d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Generated configuration and documentation

Browse Source 
Approved by:	re (blanket)
This commit is contained in:
Dag-Erling Smørgrav 2013-09-15 00:40:21 +00:00
parent 69d86e3ff0
commit 47ec2d313c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=255581
7 changed files with 3127 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

911
contrib/unbound/config.h Normal file
View File

@ -0,0 +1,911 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* Directory to chroot to */
#define CHROOT_DIR "/var/unbound"
/* Pathname to the Unbound configuration file */
#define CONFIGFILE "/etc/unbound/unbound.conf"
/* configure flags */
#define CONFIGURE_BUILD_WITH " '--with-conf-file=/etc/unbound/unbound.conf' '--with-run-dir=/var/unbound' '--with-username=unbound'"
/* configure date */
#define CONFIGURE_DATE "Sun Sep 15 02:01:38 CEST 2013"
/* configure target system */
#define CONFIGURE_TARGET "x86_64-unknown-freebsd10.0"
/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
*/
/* #undef DARWIN_BROKEN_SETREUID */
/* Whether daemon is deprecated */
/* #undef DEPRECATED_DAEMON */
/* Define if you want to use debug lock checking (slow). */
/* #undef ENABLE_LOCK_CHECKS */
/* Define this if you enabled-allsymbols from libunbound to link binaries to
it for smaller install size, but the libunbound export table is polluted by
internal symbols */
/* #undef EXPORT_ALL_SYMBOLS */
/* Define to 1 if you have the <arpa/inet.h> header file. */
#define HAVE_ARPA_INET_H 1
/* Whether the C compiler accepts the "format" attribute */
#define HAVE_ATTR_FORMAT 1
/* Whether the C compiler accepts the "unused" attribute */
#define HAVE_ATTR_UNUSED 1
/* Define to 1 if your system has a working `chown' function. */
#define HAVE_CHOWN 1
/* Define to 1 if you have the `chroot' function. */
#define HAVE_CHROOT 1
/* Define to 1 if you have the `ctime_r' function. */
#define HAVE_CTIME_R 1
/* Define to 1 if you have the `daemon' function. */
#define HAVE_DAEMON 1
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#define HAVE_DECL_NID_SECP384R1 1
/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
if you don't. */
#define HAVE_DECL_NID_X9_62_PRIME256V1 1
/* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0
if you don't. */
#define HAVE_DECL_SK_SSL_COMP_POP_FREE 1
/* Define to 1 if you have the declaration of
`SSL_COMP_get_compression_methods', and to 0 if you don't. */
#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 1
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if you have the `event_base_free' function. */
/* #undef HAVE_EVENT_BASE_FREE */
/* Define to 1 if you have the `event_base_get_method' function. */
/* #undef HAVE_EVENT_BASE_GET_METHOD */
/* Define to 1 if you have the `event_base_new' function. */
/* #undef HAVE_EVENT_BASE_NEW */
/* Define to 1 if you have the `event_base_once' function. */
/* #undef HAVE_EVENT_BASE_ONCE */
/* Define to 1 if you have the <event.h> header file. */
/* #undef HAVE_EVENT_H */
/* Define to 1 if you have the `EVP_sha1' function. */
#define HAVE_EVP_SHA1 1
/* Define to 1 if you have the `EVP_sha256' function. */
#define HAVE_EVP_SHA256 1
/* Define to 1 if you have the `EVP_sha512' function. */
#define HAVE_EVP_SHA512 1
/* Define to 1 if you have the `ev_default_loop' function. */
/* #undef HAVE_EV_DEFAULT_LOOP */
/* Define to 1 if you have the `ev_loop' function. */
/* #undef HAVE_EV_LOOP */
/* Define to 1 if you have the <expat.h> header file. */
