diff options
Diffstat (limited to '')
-rw-r--r-- | external/unbound/doc/libunbound.3.in | 385 |
1 files changed, 385 insertions, 0 deletions
diff --git a/external/unbound/doc/libunbound.3.in b/external/unbound/doc/libunbound.3.in new file mode 100644 index 000000000..14e2a059f --- /dev/null +++ b/external/unbound/doc/libunbound.3.in @@ -0,0 +1,385 @@ +.TH "libunbound" "3" "@date@" "NLnet Labs" "unbound @version@" +.\" +.\" libunbound.3 -- unbound library functions manual +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.B libunbound, +.B unbound.h, +.B ub_ctx, +.B ub_result, +.B ub_callback_t, +.B ub_ctx_create, +.B ub_ctx_delete, +.B ub_ctx_set_option, +.B ub_ctx_get_option, +.B ub_ctx_config, +.B ub_ctx_set_fwd, +.B ub_ctx_resolvconf, +.B ub_ctx_hosts, +.B ub_ctx_add_ta, +.B ub_ctx_add_ta_file, +.B ub_ctx_trustedkeys, +.B ub_ctx_debugout, +.B ub_ctx_debuglevel, +.B ub_ctx_async, +.B ub_poll, +.B ub_wait, +.B ub_fd, +.B ub_process, +.B ub_resolve, +.B ub_resolve_async, +.B ub_cancel, +.B ub_resolve_free, +.B ub_strerror, +.B ub_ctx_print_local_zones, +.B ub_ctx_zone_add, +.B ub_ctx_zone_remove, +.B ub_ctx_data_add, +.B ub_ctx_data_remove +\- Unbound DNS validating resolver @version@ functions. +.SH "SYNOPSIS" +.B #include <unbound.h> +.LP +\fIstruct ub_ctx *\fR +\fBub_ctx_create\fR(\fIvoid\fR); +.LP +\fIvoid\fR +\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val); +.LP +\fIint\fR +\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val); +.LP +\fIint\fR +\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr); +.LP +\fIint\fR +\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta); +.LP +\fIint\fR +\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out); +.LP +\fIint\fR +\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d); +.LP +\fIint\fR +\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread); +.LP +\fIint\fR +\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_process\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, +.br + \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result); +.LP +\fIint\fR +\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, +.br + \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, +.br + \fIub_callback_t\fR callback, \fIint*\fR async_id); +.LP +\fIint\fR +\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id); +.LP +\fIvoid\fR +\fBub_resolve_free\fR(\fIstruct ub_result*\fR result); +.LP +\fIconst char *\fR +\fBub_strerror\fR(\fIint\fR err); +.LP +\fIint\fR +\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type); +.LP +\fIint\fR +\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name); +.LP +\fIint\fR +\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); +.LP +\fIint\fR +\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); +.SH "DESCRIPTION" +.B Unbound +is an implementation of a DNS resolver, that does caching and +DNSSEC validation. This is the library API, for using the \-lunbound library. +The server daemon is described in \fIunbound\fR(8). +The library can be used to convert hostnames to ip addresses, and back, +and obtain other information from the DNS. The library performs public\-key +validation of results with DNSSEC. +.P +The library uses a variable of type \fIstruct ub_ctx\fR to keep context +between calls. The user must maintain it, creating it with +.B ub_ctx_create +and deleting it with +.B ub_ctx_delete\fR. +It can be created and deleted at any time. Creating it anew removes any +previous configuration (such as trusted keys) and clears any cached results. +.P +The functions are thread\-safe, and a context an be used in a threaded (as +well as in a non\-threaded) environment. Also resolution (and validation) +can be performed blocking and non\-blocking (also called asynchronous). +The async method returns from the call immediately, so that processing +can go on, while the results become available later. +.P +The functions are discussed in turn below. +.SH "FUNCTIONS" +.TP +.B ub_ctx_create +Create a new context, initialised with defaults. +The information from /etc/resolv.conf and /etc/hosts is not utilised +by default. Use +.B ub_ctx_resolvconf +and +.B ub_ctx_hosts +to read them. +Before you call this, use the openssl functions CRYPTO_set_id_callback and +CRYPTO_set_locking_callback to set up asyncronous operation if you use +lib openssl (the application calls these functions once for initialisation). +.TP +.B ub_ctx_delete +Delete validation context and free associated resources. +Outstanding async queries are killed and callbacks are not called for them. +.TP +.B ub_ctx_set_option +A power\-user interface that lets you specify one of the options from the +config file format, see \fIunbound.conf\fR(5). Not all options are +relevant. For some specific options, such as adding trust anchors, special +routines exist. Pass the option name with the trailing ':'. +.TP +.B ub_ctx_get_option +A power\-user interface that gets an option value. Some options cannot be +gotten, and others return a newline separated list. Pass the option name +without trailing ':'. The returned value must be free(2)d by the caller. +.TP +.B ub_ctx_config +A power\-user interface that lets you specify an unbound config file, see +\fIunbound.conf\fR(5), which is read for configuration. Not all options are +relevant. For some specific options, such as adding trust anchors, special +routines exist. +.TP +.B ub_ctx_set_fwd +Set machine to forward DNS queries to, the caching resolver to use. +IP4 or IP6 address. Forwards all DNS requests to that machine, which +is expected to run a recursive resolver. If the proxy is not +DNSSEC capable, validation may fail. Can be called several times, in +that case the addresses are used as backup servers. +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B ub_ctx_resolvconf +By default the root servers are queried and full resolver mode is used, but +you can use this call to read the list of nameservers to use from the +filename given. +Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. +If they do not support DNSSEC, validation may fail. +Only nameservers are picked up, the searchdomain, ndots and other +settings from \fIresolv.conf\fR(5) are ignored. +If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, +the