1*ff825849SDag-Erling SmørgravREADME for Unbound 1.5.1 2b7579f77SDag-Erling SmørgravCopyright 2007 NLnet Labs 3b7579f77SDag-Erling Smørgravhttp://unbound.net 4b7579f77SDag-Erling Smørgrav 5b7579f77SDag-Erling SmørgravThis software is under BSD license, see LICENSE for details. 6*ff825849SDag-Erling SmørgravThe DNS64 module has BSD license in dns64/dns64.c. 7*ff825849SDag-Erling SmørgravThe DNSTAP code has BSD license in dnstap/dnstap.c. 8b7579f77SDag-Erling Smørgrav 9b7579f77SDag-Erling Smørgrav* Download the latest release version of this software from 10b7579f77SDag-Erling Smørgrav http://unbound.net 11b7579f77SDag-Erling Smørgrav or get a beta version from the svn repository at 12b7579f77SDag-Erling Smørgrav http://unbound.net/svn/ 13b7579f77SDag-Erling Smørgrav 14b7579f77SDag-Erling Smørgrav* Uses the following libraries; 15b7579f77SDag-Erling Smørgrav * libevent http://www.monkey.org/~provos/libevent/ (BSD license) 16b7579f77SDag-Erling Smørgrav (optional) can use builtin alternative instead. 1717d15b25SDag-Erling Smørgrav * libexpat (for the unbound-anchor helper program) (MIT license) 18b7579f77SDag-Erling Smørgrav 19b7579f77SDag-Erling Smørgrav* Make and install: ./configure; make; make install 20b7579f77SDag-Erling Smørgrav * --with-libevent=/path/to/libevent 21b7579f77SDag-Erling Smørgrav Can be set to either the system install or the build directory. 22b7579f77SDag-Erling Smørgrav --with-libevent=no (default) gives a builtin alternative 23b7579f77SDag-Erling Smørgrav implementation. libevent is useful when having many (thousands) 24b7579f77SDag-Erling Smørgrav of outgoing ports. This improves randomization and spoof 25b7579f77SDag-Erling Smørgrav resistance. For the default of 16 ports the builtin alternative 26b7579f77SDag-Erling Smørgrav works well and is a little faster. 27b7579f77SDag-Erling Smørgrav * --with-libexpat=/path/to/libexpat 28b7579f77SDag-Erling Smørgrav Can be set to the install directory of libexpat. 29b7579f77SDag-Erling Smørgrav * --without-pthreads 30b7579f77SDag-Erling Smørgrav This disables pthreads. Without this option the pthreads library 31b7579f77SDag-Erling Smørgrav is detected automatically. Use this option to disable threading 32b7579f77SDag-Erling Smørgrav altogether, or, on Solaris, also use --with(out)-solaris-threads. 33b7579f77SDag-Erling Smørgrav * --enable-checking 34b7579f77SDag-Erling Smørgrav This enables assertions in the code that guard against a variety of 35b7579f77SDag-Erling Smørgrav programming errors, among which buffer overflows. The program exits 36b7579f77SDag-Erling Smørgrav with an error if an assertion fails (but the buffer did not overflow). 37b7579f77SDag-Erling Smørgrav * --enable-static-exe 3817d15b25SDag-Erling Smørgrav This enables a debug option to statically link against the 3917d15b25SDag-Erling Smørgrav libevent library. 40b7579f77SDag-Erling Smørgrav * --enable-lock-checks 41b7579f77SDag-Erling Smørgrav This enables a debug option to check lock and unlock calls. It needs 42b7579f77SDag-Erling Smørgrav a recent pthreads library to work. 43b7579f77SDag-Erling Smørgrav * --enable-alloc-checks 44b7579f77SDag-Erling Smørgrav This enables a debug option to check malloc (calloc, realloc, free). 45b7579f77SDag-Erling Smørgrav The server periodically checks if the amount of memory used fits with 46b7579f77SDag-Erling Smørgrav the amount of memory it thinks it should be using, and reports 47b7579f77SDag-Erling Smørgrav memory usage in detail. 