#define HAVE_EXPAT_H 1
/* Define to 1 if you have the `fcntl' function. */
#define HAVE_FCNTL 1
/* Define to 1 if you have the `FIPS_mode' function. */
#define HAVE_FIPS_MODE 1
/* Define to 1 if you have the `fork' function. */
#define HAVE_FORK 1
/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
#define HAVE_FSEEKO 1
/* Whether getaddrinfo is available */
#define HAVE_GETADDRINFO 1
/* Define to 1 if you have the <getopt.h> header file. */
#define HAVE_GETOPT_H 1
/* Define to 1 if you have the `getpwnam' function. */
#define HAVE_GETPWNAM 1
/* Define to 1 if you have the `getrlimit' function. */
#define HAVE_GETRLIMIT 1
/* Define to 1 if you have the `glob' function. */
#define HAVE_GLOB 1
/* Define to 1 if you have the <glob.h> header file. */
#define HAVE_GLOB_H 1
/* Define to 1 if you have the `gmtime_r' function. */
#define HAVE_GMTIME_R 1
/* Define to 1 if you have the <grp.h> header file. */
#define HAVE_GRP_H 1
/* If you have HMAC_CTX_init */
#define HAVE_HMAC_CTX_INIT 1
/* Define to 1 if you have the `inet_aton' function. */
#define HAVE_INET_ATON 1
/* Define to 1 if you have the `inet_ntop' function. */
#define HAVE_INET_NTOP 1
/* Define to 1 if you have the `inet_pton' function. */
#define HAVE_INET_PTON 1
/* Define to 1 if you have the `initgroups' function. */
#define HAVE_INITGROUPS 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* if the function 'ioctlsocket' is available */
/* #undef HAVE_IOCTLSOCKET */
/* Define to 1 if you have the <iphlpapi.h> header file. */
/* #undef HAVE_IPHLPAPI_H */
/* Define to 1 if you have the `kill' function. */
#define HAVE_KILL 1
/* Define to 1 if you have the `ldns_key_EVP_unload_gost' function. */
/* #undef HAVE_LDNS_KEY_EVP_UNLOAD_GOST */
/* Define to 1 if you have the <ldns/ldns.h> header file. */
#define HAVE_LDNS_LDNS_H 1
/* Define to 1 if you have the `ldns' library (-lldns). */
#define HAVE_LIBLDNS 1
/* Define to 1 if you have the `localtime_r' function. */
#define HAVE_LOCALTIME_R 1
/* Define to 1 if you have the <login_cap.h> header file. */
#define HAVE_LOGIN_CAP_H 1
/* If have GNU libc compatible malloc */
#define HAVE_MALLOC 1
/* Define to 1 if you have the `memmove' function. */
#define HAVE_MEMMOVE 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#define HAVE_NETINET_IN_H 1
/* Use libnss for crypto */
/* #undef HAVE_NSS */
/* Define to 1 if you have the `OPENSSL_config' function. */
#define HAVE_OPENSSL_CONFIG 1
/* Define to 1 if you have the <openssl/conf.h> header file. */
#define HAVE_OPENSSL_CONF_H 1
/* Define to 1 if you have the <openssl/engine.h> header file. */
#define HAVE_OPENSSL_ENGINE_H 1
/* Define to 1 if you have the <openssl/err.h> header file. */
#define HAVE_OPENSSL_ERR_H 1
/* Define to 1 if you have the <openssl/rand.h> header file. */
#define HAVE_OPENSSL_RAND_H 1
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#define HAVE_OPENSSL_SSL_H 1
/* Define if you have POSIX threads libraries and header files. */
#define HAVE_PTHREAD 1
/* Define to 1 if the system has the type `pthread_rwlock_t'. */
#define HAVE_PTHREAD_RWLOCK_T 1
/* Define to 1 if the system has the type `pthread_spinlock_t'. */
#define HAVE_PTHREAD_SPINLOCK_T 1
/* Define to 1 if you have the <pwd.h> header file. */
#define HAVE_PWD_H 1
/* Define if you have Python libraries and header files. */
/* #undef HAVE_PYTHON */
/* Define to 1 if you have the `random' function. */
#define HAVE_RANDOM 1
/* Define to 1 if you have the `recvmsg' function. */
#define HAVE_RECVMSG 1
