xref: /freebsd/contrib/unbound/doc/README (revision 024248c933c5741a21c17eda63092f330dd98337)
1README for Unbound 1.21.0
2Copyright 2007 NLnet Labs
3http://unbound.net
4
5This software is under BSD license, see LICENSE for details.
6The DNS64 module has BSD license in dns64/dns64.c.
7The DNSTAP code has BSD license in dnstap/dnstap.c.
8
9* Download the latest release version of this software from
10  	http://unbound.net
11  or get a beta version from the svn repository at
12  	http://unbound.net/svn/
13
14* Uses the following libraries;
15  * libevent	http://www.monkey.org/~provos/libevent/		(BSD license)
16    (optional) can use builtin alternative instead.
17  * libexpat	(for the unbound-anchor helper program)		(MIT license)
18
19* Make and install: ./configure; make; make install
20  * --with-libevent=/path/to/libevent
21  	Can be set to either the system install or the build directory.
22	--with-libevent=no gives a builtin alternative implementation.
23	Libevent is enabled by default, it is useful when having many
24	(thousands) of outgoing ports. This improves randomization and spoof
25	resistance. It also allows a higher number of outgoing queries.
26  * --with-libexpat=/path/to/libexpat
27  	Can be set to the install directory of libexpat.
28  * --without-pthreads
29	This disables pthreads. Without this option the pthreads library
30	is detected automatically. Use this option to disable threading
31	altogether, or, on Solaris, also use --with(out)-solaris-threads.
32  * --enable-checking
33  	This enables assertions in the code that guard against a variety of
34	programming errors, among which buffer overflows.  The program exits
35	with an error if an assertion fails (but the buffer did not overflow).
36  * --enable-static-exe
37	This enables a debug option to statically link against the
38	libevent library.
39  * --enable-lock-checks
40  	This enables a debug option to check lock and unlock calls. It needs
41	a recent pthreads library to work.
42  * --enable-alloc-checks
43	This enables a debug option to check malloc (calloc, realloc, free).
44	The server periodically checks if the amount of memory used fits with
45	the amount of memory it thinks it should be using, and reports
46	memory usage in detail.
47  * --with-conf-file=filename
48  	Set default location of config file,
49	the default is /usr/local/etc/unbound/unbound.conf.
50  * --with-pidfile=filename
51  	Set default location of pidfile,
52	the default is /usr/local/etc/unbound/unbound.pid.
53  * --with-run-dir=path
54  	Set default working directory,
55	the default is /usr/local/etc/unbound.
56  * --with-chroot-dir=path
57  	Set default chroot directory,
58	the default is /usr/local/etc/unbound.
59  * --with-rootkey-file=path
60  	Set the default root.key path.  This file is read and written.
61	the default is /usr/local/etc/unbound/root.key
62  * --with-rootcert-file=path
63  	Set the default root update certificate path.  A builtin certificate
64	is used if this file is empty or does not exist.
65	the default is /usr/local/etc/unbound/icannbundle.pem
66  * --with-username=user
67  	Set default user name to change to,
68	the default is the "unbound" user.
69  * --with-pyunbound
70  	Create libunbound wrapper usable from python.
71	Needs python-devel and swig development tools.
72  * --with-pythonmodule
73  	Compile the python module that processes responses in the server.
74  * --disable-sha2
75  	Disable support for RSASHA256 and RSASHA512 crypto.
76  * --disable-gost
77  	Disable support for GOST crypto, RFC 5933.
78  * --enable-subnet
79  	Enable EDNS client subnet processing.
80
81* 'make test' runs a series of self checks.
82
83Known issues
84------------
85o If there are no replies for a forward or stub zone, for a reverse zone,
86  you may need to add a local-zone: name transparent or nodefault to the
87  server: section of the config file to unblock the reverse zone.
88  Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa
89o If libevent is older (before 1.3c), unbound will exit instead of reload
90  on sighup. On a restart 'did not exit gracefully last time' warning is
91  printed. Perform ./configure --with-libevent=no or update libevent, rerun
92  configure and recompile unbound to make sighup work correctly.
93  It is strongly suggested to use a recent version of libevent.
94o If you are not receiving the correct source IP address on replies (e.g.
95  you are running a multihomed, anycast server), the interface-automatic
96  option can be enabled to set socket options to achieve the correct
97  source IP address on UDP replies. Listing all IP addresses explicitly in
98  the config file is an alternative. The interface-automatic option uses
99  non portable socket options, Linux and FreeBSD should work fine.
100o The warning 'openssl has no entropy, seeding with time', with chroot
101  enabled, may be solved with a symbolic link to /dev/urandom from <chrootdir>.
102o On Solaris 5.10 some libtool packages from repositories do not work with
103  gcc, showing errors gcc: unrecognized option `-KPIC'
104  To solve this do ./configure libtool=./libtool [your options...].
105  On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc.
106o If unbound-control (or munin graphs) do not work, this can often be because
107  the unbound-control-setup script creates the keys with restricted
108  permissions, and the files need to be made readable or ownered by both the
109  unbound daemon and unbound-control.
110o Crosscompile seems to hang.  You tried to install unbound under wine.
111  wine regedit and remove all the unbound entries from the registry or
112  delete .wine/drive_c.
113
114Acknowledgements
115----------------
116o Unbound was written in portable C by Wouter Wijngaards (NLnet Labs).
117o Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java
118  prototype. Design and code from that prototype has been used to create
119  this program. Such as the iterator state machine and the cache design.
120o Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs)
121  projects. Such as buffer, region-allocator and red-black tree code.
122o See Credits file for contributors.
123
124
125Your Support
126------------
127NLnet Labs offers all of its software products as open source, most are
128published under a BSD license. You can download them, not only from the
129NLnet Labs website but also through the various OS distributions for
130which NSD, ldns, and Unbound are packaged. We therefore have little idea
131who uses our software in production environments and have no direct ties
132with 'our customers'.
133
134Therefore, we ask you to contact us at users@NLnetLabs.nl and tell us
135whether you use one of our products in your production environment,
136what that environment looks like, and maybe even share some praise.
137We would like to refer to the fact that your organization is using our
138products. We will only do that if you explicitly allow us. In all other
139cases we will keep the information you share with us to ourselves.
140
141In addition to the moral support you can also support us
142financially. NLnet Labs is a recognized not-for-profit charity foundation
143that is chartered to develop open-source software and open-standards
144for the Internet. If you use our software to satisfaction please express
145that by giving us a donation. For small donations PayPal can be used. For
146larger and regular donations please contact us at users@NLnetLabs.nl. Also
147see http://www.nlnetlabs.nl/labs/contributors/.
148
149
150* mailto:unbound-bugs@nlnetlabs.nl
151