48b7579f77SDag-Erling Smørgrav * --with-conf-file=filename 49b7579f77SDag-Erling Smørgrav Set default location of config file, 50b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.conf. 51b7579f77SDag-Erling Smørgrav * --with-pidfile=filename 52b7579f77SDag-Erling Smørgrav Set default location of pidfile, 53b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/unbound.pid. 54b7579f77SDag-Erling Smørgrav * --with-run-dir=path 55b7579f77SDag-Erling Smørgrav Set default working directory, 56b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 57b7579f77SDag-Erling Smørgrav * --with-chroot-dir=path 58b7579f77SDag-Erling Smørgrav Set default chroot directory, 59b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound. 60b7579f77SDag-Erling Smørgrav * --with-rootkey-file=path 61b7579f77SDag-Erling Smørgrav Set the default root.key path. This file is read and written. 62b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/root.key 63b7579f77SDag-Erling Smørgrav * --with-rootcert-file=path 64b7579f77SDag-Erling Smørgrav Set the default root update certificate path. A builtin certificate 65b7579f77SDag-Erling Smørgrav is used if this file is empty or does not exist. 66b7579f77SDag-Erling Smørgrav the default is /usr/local/etc/unbound/icannbundle.pem 67b7579f77SDag-Erling Smørgrav * --with-username=user 68b7579f77SDag-Erling Smørgrav Set default user name to change to, 69b7579f77SDag-Erling Smørgrav the default is the "unbound" user. 70b7579f77SDag-Erling Smørgrav * --with-pyunbound 71b7579f77SDag-Erling Smørgrav Create libunbound wrapper usable from python. 72b7579f77SDag-Erling Smørgrav Needs python-devel and swig development tools. 73b7579f77SDag-Erling Smørgrav * --with-pythonmodule 74b7579f77SDag-Erling Smørgrav Compile the python module that processes responses in the server. 75b7579f77SDag-Erling Smørgrav * --disable-sha2 76b7579f77SDag-Erling Smørgrav Disable support for RSASHA256 and RSASHA512 crypto. 77b7579f77SDag-Erling Smørgrav * --disable-gost 78b7579f77SDag-Erling Smørgrav Disable support for GOST crypto, RFC 5933. 79b7579f77SDag-Erling Smørgrav 80b7579f77SDag-Erling Smørgrav* 'make test' runs a series of self checks. 81b7579f77SDag-Erling Smørgrav 82b7579f77SDag-Erling SmørgravKnown issues 83b7579f77SDag-Erling Smørgrav------------ 84b7579f77SDag-Erling Smørgravo If there are no replies for a forward or stub zone, for a reverse zone, 85b7579f77SDag-Erling Smørgrav you may need to add a local-zone: name transparent or nodefault to the 86b7579f77SDag-Erling Smørgrav server: section of the config file to unblock the reverse zone. 87b7579f77SDag-Erling Smørgrav Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa 88b7579f77SDag-Erling Smørgravo If libevent is older (before 1.3c), unbound will exit instead of reload 89b7579f77SDag-Erling Smørgrav on sighup. On a restart 'did not exit gracefully last time' warning is 90b7579f77SDag-Erling Smørgrav printed. Perform ./configure --with-libevent=no or update libevent, rerun 91b7579f77SDag-Erling Smørgrav configure and recompile unbound to make sighup work correctly. 92b7579f77SDag-Erling Smørgrav It is strongly suggested to use a recent version of libevent. 93b7579f77SDag-Erling Smørgravo If you are not receiving the correct source IP address on replies (e.g. 94b7579f77SDag-Erling Smørgrav you are running a multihomed, anycast server), the interface-automatic 95b7579f77SDag-Erling Smørgrav option can be enabled to set socket options to achieve the correct 96b7579f77SDag-Erling Smørgrav source IP address on UDP replies. Listing all IP addresses explicitly in 97b7579f77SDag-Erling Smørgrav the config file is an alternative. The interface-automatic option uses 98b7579f77SDag-Erling Smørgrav non portable socket options, Linux and FreeBSD should work fine. 99b7579f77SDag-Erling Smørgravo The warning 'openssl has no entropy, seeding with time', with chroot 100b7579f77SDag-Erling Smørgrav enabled, may be solved with a symbolic link to /dev/random from <chrootdir>. 101b7579f77SDag-Erling Smørgravo On Solaris 5.10 some libtool packages from repositories do not work with 102b7579f77SDag-Erling Smørgrav gcc, showing errors gcc: unrecognized option `-KPIC' 103b7579f77SDag-Erling Smørgrav To solve this do ./configure libtool=./libtool [your options...]