/* Define to 1 if you have the `sbrk' function. */
/* #undef HAVE_SBRK */
/* Define to 1 if you have the `sendmsg' function. */
#define HAVE_SENDMSG 1
/* Define to 1 if you have the `setregid' function. */
/* #undef HAVE_SETREGID */
/* Define to 1 if you have the `setresgid' function. */
#define HAVE_SETRESGID 1
/* Define to 1 if you have the `setresuid' function. */
#define HAVE_SETRESUID 1
/* Define to 1 if you have the `setreuid' function. */
/* #undef HAVE_SETREUID */
/* Define to 1 if you have the `setrlimit' function. */
#define HAVE_SETRLIMIT 1
/* Define to 1 if you have the `setsid' function. */
#define HAVE_SETSID 1
/* Define to 1 if you have the `setusercontext' function. */
#define HAVE_SETUSERCONTEXT 1
/* Define to 1 if you have the `sigprocmask' function. */
#define HAVE_SIGPROCMASK 1
/* Define to 1 if you have the `sleep' function. */
#define HAVE_SLEEP 1
/* Define to 1 if you have the `snprintf' function. */
#define HAVE_SNPRINTF 1
/* Define to 1 if you have the `socketpair' function. */
#define HAVE_SOCKETPAIR 1
/* Using Solaris threads */
/* #undef HAVE_SOLARIS_THREADS */
/* Define to 1 if you have the `srandom' function. */
#define HAVE_SRANDOM 1
/* Define if you have the SSL libraries installed. */
#define HAVE_SSL /**/
/* Define to 1 if you have the <stdarg.h> header file. */
#define HAVE_STDARG_H 1
/* Define to 1 if you have the <stdbool.h> header file. */
#define HAVE_STDBOOL_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strftime' function. */
#define HAVE_STRFTIME 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strlcpy' function. */
#define HAVE_STRLCPY 1
/* Define to 1 if you have the `strptime' function. */
#define HAVE_STRPTIME 1
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
/* #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST */
/* Define if you have Swig libraries and header files. */
/* #undef HAVE_SWIG */
/* Define to 1 if you have the <syslog.h> header file. */
#define HAVE_SYSLOG_H 1
/* Define to 1 if you have the <sys/param.h> header file. */
#define HAVE_SYS_PARAM_H 1
/* Define to 1 if you have the <sys/resource.h> header file. */
#define HAVE_SYS_RESOURCE_H 1
/* Define to 1 if you have the <sys/socket.h> header file. */
#define HAVE_SYS_SOCKET_H 1
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
#define HAVE_SYS_UIO_H 1
/* Define to 1 if you have the <sys/wait.h> header file. */
#define HAVE_SYS_WAIT_H 1
/* Define to 1 if you have the <time.h> header file. */
#define HAVE_TIME_H 1
/* Define to 1 if you have the `tzset' function. */
#define HAVE_TZSET 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the `usleep' function. */
#define HAVE_USLEEP 1
/* Define to 1 if you have the `vfork' function. */
#define HAVE_VFORK 1
/* Define to 1 if you have the <vfork.h> header file. */
/* #undef HAVE_VFORK_H */
/* Define to 1 if you have the <windows.h> header file. */
/* #undef HAVE_WINDOWS_H */
/* Using Windows threads */
/* #undef HAVE_WINDOWS_THREADS */
/* Define to 1 if you have the <winsock2.h> header file. */
/* #undef HAVE_WINSOCK2_H */
/* Define to 1 if `fork' works. */
#define HAVE_WORKING_FORK 1
/* Define to 1 if `vfork' works. */
#define HAVE_WORKING_VFORK 1
/* Define to 1 if you have the `writev' function. */
#define HAVE_WRITEV 1
/* Define to 1 if you have the <ws2tcpip.h> header file. */
/* #undef HAVE_WS2TCPIP_H */
/* Define to 1 if you have the `_beginthreadex' function. */
/* #undef HAVE__BEGINTHREADEX */
/* if lex has yylex_destroy */
