1.\" $OpenBSD: unwind.8,v 1.11 2021/07/18 11:18:38 kn Exp $ 2.\" 3.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> 4.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: July 18 2021 $ 19.Dt UNWIND 8 20.Os 21.Sh NAME 22.Nm unwind 23.Nd validating DNS resolver 24.Sh SYNOPSIS 25.Nm 26.Op Fl dnv 27.Op Fl f Ar file 28.Op Fl s Ar socket 29.Sh DESCRIPTION 30.Nm 31is a validating DNS resolver. 32It is intended to run on client machines like workstations or laptops and only 33listens on localhost. 34.Nm 35sends DNS queries to nameservers to answer queries and switches to resolvers 36learned from 37.Xr dhclient 8 , 38.Xr dhcpleased 8 39or 40.Xr slaacd 8 41if it detects that DNS queries are blocked by the local network. 42It periodically probes if DNS is no longer blocked and switches back to 43querying nameservers itself. 44.Pp 45.Nm 46keeps the DNS answers in a cache shared by the different DNS name 47server types. 48.Nm 49manages the cache size by deleting oldest entries when needed. 50The cache is non-configurable and is lost upon process restart. 51.Pp 52To have 53.Nm 54enabled at boot time, use 55.Dq rcctl enable unwind , 56which sets 57.Pp 58.Dl unwind_flags=\(dq\(dq 59.Pp 60in 61.Xr rc.conf.local 8 . 62.Pp 63A running 64.Nm 65can be controlled with the 66.Xr unwindctl 8 67utility. 68.Pp 69The options are as follows: 70.Bl -tag -width Ds 71.It Fl d 72Do not daemonize. 73If this option is specified, 74.Nm 75will run in the foreground and log to 76.Em stderr . 77.It Fl f Ar file 78Specify an alternative configuration file. 79.It Fl n 80Configtest mode. 81Only check the configuration file for validity. 82.It Fl s Ar socket 83Use an alternate location for the default control socket. 84.It Fl v 85Produce more verbose output. 86Multiple 87.Fl v 88options increase the verbosity. 89Debug output from libunbound is only available when logging to 90.Em stderr . 91.El 92.Sh FILES 93.Bl -tag -width "/var/db/unwind.keyXXX" -compact 94.It Pa /etc/unwind.conf 95Default 96.Nm 97configuration file. 98.It Pa /var/db/unwind.key 99Trust anchor for DNSSEC validation. 100.It Pa /dev/unwind.sock 101.Ux Ns -domain 102socket used for communication with 103.Xr unwindctl 8 . 104.El 105.Sh SEE ALSO 106.Xr unwind.conf 5 , 107.Xr dhclient 8 , 108.Xr dhcpleased 8 , 109.Xr slaacd 8 , 110.Xr unbound 8 , 111.Xr unwindctl 8 112.Sh STANDARDS 113.Rs 114.%A P. Mockapetris 115.%D November 1987 116.%R RFC 1034 117.%T DOMAIN NAMES - CONCEPTS AND FACILITIES 118.Re 119.Pp 120.Rs 121.%A P. Mockapetris 122.%D November 1987 123.%R RFC 1035 124.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 125.Re 126.Sh HISTORY 127The 128.Nm 129program first appeared in 130.Ox 6.5 . 131.Sh AUTHORS 132.An -nosplit 133The 134.Nm 135program was written by 136.An Florian Obser Aq Mt florian@openbsd.org . 137