. 104b7579f77SDag-Erling Smørgrav On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. 105b7579f77SDag-Erling Smørgravo If unbound-control (or munin graphs) do not work, this can often be because 106b7579f77SDag-Erling Smørgrav the unbound-control-setup script creates the keys with restricted 107b7579f77SDag-Erling Smørgrav permissions, and the files need to be made readable or ownered by both the 108b7579f77SDag-Erling Smørgrav unbound daemon and unbound-control. 109b7579f77SDag-Erling Smørgravo Crosscompile seems to hang. You tried to install unbound under wine. 110b7579f77SDag-Erling Smørgrav wine regedit and remove all the unbound entries from the registry or 111b7579f77SDag-Erling Smørgrav delete .wine/drive_c. 112b7579f77SDag-Erling Smørgrav 113b7579f77SDag-Erling SmørgravAcknowledgements 114b7579f77SDag-Erling Smørgrav---------------- 115b7579f77SDag-Erling Smørgravo Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). 116b7579f77SDag-Erling Smørgravo Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java 117b7579f77SDag-Erling Smørgrav prototype. Design and code from that prototype has been used to create 118b7579f77SDag-Erling Smørgrav this program. Such as the iterator state machine and the cache design. 119b7579f77SDag-Erling Smørgravo Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) 120b7579f77SDag-Erling Smørgrav projects. Such as buffer, region-allocator and red-black tree code. 121b7579f77SDag-Erling Smørgravo See Credits file for contributors. 122b7579f77SDag-Erling Smørgrav 123b7579f77SDag-Erling Smørgrav 124b7579f77SDag-Erling SmørgravYour Support 125b7579f77SDag-Erling Smørgrav------------ 126b7579f77SDag-Erling SmørgravNLnet Labs offers all of its software products as open source, most are 127b7579f77SDag-Erling Smørgravpublished under a BSD license. You can download them, not only from the 128b7579f77SDag-Erling SmørgravNLnet Labs website but also through the various OS distributions for 129b7579f77SDag-Erling Smørgravwhich NSD, ldns, and Unbound are packaged. We therefore have little idea 130b7579f77SDag-Erling Smørgravwho uses our software in production environments and have no direct ties 131b7579f77SDag-Erling Smørgravwith 'our customers'. 132b7579f77SDag-Erling Smørgrav 133b7579f77SDag-Erling SmørgravTherefore, we ask you to contact us at users@NLnetLabs.nl and tell us 134b7579f77SDag-Erling Smørgravwhether you use one of our products in your production environment, 135b7579f77SDag-Erling Smørgravwhat that environment looks like, and maybe even share some praise. 136b7579f77SDag-Erling SmørgravWe would like to refer to the fact that your organization is using our 137b7579f77SDag-Erling Smørgravproducts. We will only do that if you explicitly allow us. In all other 138b7579f77SDag-Erling Smørgravcases we will keep the information you share with us to ourselves. 139b7579f77SDag-Erling Smørgrav 140b7579f77SDag-Erling SmørgravIn addition to the moral support you can also support us 141b7579f77SDag-Erling Smørgravfinancially. NLnet Labs is a recognized not-for-profit charity foundation 142b7579f77SDag-Erling Smørgravthat is chartered to develop open-source software and open-standards 143b7579f77SDag-Erling Smørgravfor the Internet. If you use our software to satisfaction please express 144b7579f77SDag-Erling Smørgravthat by giving us a donation. For small donations PayPal can be used. For 145b7579f77SDag-Erling Smørgravlarger and regular donations please contact us at users@NLnetLabs.nl. Also 146b7579f77SDag-Erling Smørgravsee http://www.nlnetlabs.nl/labs/contributors/. 147b7579f77SDag-Erling Smørgrav 148b7579f77SDag-Erling Smørgrav 149b7579f77SDag-Erling Smørgrav* mailto:unbound-bugs@nlnetlabs.nl 150