aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/doc/README
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--external/unbound/doc/README149
-rw-r--r--external/unbound/doc/README.DNS6430
-rw-r--r--external/unbound/doc/README.svn17
-rw-r--r--external/unbound/doc/README.tests24
4 files changed, 220 insertions, 0 deletions
diff --git a/external/unbound/doc/README b/external/unbound/doc/README
new file mode 100644
index 000000000..1ae9f4f45
--- /dev/null
+++ b/external/unbound/doc/README
@@ -0,0 +1,149 @@
+README for Unbound @version@
+Copyright 2007 NLnet Labs
+http://unbound.net
+
+This software is under BSD license, see LICENSE for details.
+The DNS64 module has BSD license in dns64/dns64.c.
+The DNSTAP code has BSD license in dnstap/dnstap.c.
+
+* Download the latest release version of this software from
+ http://unbound.net
+ or get a beta version from the svn repository at
+ http://unbound.net/svn/
+
+* Uses the following libraries;
+ * libevent http://www.monkey.org/~provos/libevent/ (BSD license)
+ (optional) can use builtin alternative instead.
+ * libexpat (for the unbound-anchor helper program) (MIT license)
+
+* Make and install: ./configure; make; make install
+ * --with-libevent=/path/to/libevent
+ Can be set to either the system install or the build directory.
+ --with-libevent=no (default) gives a builtin alternative
+ implementation. libevent is useful when having many (thousands)
+ of outgoing ports. This improves randomization and spoof
+ resistance. For the default of 16 ports the builtin alternative
+ works well and is a little faster.
+ * --with-libexpat=/path/to/libexpat
+ Can be set to the install directory of libexpat.
+ * --without-pthreads
+ This disables pthreads. Without this option the pthreads library
+ is detected automatically. Use this option to disable threading
+ altogether, or, on Solaris, also use --with(out)-solaris-threads.
+ * --enable-checking
+ This enables assertions in the code that guard against a variety of
+ programming errors, among which buffer overflows. The program exits
+ with an error if an assertion fails (but the buffer did not overflow).
+ * --enable-static-exe
+ This enables a debug option to statically link against the
+ libevent library.
+ * --enable-lock-checks
+ This enables a debug option to check lock and unlock calls. It needs
+ a recent pthreads library to work.
+ * --enable-alloc-checks
+ This enables a debug option to check malloc (calloc, realloc, free).
+ The server periodically checks if the amount of memory used fits with
+ the amount of memory it thinks it should be using, and reports
+ memory usage in detail.
+ * --with-conf-file=filename
+ Set default location of config file,
+ the default is /usr/local/etc/unbound/unbound.conf.
+ * --with-pidfile=filename
+ Set default location of pidfile,
+ the default is /usr/local/etc/unbound/unbound.pid.
+ * --with-run-dir=path
+ Set default working directory,
+ the default is /usr/local/etc/unbound.
+ * --with-chroot-dir=path
+ Set default chroot directory,
+ the default is /usr/local/etc/unbound.
+ * --with-rootkey-file=path
+ Set the default root.key path. This file is read and written.
+ the default is /usr/local/etc/unbound/root.key
+ * --with-rootcert-file=path
+ Set the default root update certificate path. A builtin certificate
+ is used if this file is empty or does not exist.
+ the default is /usr/local/etc/unbound/icannbundle.pem
+ * --with-username=user
+ Set default user name to change to,
+ the default is the "unbound" user.
+ * --with-pyunbound
+ Create libunbound wrapper usable from python.
+ Needs python-devel and swig development tools.
+ * --with-pythonmodule
+ Compile the python module that processes responses in the server.
+ * --disable-sha2
+ Disable support for RSASHA256 and RSASHA512 crypto.
+ * --disable-gost
+ Disable support for GOST crypto, RFC 5933.
+
+* 'make test' runs a series of self checks.
+
+Known issues
+------------
+o If there are no replies for a forward or stub zone, for a reverse zone,
+ you may need to add a local-zone: name transparent or nodefault to the
+ server: section of the config file to unblock the reverse zone.
+ Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa
+o If libevent is older (before 1.3c), unbound will exit instead of reload
+ on sighup. On a restart 'did not exit gracefully last time' warning is
+ printed. Perform ./configure --with-libevent=no or update libevent, rerun
+ configure and recompile unbound to make sighup work correctly.
+ It is strongly suggested to use a recent version of libevent.
+o If you are not receiving the correct source IP address on replies (e.g.
+ you are running a multihomed, anycast server), the interface-automatic
+ option can be enabled to set socket options to achieve the correct
+ source IP address on UDP replies. Listing all IP addresses explicitly in
+ the config file is an alternative. The interface-automatic option uses
+ non portable socket options, Linux and FreeBSD should work fine.
+o The warning 'openssl has no entropy, seeding with time', with chroot
+ enabled, may be solved with a symbolic link to /dev/random from <chrootdir>.
+o On Solaris 5.10 some libtool packages from repositories do not work with
+ gcc, showing errors gcc: unrecognized option `-KPIC'
+ To solve this do ./configure libtool=./libtool [your options...].
+ On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc.
+o If unbound-control (or munin graphs) do not work, this can often be because
+ the unbound-control-setup script creates the keys with restricted
+ permissions, and the files need to be made readable or ownered by both the
+ unbound daemon and unbound-control.