#define LEX_HAS_YYLEX_DESTROY 1
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#define LT_OBJDIR ".libs/"
/* Define to the maximum message length to pass to syslog. */
#define MAXSYSLOGMSGLEN 10240
/* Define if memcmp() does not compare unsigned bytes */
/* #undef MEMCMP_IS_BROKEN */
/* Define if mkdir has one argument. */
/* #undef MKDIR_HAS_ONE_ARG */
/* Define if the network stack does not fully support nonblocking io (causes
lower performance). */
/* #undef NONBLOCKING_IS_BROKEN */
/* Put -D_ALL_SOURCE define in config.h */
/* #undef OMITTED__D_ALL_SOURCE */
/* Put -D_BSD_SOURCE define in config.h */
/* #undef OMITTED__D_BSD_SOURCE */
/* Put -D_GNU_SOURCE define in config.h */
/* #undef OMITTED__D_GNU_SOURCE */
/* Put -D_LARGEFILE_SOURCE=1 define in config.h */
/* #undef OMITTED__D_LARGEFILE_SOURCE_1 */
/* Put -D_POSIX_C_SOURCE=200112 define in config.h */
/* #undef OMITTED__D_POSIX_C_SOURCE_200112 */
/* Put -D_XOPEN_SOURCE=600 define in config.h */
/* #undef OMITTED__D_XOPEN_SOURCE_600 */
/* Put -D_XOPEN_SOURCE_EXTENDED=1 define in config.h */
/* #undef OMITTED__D_XOPEN_SOURCE_EXTENDED_1 */
/* Put -D__EXTENSIONS__ define in config.h */
/* #undef OMITTED__D__EXTENSIONS__ */
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "unbound-bugs@nlnetlabs.nl"
/* Define to the full name of this package. */
#define PACKAGE_NAME "unbound"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "unbound 1.4.20"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "unbound"
/* Define to the home page for this package. */
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "1.4.20"
/* default pidfile location */
#define PIDFILE "/var/unbound/unbound.pid"
/* Define to necessary symbol if this constant uses a non-standard name on
your system. */
/* #undef PTHREAD_CREATE_JOINABLE */
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
/* default rootkey location */
#define ROOT_ANCHOR_FILE "/var/unbound/root.key"
/* default rootcert location */
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
/* version number for resource files */
#define RSRC_PACKAGE_VERSION 1,4,2,0
/* Directory to chdir to */
#define RUN_DIR "/var/unbound"
/* Shared data */
#define SHARE_DIR "/var/unbound"
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* use default strptime. */
#define STRPTIME_WORKS 1
/* Use win32 resources and API */
/* #undef UB_ON_WINDOWS */
/* default username */
#define UB_USERNAME "unbound"
/* use to enable lightweight alloc assertions, for debug use */
/* #undef UNBOUND_ALLOC_LITE */
/* use malloc not regions, for debug use */
/* #undef UNBOUND_ALLOC_NONREGIONAL */
/* use statistics for allocs and frees, for debug use */
/* #undef UNBOUND_ALLOC_STATS */
/* define this to enable debug checks. */
/* #undef UNBOUND_DEBUG */
/* Define this to enable ECDSA support. */
#define USE_ECDSA 1
/* Define this to enable an EVP workaround for older openssl */
/* #undef USE_ECDSA_EVP_WORKAROUND */
/* Define this to enable GOST support. */
/* #undef USE_GOST */
/* Define if you want to use internal select based events */
#define USE_MINI_EVENT 1
/* Define this to enable SHA256 and SHA512 support. */
#define USE_SHA2 1
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# define _ALL_SOURCE 1
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# define _POSIX_PTHREAD_SEMANTICS 1
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# define _TANDEM_SOURCE 1
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# define __EXTENSIONS__ 1
#endif
