1285206SdesREADME for Unbound 1.5.3 2238106SdesCopyright 2007 NLnet Labs 3238106Sdeshttp://unbound.net 4238106Sdes 5238106SdesThis software is under BSD license, see LICENSE for details. 6285206SdesThe DNS64 module has BSD license in dns64/dns64.c. 7285206SdesThe DNSTAP code has BSD license in dnstap/dnstap.c. 8238106Sdes 9238106Sdes* Download the latest release version of this software from 10238106Sdes http://unbound.net 11238106Sdes or get a beta version from the svn repository at 12238106Sdes http://unbound.net/svn/ 13238106Sdes 14238106Sdes* Uses the following libraries; 15238106Sdes * libevent http://www.monkey.org/~provos/libevent/ (BSD license) 16238106Sdes (optional) can use builtin alternative instead. 17269257Sdes * libexpat (for the unbound-anchor helper program) (MIT license) 18238106Sdes 19238106Sdes* Make and install: ./configure; make; make install 20238106Sdes * --with-libevent=/path/to/libevent 21238106Sdes Can be set to either the system install or the build directory. 22238106Sdes --with-libevent=no (default) gives a builtin alternative 23238106Sdes implementation. libevent is useful when having many (thousands) 24238106Sdes of outgoing ports. This improves randomization and spoof 25238106Sdes resistance. For the default of 16 ports the builtin alternative 26238106Sdes works well and is a little faster. 27238106Sdes * --with-libexpat=/path/to/libexpat 28238106Sdes Can be set to the install directory of libexpat. 29238106Sdes * --without-pthreads 30238106Sdes This disables pthreads. Without this option the pthreads library 31238106Sdes is detected automatically. Use this option to disable threading 32238106Sdes altogether, or, on Solaris, also use --with(out)-solaris-threads. 33238106Sdes * --enable-checking 34238106Sdes This enables assertions in the code that guard against a variety of 35238106Sdes programming errors, among which buffer overflows. The program exits 36238106Sdes with an error if an assertion fails (but the buffer did not overflow). 37238106Sdes * --enable-static-exe 38269257Sdes This enables a debug option to statically link against the 39269257Sdes libevent library. 40238106Sdes * --enable-lock-checks 41238106Sdes This enables a debug option to check lock and unlock calls. It needs 42238106Sdes a recent pthreads library to work. 43238106Sdes * --enable-alloc-checks 44238106Sdes This enables a debug option to check malloc (calloc, realloc, free). 45238106Sdes The server periodically checks if the amount of memory used fits with 46238106Sdes the amount of memory it thinks it should be using, and reports 47238106Sdes memory usage in detail. 48238106Sdes * --with-conf-file=filename 49238106Sdes Set default location of config file, 50238106Sdes the default is /usr/local/etc/unbound/unbound.conf. 51238106Sdes * --with-pidfile=filename 52238106Sdes Set default location of pidfile, 53238106Sdes the default is /usr/local/etc/unbound/unbound.pid. 54238106Sdes * --with-run-dir=path 55238106Sdes Set default working directory, 56238106Sdes the default is /usr/local/etc/unbound. 57238106Sdes * --with-chroot-dir=path 58238106Sdes Set default chroot directory, 59238106Sdes the default is /usr/local/etc/unbound. 60238106Sdes * --with-rootkey-file=path 61238106Sdes Set the default root.key path. This file is read and written. 62238106Sdes the default is /usr/local/etc/unbound/root.key 63238106Sdes * --with-rootcert-file=path 64238106Sdes Set the default root update certificate path. A builtin certificate 65238106Sdes is used if this file is empty or does not exist. 66238106Sdes the default is /usr/local/etc/unbound/icannbundle.pem 67238106Sdes * --with-username=user 68238106Sdes Set default user name to change to, 69238106Sdes the default is the "unbound" user. 70238106Sdes * --with-pyunbound 71238106Sdes Create libunbound wrapper usable from python. 72238106Sdes Needs python-devel and swig development tools. 73238106Sdes * --with-pythonmodule 74238106Sdes Compile the python module that processes responses in the server. 75238106Sdes * --disable-sha2 76238106Sdes Disable support for RSASHA256 and RSASHA512 crypto. 77238106Sdes * --disable-gost 78238106Sdes Disable support for GOST crypto, RFC 5933. 79238106Sdes 80238106Sdes* 'make test' runs a series of self checks. 