system\-wide configured nameserver is picked instead). +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B ub_ctx_hosts +Read list of hosts from the filename given. +Usually "/etc/hosts". When queried for, these addresses are not marked +DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used +(if on Windows, etc/hosts from WINDIR is picked instead). +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B +ub_ctx_add_ta +Add a trust anchor to the given context. +At this time it is only possible to add trusted keys before the +first resolve is done. +The format is a string, similar to the zone\-file format, +[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted. +.TP +.B ub_ctx_add_ta_file +Add trust anchors to the given context. +Pass name of a file with DS and DNSKEY records in zone file format. +At this time it is only possible to add trusted keys before the +first resolve is done. +.TP +.B ub_ctx_trustedkeys +Add trust anchors to the given context. +Pass the name of a bind\-style config file with trusted\-keys{}. +At this time it is only possible to add trusted keys before the +first resolve is done. +.TP +.B ub_ctx_debugout +Set debug and error log output to the given stream. Pass NULL to disable +output. Default is stderr. File\-names or using syslog can be enabled +using config options, this routine is for using your own stream. +.TP +.B ub_ctx_debuglevel +Set debug verbosity for the context. Output is directed to stderr. +Higher debug level gives more output. +.TP +.B ub_ctx_async +Set a context behaviour for asynchronous action. +if set to true, enables threading and a call to +.B ub_resolve_async +creates a thread to handle work in the background. +If false, a process is forked to handle work in the background. +Changes to this setting after +.B ub_resolve_async +calls have been made have no effect (delete and re\-create the context +to change). +.TP +.B ub_poll +Poll a context to see if it has any new results. +Do not poll in a loop, instead extract the fd below to poll for readiness, +and then check, or wait using the wait routine. +Returns 0 if nothing to read, or nonzero if a result is available. +If nonzero, call +.B ub_process +to do callbacks. +.TP +.B ub_wait +Wait for a context to finish with results. Calls +.B ub_process +after the wait for you. After the wait, there are no more outstanding +asynchronous queries. +.TP +.B ub_fd +Get file descriptor. Wait for it to become readable, at this point +answers are returned from the asynchronous validating resolver. +Then call the \fBub_process\fR to continue processing. +.TP +.B ub_process +Call this routine to continue processing results from the validating +resolver (when the fd becomes readable). +Will perform necessary callbacks. +.TP +.B ub_resolve +Perform resolution and validation of the target name. +The name is a domain name in a zero terminated text string. +The rrtype and rrclass are DNS type and class codes. +The result structure is newly allocated with the resulting data. +.TP +.B ub_resolve_async +Perform asynchronous resolution and validation of the target name. +Arguments mean the same as for \fBub_resolve\fR except no +data is returned immediately, instead a callback is called later. +The callback receives a copy of the mydata pointer, that you can use to pass +information to the callback. The callback type is a function pointer to +a function declared as +.IP +void my_callback_function(void* my_arg, int err, +.br + struct ub_result* result); +.IP +The async_id is returned so you can (at your option) decide to track it +and cancel the request if needed. If you pass a NULL pointer the async_id +is not returned. +.TP +.B ub_cancel +Cancel an async query in progress. This may return an error if the query +does not exist, or the query is already being delivered, in that case you +may still get a callback for the query. +.TP +.B ub_resolve_free +Free struct ub_result contents after use. +.TP +.B ub_strerror +Convert error value from one of the unbound library functions +to a human readable string. +.TP +.B ub_ctx_print_local_zones +Debug printout the local authority information to debug output. +.TP +.B ub_ctx_zone_add +Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) +statement. +.TP +.B ub_ctx_zone_remove +Delete zone from local authority info. +.TP +.B ub_ctx_data_add +Add resource record data to local authority info, like local\-data +\fIunbound.conf\fR(5) statement. +.TP +.B ub_ctx_data_remove +Delete local authority data from the name given. +.SH "RESULT DATA STRUCTURE" +The result of the DNS resolution and validation is returned as +\fIstruct ub_result\fR. The result structure contains the following entries. +.P +.nf + struct ub_result { + char* qname; /* text string, original question */ + int qtype; /* type code asked for */ + int qclass; /* class code asked for */ + char** data; /* array of rdata items, NULL terminated*/ + int* len; /* array with lengths of rdata items */ + char* canonname; /* canonical name of result */ + int rcode; /* additional error code in case of no data */ + void* answer_packet; /* full network format answer packet */ + int answer_len; /* length of packet in octets */ + int havedata; /* true if there is data */ + int nxdomain; /* true if nodata because name does not exist */ + int secure; /* true if result is secure */ + int bogus; /* true if a security failure happened */ + char* why_bogus; /* string with error if bogus */ + int ttl; /* number of seconds the result is valid */ + }; +.fi +.P +If both secure and bogus are false, security was not enabled for the +domain of the query. Else, they are not both true, one of them is true. +.SH "RETURN VALUES" +Many routines return an error code. The value 0 (zero) denotes no error +happened. Other values can be passed to +.B ub_strerror +to obtain a readable error string. +.B ub_strerror +returns a zero terminated string. +.B ub_ctx_create +returns NULL on an error (a malloc failure). +.B ub_poll +returns true if some information may be available, false otherwise. +.B ub_fd +returns a file descriptor or \-1 on error. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). +.SH "AUTHORS" +.B Unbound +developers are mentioned in the CREDITS file in the distribution. |