding with time', with chroot 1010eefd307SCy Schubert enabled, may be solved with a symbolic link to /dev/urandom from <chrootdir>. 102b7579f77SDag-Erling Smørgravo On Solaris 5.10 some libtool packages from repositories do not work with 103b7579f77SDag-Erling Smørgrav gcc, showing errors gcc: unrecognized option `-KPIC' 104b7579f77SDag-Erling Smørgrav To solve this do ./configure libtool=./libtool [your options...]. 105b7579f77SDag-Erling Smørgrav On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. 106b7579f77SDag-Erling Smørgravo If unbound-control (or munin graphs) do not work, this can often be because 107b7579f77SDag-Erling Smørgrav the unbound-control-setup script creates the keys with restricted 108b7579f77SDag-Erling Smørgrav permissions, and the files need to be made readable or ownered by both the 109b7579f77SDag-Erling Smørgrav unbound daemon and unbound-control. 110b7579f77SDag-Erling Smørgravo Crosscompile seems to hang. You tried to install unbound under wine. 111b7579f77SDag-Erling Smørgrav wine regedit and remove all the unbound entries from the registry or 112b7579f77SDag-Erling Smørgrav delete .wine/drive_c. 113b7579f77SDag-Erling Smørgrav 114b7579f77SDag-Erling SmørgravAcknowledgements 115b7579f77SDag-Erling Smørgrav---------------- 116b7579f77SDag-Erling Smørgravo Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). 117b7579f77SDag-Erling Smørgravo Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java 118b7579f77SDag-Erling Smørgrav prototype. Design and code from that prototype has been used to create 119b7579f77SDag-Erling Smørgrav this program. Such as the iterator state machine and the cache design. 120b7579f77SDag-Erling Smørgravo Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) 121b7579f77SDag-Erling Smørgrav projects. Such as buffer, region-allocator and red-black tree code. 122b7579f77SDag-Erling Smørgravo See Credits file for contributors. 123b7579f77SDag-Erling Smørgrav 124b7579f77SDag-Erling Smørgrav 125b7579f77SDag-Erling SmørgravYour Support 126b7579f77SDag-Erling Smørgrav------------ 127b7579f77SDag-Erling SmørgravNLnet Labs offers all of its software products as open source, most are 128b7579f77SDag-Erling Smørgravpublished under a BSD license. You can download them, not only from the 129b7579f77SDag-Erling SmørgravNLnet Labs website but also through the various OS distributions for 130b7579f77SDag-Erling Smørgravwhich NSD, ldns, and Unbound are packaged. We therefore have little idea 131b7579f77SDag-Erling Smørgravwho uses our software in production environments and have no direct ties 132b7579f77SDag-Erling Smørgravwith 'our customers'. 133b7579f77SDag-Erling Smørgrav 134b7579f77SDag-Erling SmørgravTherefore, we ask you to contact us at users@NLnetLabs.nl and tell us 135b7579f77SDag-Erling Smørgravwhether you use one of our products in your production environment, 136b7579f77SDag-Erling Smørgravwhat that environment looks like, and maybe even share some praise. 137b7579f77SDag-Erling SmørgravWe would like to refer to the fact that your organization is using our 138b7579f77SDag-Erling Smørgravproducts. We will only do that if you explicitly allow us. In all other 139b7579f77SDag-Erling Smørgravcases we will keep the information you share with us to ourselves. 140b7579f77SDag-Erling Smørgrav 141b7579f77SDag-Erling SmørgravIn addition to the moral support you can also support us 142b7579f77SDag-Erling Smørgravfinancially. NLnet Labs is a recognized not-for-profit charity foundation 143b7579f77SDag-Erling Smørgravthat is chartered to develop open-source software and open-standards 144b7579f77SDag-Erling Smørgravfor the Internet. If you use our software to satisfaction please express 145b7579f77SDag-Erling Smørgravthat by giving us a donation. For small donations PayPal can be used. For 146b7579f77SDag-Erling Smørgravlarger and regular donations please contact us at users@NLnetLabs.nl. Also 147b7579f77SDag-Erling Smørgravsee http://www.nlnetlabs.nl/labs/contributors/. 148b7579f77SDag-Erling Smørgrav 149b7579f77SDag-Erling Smørgrav 150b7579f77SDag-Erling Smørgrav* mailto:unbound-bugs@nlnetlabs.nl 151