1*17d15b25SDag-Erling SmørgravREADME for Unbound 1.4.22 2b7579f77SDag-Erling SmørgravCopyright 2007 NLnet Labs 3b7579f77SDag-Erling Smørgravhttp://unbound.net 4b7579f77SDag-Erling Smørgrav 5b7579f77SDag-Erling SmørgravThis software is under BSD license, see LICENSE for details. 6b7579f77SDag-Erling Smørgrav 7b7579f77SDag-Erling Smørgrav* Download the latest release version of this software from 8b7579f77SDag-Erling Smørgrav http://unbound.net 9b7579f77SDag-Erling Smørgrav or get a beta version from the svn repository at 10b7579f77SDag-Erling Smørgrav http://unbound.net/svn/ 11b7579f77SDag-Erling Smørgrav 12b7579f77SDag-Erling Smørgrav* Uses the following libraries; 13b7579f77SDag-Erling Smørgrav * libevent http://www.monkey.org/~provos/libevent/ (BSD license) 14b7579f77SDag-Erling Smørgrav (optional) can use builtin alternative instead. 15*17d15b25SDag-Erling Smørgrav * libexpat (for the unbound-anchor helper program) (MIT license) 16b7579f77SDag-Erling Smørgrav 17b7579f77SDag-Erling Smørgrav* Make and install: ./configure; make; make install 18b7579f77SDag-Erling Smørgrav * --with-libevent=/path/to/libevent 19b7579f77SDag-Erling Smørgrav Can be set to either the system install or the build directory. 20b7579f77SDag-Erling Smørgrav --with-libevent=no (default) gives a builtin alternative 21b7579f77SDag-Erling Smørgrav implementation. libevent is useful when having many (thousands) 22b7579f77SDag-Erling Smørgrav of outgoing ports. This improves randomization and spoof 23b7579f77SDag-Erling Smørgrav resistance. For the default of 16 ports the builtin alternative 24b7579f77SDag-Erling Smørgrav works well and is a little faster. 25b7579f77SDag-Erling Smørgrav * --with-libexpat=/path/to/libexpat 26b7579f77SDag-Erling Smørgrav Can be set to the install directory of libexpat. 27b7579f77SDag-Erling Smørgrav * --without-pthreads 28b7579f77SDag-Erling Smørgrav This disables pthreads. Without this option the pthreads library 29b7579f77SDag-Erling Smørgrav is detected automatically. Use this option to disable threading 30b7579f77SDag-Erling Smørgrav altogether, or, on Solaris, also use --with(out)-solaris-threads. 31b7579f77SDag-Erling Smørgrav * --enable-checking 32b7579f77SDag-Erling Smørgrav This enables assertions in the code that guard against a variety of 33b7579f77SDag-Erling Smørgrav programming errors, among which buffer overflows. The program exits 34b7579f77SDag-Erling Smørgrav with an error if an assertion fails (but the buffer did not overflow). 35b7579f77SDag-Erling Smørgrav * --enable-static-exe 36*17d15b25SDag-Erling Smørgrav This enables a debug option to statically link against the 37*17d15b25SDag-Erling Smørgrav libevent library. 38b7579f77SDag-Erling Smørgrav * --enable-lock-checks 39b7579f77SDag-Erling Smørgrav This enables a debug option to check lock and unlock calls. It needs 40b7579f77SDag-Erling Smørgrav a recent pthreads library to work. 41b7579f77SDag-Erling Smørgrav * --enable-alloc-checks 42b7579f77SDag-Erling Smørgrav This enables a debug option to check malloc (calloc, realloc, free). 43b7579f77SDag-Erling Smørgrav The server periodically checks if the amount of memory used fits with 44b7579f77SDag-Erling Smørgrav the amount of memory it thinks it should be using, and reports 45b7579f77SDag-Erling Smørgrav memory usage in detail. 46b7579f77SDag-Erling Smørgrav * --with-conf-file=filename 47b7579f77SDag-Erling Smørgrav Set default location of config file, 48b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.conf. 49b7579f77SDag-Erling Smørgrav * --with-pidfile=filename 50b7579f77SDag-Erling Smørgrav Set default location of pidfile, 51b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.pid. 52b7579f77SDag-Erling Smørgrav * --with-run-dir=path 53b7579f77SDag-Erling Smørgrav Set default working directory, 54b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 55b7579f77SDag-Erling Smørgrav * --with-chroot-dir=path 56b7579f77SDag-Erling Smørgrav Set default chroot directory, 57b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 58b7579f77SDag-Erling Smørgrav * --with-rootkey-file=path 59b7579f77SDag-Erling Smørgrav Set the default root.key path. This file is read and written. 