81238106Sdes 82238106SdesKnown issues 83238106Sdes------------ 84238106Sdeso If there are no replies for a forward or stub zone, for a reverse zone, 85238106Sdes you may need to add a local-zone: name transparent or nodefault to the 86238106Sdes server: section of the config file to unblock the reverse zone. 87238106Sdes Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa 88238106Sdeso If libevent is older (before 1.3c), unbound will exit instead of reload 89238106Sdes on sighup. On a restart 'did not exit gracefully last time' warning is 90238106Sdes printed. Perform ./configure --with-libevent=no or update libevent, rerun 91238106Sdes configure and recompile unbound to make sighup work correctly. 92238106Sdes It is strongly suggested to use a recent version of libevent. 93238106Sdeso If you are not receiving the correct source IP address on replies (e.g. 94238106Sdes you are running a multihomed, anycast server), the interface-automatic 95238106Sdes option can be enabled to set socket options to achieve the correct 96238106Sdes source IP address on UDP replies. Listing all IP addresses explicitly in 97238106Sdes the config file is an alternative. The interface-automatic option uses 98238106Sdes non portable socket options, Linux and FreeBSD should work fine. 99238106Sdeso The warning 'openssl has no entropy, seeding with time', with chroot 100238106Sdes enabled, may be solved with a symbolic link to /dev/random from <chrootdir>. 101238106Sdeso On Solaris 5.10 some libtool packages from repositories do not work with 102238106Sdes gcc, showing errors gcc: unrecognized option `-KPIC' 103238106Sdes To solve this do ./configure libtool=./libtool [your options...]. 104238106Sdes On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. 105238106Sdeso If unbound-control (or munin graphs) do not work, this can often be because 106238106Sdes the unbound-control-setup script creates the keys with restricted 107238106Sdes permissions, and the files need to be made readable or ownered by both the 108238106Sdes unbound daemon and unbound-control. 109238106Sdeso Crosscompile seems to hang. You tried to install unbound under wine. 110238106Sdes wine regedit and remove all the unbound entries from the registry or 111238106Sdes delete .wine/drive_c. 112238106Sdes 113238106SdesAcknowledgements 114238106Sdes---------------- 115238106Sdeso Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). 116238106Sdeso Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java 117238106Sdes prototype. Design and code from that prototype has been used to create 118238106Sdes this program. Such as the iterator state machine and the cache design. 119238106Sdeso Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) 120238106Sdes projects. Such as buffer, region-allocator and red-black tree code. 121238106Sdeso See Credits file for contributors. 122238106Sdes 123238106Sdes 124238106SdesYour Support 125238106Sdes------------ 126238106SdesNLnet Labs offers all of its software products as open source, most are 127238106Sdespublished under a BSD license. You can download them, not only from the 128238106SdesNLnet Labs website but also through the various OS distributions for 129238106Sdeswhich NSD, ldns, and Unbound are packaged. We therefore have little idea 130238106Sdeswho uses our software in production environments and have no direct ties 131238106Sdeswith 'our customers'. 132238106Sdes 133238106SdesTherefore, we ask you to contact us at users@NLnetLabs.nl and tell us 134238106Sdeswhether you use one of our products in your production environment, 135238106Sdeswhat that environment looks like, and maybe even share some praise. 136238106SdesWe would like to refer to the fact that your organization is using our 137238106Sdesproducts. We will only do that if you explicitly allow us. In all other 138238106Sdescases we will keep the information you share with us to ourselves. 139238106Sdes 140238106SdesIn addition to the moral support you can also support us 141238106Sdesfinancially. NLnet Labs is a recognized not-for-profit charity foundation 142238106Sdesthat is chartered to develop open-source software and open-standards 143238106Sdesfor the Internet. If you use our software to satisfaction please express 144238106Sdesthat by giving us a donation. For small donations PayPal can be used. For 145238106Sdeslarger and regular donations please contact us at users@NLnetLabs.nl. Also 146238106Sdessee http://www.nlnetlabs.nl/labs/contributors/. 147238106Sdes 148238106Sdes 149238106Sdes* mailto:unbound-bugs@nlnetlabs.nl 150