1README for Unbound 1.4.22 2Copyright 2007 NLnet Labs 3http://unbound.net 4 5This software is under BSD license, see LICENSE for details. 6 7* Download the latest release version of this software from 8 http://unbound.net 9 or get a beta version from the svn repository at 10 http://unbound.net/svn/ 11 12* Uses the following libraries; 13 * libevent http://www.monkey.org/~provos/libevent/ (BSD license) 14 (optional) can use builtin alternative instead. 15 * libexpat (for the unbound-anchor helper program) (MIT license) 16 17* Make and install: ./configure; make; make install 18 * --with-libevent=/path/to/libevent 19 Can be set to either the system install or the build directory. 20 --with-libevent=no (default) gives a builtin alternative 21 implementation. libevent is useful when having many (thousands) 22 of outgoing ports. This improves randomization and spoof 23 resistance. For the default of 16 ports the builtin alternative 24 works well and is a little faster. 25 * --with-libexpat=/path/to/libexpat 26 Can be set to the install directory of libexpat. 27 * --without-pthreads 28 This disables pthreads. Without this option the pthreads library 29 is detected automatically. Use this option to disable threading 30 altogether, or, on Solaris, also use --with(out)-solaris-threads. 31 * --enable-checking 32 This enables assertions in the code that guard against a variety of 33 programming errors, among which buffer overflows. The program exits 34 with an error if an assertion fails (but the buffer did not overflow). 35 * --enable-static-exe 36 This enables a debug option to statically link against the 37 libevent library. 38 * --enable-lock-checks 39 This enables a debug option to check lock and unlock calls. It needs 40 a recent pthreads library to work. 41 * --enable-alloc-checks 42 This enables a debug option to check malloc (calloc, realloc, free). 43 The server periodically checks if the amount of memory used fits with 44 the amount of memory it thinks it should be using, and reports 45 memory usage in detail. 46 * --with-conf-file=filename 47 Set default location of config file, 48 the default is /usr/local/etc/unbound/unbound.conf. 49 * --with-pidfile=filename 50 Set default location of pidfile, 51 the default is /usr/local/etc/unbound/unbound.pid. 52 * --with-run-dir=path 53 Set default working directory, 54 the default is /usr/local/etc/unbound. 55 * --with-chroot-dir=path 56 Set default chroot directory, 57 the default is /usr/local/etc/unbound. 58 * --with-rootkey-file=path 59 Set the default root.key path. This file is read and written. 60 the default is /usr/local/etc/unbound/root.key 61 * --with-rootcert-file=path 62 Set the default root update certificate path. A builtin certificate 63 is used if this file is empty or does not exist. 64 the default is /usr/local/etc/unbound/icannbundle.pem 65 * --with-username=user 66 Set default user name to change to, 67 the default is the "unbound" user. 68 * --with-pyunbound 69 Create libunbound wrapper usable from python. 70 Needs python-devel and swig development tools. 71 * --with-pythonmodule 72 Compile the python module that processes responses in the server. 73 * --disable-sha2 74 Disable support for RSASHA256 and RSASHA512 crypto. 75 * --disable-gost 76 Disable support for GOST crypto, RFC 5933. 77 78* 'make test' runs a series of self checks. 79 80Known issues 81------------ 82o If there are no replies for a forward or stub zone, for a reverse zone, 83 you may need to add a local-zone: name transparent or nodefault to the 84 server: section of the config file to unblock the reverse zone. 85 Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa 86o If libevent is older (before 1.3c), unbound will exit instead of reload 87 on sighup. On a restart 'did not exit gracefully last time' warning is 88 printed. Perform ./configure --with-libevent=no or update libevent, rerun 89 configure and recompile unbound to make sighup work correctly. 90 It is strongly suggested to use a recent version of libevent. 91o If you are not receiving the correct source IP address on replies (e.g. 92 you are running a multihomed, anycast server), the interface-automatic 93 option can be enabled to set socket options to achieve the correct 94 source IP address on UDP replies. Listing all IP addresses explicitly in 95 the config file is an alternative. The interface-automatic option uses 96 non portable socket options, Linux and FreeBSD should work fine. 97o The warning 'openssl has no entropy, seeding with time', with chroot 98 enabled, may be solved with a symbolic link to /dev/random from <chrootdir>. 99o On Solaris 5.10 some libtool packages from repositories do not work with 100 gcc, showing errors gcc: unrecognized option `-KPIC' 101 To solve this do ./configure libtool=./libtool [your options...]. 102 On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. 103o If unbound-control (or munin graphs) do not work, this can often be because 104 the unbound-control-setup script creates the keys with restricted 105 permissions, and the files need to be made readable or ownered by both the 106 unbound daemon and unbound-control. 107o Crosscompile seems to hang. You tried to install unbound under wine. 108 wine regedit and remove all the unbound entries from the registry or 109 delete .wine/drive_c. 110 111Acknowledgements 112---------------- 113o Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). 114o Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java 115 prototype. Design and code from that prototype has been used to create 116 this program. Such as the iterator state machine and the cache design. 117o Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) 118 projects. Such as buffer, region-allocator and red-black tree code. 119o See Credits file for contributors. 120 121 122Your Support 123------------ 124NLnet Labs offers all of its software products as open source, most are 125published under a BSD license. You can download them, not only from the 126NLnet Labs website but also through the various OS distributions for 127which NSD, ldns, and Unbound are packaged. We therefore have little idea 128who uses our software in production environments and have no direct ties 129with 'our customers'. 130 131Therefore, we ask you to contact us at users@NLnetLabs.nl and tell us 132whether you use one of our products in your production environment, 133what that environment looks like, and maybe even share some praise. 134We would like to refer to the fact that your organization is using our 135products. We will only do that if you explicitly allow us. In all other 136cases we will keep the information you share with us to ourselves. 137 138In addition to the moral support you can also support us 139financially. NLnet Labs is a recognized not-for-profit charity foundation 140that is chartered to develop open-source software and open-standards 141for the Internet. If you use our software to satisfaction please express 142that by giving us a donation. For small donations PayPal can be used. For 143larger and regular donations please contact us at users@NLnetLabs.nl. Also 144see http://www.nlnetlabs.nl/labs/contributors/. 145 146 147* mailto:unbound-bugs@nlnetlabs.nl 148