60b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/root.key 61b7579f77SDag-Erling Smørgrav * --with-rootcert-file=path 62b7579f77SDag-Erling Smørgrav Set the default root update certificate path. A builtin certificate 63b7579f77SDag-Erling Smørgrav is used if this file is empty or does not exist. 64b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/icannbundle.pem 65b7579f77SDag-Erling Smørgrav * --with-username=user 66b7579f77SDag-Erling Smørgrav Set default user name to change to, 67b7579f77SDag-Erling Smørgrav the default is the "unbound" user. 68b7579f77SDag-Erling Smørgrav * --with-pyunbound 69b7579f77SDag-Erling Smørgrav Create libunbound wrapper usable from python. 70b7579f77SDag-Erling Smørgrav Needs python-devel and swig development tools. 71b7579f77SDag-Erling Smørgrav * --with-pythonmodule 72b7579f77SDag-Erling Smørgrav Compile the python module that processes responses in the server. 73b7579f77SDag-Erling Smørgrav * --disable-sha2 74b7579f77SDag-Erling Smørgrav Disable support for RSASHA256 and RSASHA512 crypto. 75b7579f77SDag-Erling Smørgrav * --disable-gost 76b7579f77SDag-Erling Smørgrav Disable support for GOST crypto, RFC 5933. 77b7579f77SDag-Erling Smørgrav 78b7579f77SDag-Erling Smørgrav* 'make test' runs a series of self checks. 79b7579f77SDag-Erling Smørgrav 80b7579f77SDag-Erling SmørgravKnown issues 81b7579f77SDag-Erling Smørgrav------------ 82b7579f77SDag-Erling Smørgravo If there are no replies for a forward or stub zone, for a reverse zone, 83b7579f77SDag-Erling Smørgrav you may need to add a local-zone: name transparent or nodefault to the 84b7579f77SDag-Erling Smørgrav server: section of the config file to unblock the reverse zone. 85b7579f77SDag-Erling Smørgrav Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa 86b7579f77SDag-Erling Smørgravo If libevent is older (before 1.3c), unbound will exit instead of reload 87b7579f77SDag-Erling Smørgrav on sighup. On a restart 'did not exit gracefully last time' warning is 88b7579f77SDag-Erling Smørgrav printed. Perform ./configure --with-libevent=no or update libevent, rerun 89b7579f77SDag-Erling Smørgrav configure and recompile unbound to make sighup work correctly. 90b7579f77SDag-Erling Smørgrav It is strongly suggested to use a recent version of libevent. 91b7579f77SDag-Erling Smørgravo If you are not receiving the correct source IP address on replies (e.g. 92b7579f77SDag-Erling Smørgrav you are running a multihomed, anycast server), the interface-automatic 93b7579f77SDag-Erling Smørgrav option can be enabled to set socket options to achieve the correct 94b7579f77SDag-Erling Smørgrav source IP address on UDP replies. Listing all IP addresses explicitly in 95b7579f77SDag-Erling Smørgrav the config file is an alternative. The interface-automatic option uses 96b7579f77SDag-Erling Smørgrav non portable socket options, Linux and FreeBSD should work fine. 97b7579f77SDag-Erling Smørgravo The warning 'openssl has no entropy, seeding with time', with chroot 98b7579f77SDag-Erling Smørgrav enabled, may be solved with a symbolic link to /dev/random from <chrootdir>. 99b7579f77SDag-Erling Smørgravo On Solaris 5.10 some libtool packages from repositories do not work with 100b7579f77SDag-Erling Smørgrav gcc, showing errors gcc: unrecognized option `-KPIC' 101b7579f77SDag-Erling Smørgrav To solve this do ./configure libtool=./libtool [your options...]