+o Crosscompile seems to hang. You tried to install unbound under wine.
+ wine regedit and remove all the unbound entries from the registry or
+ delete .wine/drive_c.
+
+Acknowledgements
+----------------
+o Unbound was written in portable C by Wouter Wijngaards (NLnet Labs).
+o Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java
+ prototype. Design and code from that prototype has been used to create
+ this program. Such as the iterator state machine and the cache design.
+o Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs)
+ projects. Such as buffer, region-allocator and red-black tree code.
+o See Credits file for contributors.
+
+
+Your Support
+------------
+NLnet Labs offers all of its software products as open source, most are
+published under a BSD license. You can download them, not only from the
+NLnet Labs website but also through the various OS distributions for
+which NSD, ldns, and Unbound are packaged. We therefore have little idea
+who uses our software in production environments and have no direct ties
+with 'our customers'.
+
+Therefore, we ask you to contact us at users@NLnetLabs.nl and tell us
+whether you use one of our products in your production environment,
+what that environment looks like, and maybe even share some praise.
+We would like to refer to the fact that your organization is using our
+products. We will only do that if you explicitly allow us. In all other
+cases we will keep the information you share with us to ourselves.
+
+In addition to the moral support you can also support us
+financially. NLnet Labs is a recognized not-for-profit charity foundation
+that is chartered to develop open-source software and open-standards
+for the Internet. If you use our software to satisfaction please express
+that by giving us a donation. For small donations PayPal can be used. For
+larger and regular donations please contact us at users@NLnetLabs.nl. Also
+see http://www.nlnetlabs.nl/labs/contributors/.
+
+
+* mailto:unbound-bugs@nlnetlabs.nl
diff --git a/external/unbound/doc/README.DNS64 b/external/unbound/doc/README.DNS64
new file mode 100644
index 000000000..49446ac57
--- /dev/null
+++ b/external/unbound/doc/README.DNS64
@@ -0,0 +1,30 @@
+The DNS64 code was written by Viagenie, 2009, by Simon Perrault as part
+of the Ecdysis project. The code is copyright by them, and has the BSD
+license (see the dns64/dns64.c file).
+
+To enable DNS64 functionality in Unbound, two directives in unbound.conf must
+be edited:
+
+1. The "module-config" directive must start with "dns64". For example:
+
+ module-config: "dns64 validator iterator"
+
+If you're not using DNSSEC then you may remove "validator".
+
+2. The "dns64-prefix" directive indicates your DNS64 prefix. For example:
+
+ dns64-prefix: 64:FF9B::/96
+
+The prefix must be a /96 or shorter.
+
+To test that things are working right, perform a query against Unbound for a
+domain name for which no AAAA record exists. You should see a AAAA record in
+the answer section. The corresponding IPv6 address will be inside the DNS64
+prefix. For example:
+
+ $ unbound -c unbound.conf
+ $ dig @localhost jazz-v4.viagenie.ca aaaa
+ [...]
+ ;; ANSWER SECTION:
+ jazz-v4.viagenie.ca. 86400 IN AAAA 64:ff9b::ce7b:1f02
+
diff --git a/external/unbound/doc/README.svn b/external/unbound/doc/README.svn
new file mode 100644
index 000000000..b887e308c
--- /dev/null
+++ b/external/unbound/doc/README.svn
@@ -0,0 +1,17 @@
+README.svn
+
+For a svn checkout:
+* configure script, aclocal.m4, as well as yacc/lex output files are
+ committed to the repository.
+* use --enable-debug flag for configure to enable dependency tracking and
+ assertions, otherwise, use make clean; make after svn update.
+
+* Note changes in the Changelog.
+* Every check-in a postcommit hook is run
+ (the postcommit hook is in the svn/unbound/hooks directory).
+ * generates commit email with your changes and comment.
+ * compiles and runs the tests (with testcode/do-tests.sh).
+ * If build errors or test errors happen
+ * Please fix your errors and commit again.
+
+* Use gnu make to compile, make or 'gmake'.
diff --git a/external/unbound/doc/README.tests b/external/unbound/doc/README.tests
new file mode 100644
index 000000000..5385e2b22
--- /dev/null
+++ b/external/unbound/doc/README.tests
@@ -0,0 +1,24 @@
+README unbound tests
+
+For a quick test that runs unit tests and state machine tests, use
+ make test
+
+There is a long test setup for unbound that needs tools installed. Use
+ make longtest
+To make and run the long tests. The results are summarized at the end.
+
+You need to have the following programs installed and in your PATH.
+* dig - from the bind-tools package. Used to send DNS queries.
+* splint (optional) - for lint test
+* doxygen (optional) - for doc completeness test
+* ldns-testns - from ldns examples. Used as DNS auth server.
+* xxd and nc (optional) - for (malformed) packet transmission.
+The optional programs are detected and can be omitted.
+
+testdata/ contains the data for tests.
+testcode/ contains scripts and c code for the tests.
+
+do-tests.sh : runs all the tests in the testdata directory.
+testbed.sh : compiles on a set of (user specific) hosts and runs do-tests.
+
+Tests are run using testcode/mini_tpkg.sh.