1.\" $OpenBSD: unwind.8,v 1.8 2020/04/21 17:03:44 florian Exp $ 2.\" 3.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> 4.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: April 21 2020 $ 19.Dt UNWIND 8 20.Os 21.Sh NAME 22.Nm unwind 23.Nd validating DNS resolver 24.Sh SYNOPSIS 25.Nm 26.Op Fl dnv 27.Op Fl f Ar file 28.Op Fl s Ar socket 29.Sh DESCRIPTION 30.Nm 31is a validating DNS resolver. 32It is intended to run on client machines like workstations or laptops and only 33listens on localhost. 34.Nm 35sends DNS queries to nameservers to answer queries and switches to resolvers 36learned from 37.Xr dhclient 8 38if it detects that DNS queries are blocked by the local network. 39It periodically probes if DNS is no longer blocked and switches back to 40querying nameservers itself. 41.Pp 42To have 43.Nm 44enabled at boot time, use 45.Dq rcctl enable unwind , 46which sets 47.Pp 48.Dl unwind_flags=\(dq\(dq 49.Pp 50in 51.Xr rc.conf.local 8 . 52.Pp 53Adding 54.Pp 55.Dl supersede domain-name-servers 127.0.0.1; 56.Pp 57to 58.Pa /etc/dhclient.conf 59configures a machine using DHCP to use 60.Nm . 61.Pp 62A running 63.Nm 64can be controlled with the 65.Xr unwindctl 8 66utility. 67.Pp 68The options are as follows: 69.Bl -tag -width Ds 70.It Fl d 71Do not daemonize. 72If this option is specified, 73.Nm 74will run in the foreground and log to 75.Em stderr . 76.It Fl f Ar file 77Specify an alternative configuration file. 78.It Fl n 79Configtest mode. 80Only check the configuration file for validity. 81.It Fl s Ar socket 82Use an alternate location for the default control socket. 83.It Fl v 84Produce more verbose output. 85Multiple 86.Fl v 87options increase the verbosity. 88.El 89.Sh FILES 90.Bl -tag -width "/var/db/unwind.keyXXX" -compact 91.It Pa /etc/unwind.conf 92Default 93.Nm 94configuration file. 95.It Pa /var/db/unwind.key 96Trust anchor for DNSSEC validation. 97.It Pa /dev/unwind.sock 98.Ux Ns -domain 99socket used for communication with 100.Xr unwindctl 8 . 101.El 102.Sh SEE ALSO 103.Xr unwind.conf 5 , 104.Xr dhclient 8 , 105.Xr unbound 8 , 106.Xr unwindctl 8 107.Sh STANDARDS 108.Rs 109.%A P. Mockapetris 110.%D November 1987 111.%R RFC 1034 112.%T DOMAIN NAMES - CONCEPTS AND FACILITIES 113.Re 114.Pp 115.Rs 116.%A P. Mockapetris 117.%D November 1987 118.%R RFC 1035 119.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 120.Re 121.Sh HISTORY 122The 123.Nm 124program first appeared in 125.Ox 6.5 . 126.Sh AUTHORS 127.An -nosplit 128The 129.Nm 130program was written by 131.An Florian Obser Aq Mt florian@openbsd.org . 132