. 102b7579f77SDag-Erling Smørgrav On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. 103b7579f77SDag-Erling Smørgravo If unbound-control (or munin graphs) do not work, this can often be because 104b7579f77SDag-Erling Smørgrav the unbound-control-setup script creates the keys with restricted 105b7579f77SDag-Erling Smørgrav permissions, and the files need to be made readable or ownered by both the 106b7579f77SDag-Erling Smørgrav unbound daemon and unbound-control. 107b7579f77SDag-Erling Smørgravo Crosscompile seems to hang. You tried to install unbound under wine. 108b7579f77SDag-Erling Smørgrav wine regedit and remove all the unbound entries from the registry or 109b7579f77SDag-Erling Smørgrav delete .wine/drive_c. 110b7579f77SDag-Erling Smørgrav 111b7579f77SDag-Erling SmørgravAcknowledgements 112b7579f77SDag-Erling Smørgrav---------------- 113b7579f77SDag-Erling Smørgravo Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). 114b7579f77SDag-Erling Smørgravo Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java 115b7579f77SDag-Erling Smørgrav prototype. Design and code from that prototype has been used to create 116b7579f77SDag-Erling Smørgrav this program. Such as the iterator state machine and the cache design. 117b7579f77SDag-Erling Smørgravo Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) 118b7579f77SDag-Erling Smørgrav projects. Such as buffer, region-allocator and red-black tree code. 119b7579f77SDag-Erling Smørgravo See Credits file for contributors. 120b7579f77SDag-Erling Smørgrav 121b7579f77SDag-Erling Smørgrav 122b7579f77SDag-Erling SmørgravYour Support 123b7579f77SDag-Erling Smørgrav------------ 124b7579f77SDag-Erling SmørgravNLnet Labs offers all of its software products as open source, most are 125b7579f77SDag-Erling Smørgravpublished under a BSD license. You can download them, not only from the 126b7579f77SDag-Erling SmørgravNLnet Labs website but also through the various OS distributions for 127b7579f77SDag-Erling Smørgravwhich NSD, ldns, and Unbound are packaged. We therefore have little idea 128b7579f77SDag-Erling Smørgravwho uses our software in production environments and have no direct ties 129b7579f77SDag-Erling Smørgravwith 'our customers'. 130b7579f77SDag-Erling Smørgrav 131b7579f77SDag-Erling SmørgravTherefore, we ask you to contact us at users@NLnetLabs.nl and tell us 132b7579f77SDag-Erling Smørgravwhether you use one of our products in your production environment, 133b7579f77SDag-Erling Smørgravwhat that environment looks like, and maybe even share some praise. 134b7579f77SDag-Erling SmørgravWe would like to refer to the fact that your organization is using our 135b7579f77SDag-Erling Smørgravproducts. We will only do that if you explicitly allow us. In all other 136b7579f77SDag-Erling Smørgravcases we will keep the information you share with us to ourselves. 137b7579f77SDag-Erling Smørgrav 138b7579f77SDag-Erling SmørgravIn addition to the moral support you can also support us 139b7579f77SDag-Erling Smørgravfinancially. NLnet Labs is a recognized not-for-profit charity foundation 140b7579f77SDag-Erling Smørgravthat is chartered to develop open-source software and open-standards 141b7579f77SDag-Erling Smørgravfor the Internet. If you use our software to satisfaction please express 142b7579f77SDag-Erling Smørgravthat by giving us a donation. For small donations PayPal can be used. For 143b7579f77SDag-Erling Smørgravlarger and regular donations please contact us at users@NLnetLabs.nl. Also 144b7579f77SDag-Erling Smørgravsee http://www.nlnetlabs.nl/labs/contributors/. 145b7579f77SDag-Erling Smørgrav 146b7579f77SDag-Erling Smørgrav 147b7579f77SDag-Erling Smørgrav* mailto:unbound-bugs@nlnetlabs.nl 148