/* Whether the windows socket API is used */
/* #undef USE_WINSOCK */
/* the version of the windows API enabled */
#define WINVER 0x0502
/* Define if you want Python module. */
/* #undef WITH_PYTHONMODULE */
/* Define if you want PyUnbound. */
/* #undef WITH_PYUNBOUND */
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
`char[]'. */
#define YYTEXT_POINTER 1
/* Enable large inode numbers on Mac OS X 10.5. */
#ifndef _DARWIN_USE_64_BIT_INODE
# define _DARWIN_USE_64_BIT_INODE 1
#endif
/* Number of bits in a file offset, on hosts where this is settable. */
/* #undef _FILE_OFFSET_BITS */
/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
/* #undef _LARGEFILE_SOURCE */
/* Define for large files, on AIX-style hosts. */
/* #undef _LARGE_FILES */
/* Define to 1 if on MINIX. */
/* #undef _MINIX */
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
/* #undef _POSIX_1_SOURCE */
/* Define to 1 if you need to in order for `stat' and other things to work. */
/* #undef _POSIX_SOURCE */
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef gid_t */
/* in_addr_t */
/* #undef in_addr_t */
/* in_port_t */
/* #undef in_port_t */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define to `short' if <sys/types.h> does not define. */
/* #undef int16_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef int32_t */
/* Define to `long long' if <sys/types.h> does not define. */
/* #undef int64_t */
/* Define to `signed char' if <sys/types.h> does not define. */
/* #undef int8_t */
/* Define if replacement function should be used. */
/* #undef malloc */
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef pid_t */
/* Define to 'int' if not defined */
/* #undef rlim_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* Define to 'int' if not defined */
/* #undef socklen_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef ssize_t */
/* Define to 'unsigned char if not defined */
/* #undef u_char */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef uid_t */
/* Define to `unsigned short' if <sys/types.h> does not define. */
/* #undef uint16_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef uint32_t */
/* Define to `unsigned long long' if <sys/types.h> does not define. */
/* #undef uint64_t */
/* Define to `unsigned char' if <sys/types.h> does not define. */
/* #undef uint8_t */
/* Define as `fork' if `vfork' does not work. */
/* #undef vfork */
#if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE)
#define _GNU_SOURCE 1
#endif
#if defined(OMITTED__D_BSD_SOURCE) && !defined(_BSD_SOURCE)
#define _BSD_SOURCE 1
#endif
#if defined(OMITTED__D__EXTENSIONS__) && !defined(__EXTENSIONS__)
#define __EXTENSIONS__ 1
#endif
#if defined(OMITTED__D_POSIX_C_SOURCE_200112) && !defined(_POSIX_C_SOURCE)
#define _POSIX_C_SOURCE 200112
#endif
#if defined(OMITTED__D_XOPEN_SOURCE_600) && !defined(_XOPEN_SOURCE)
#define _XOPEN_SOURCE 600
#endif
#if defined(OMITTED__D_XOPEN_SOURCE_EXTENDED_1) && !defined(_XOPEN_SOURCE_EXTENDED)
#define _XOPEN_SOURCE_EXTENDED 1
#endif
#if defined(OMITTED__D_ALL_SOURCE) && !defined(_ALL_SOURCE)
#define _ALL_SOURCE 1
#endif
#if defined(OMITTED__D_LARGEFILE_SOURCE_1) && !defined(_LARGEFILE_SOURCE)
#define _LARGEFILE_SOURCE 1
#endif
#ifndef UNBOUND_DEBUG
# define NDEBUG
#endif
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#include <errno.h>
#if HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
#ifdef HAVE_ATTR_FORMAT
# define ATTR_FORMAT(archetype, string_index, first_to_check) \
__attribute__ ((format (archetype, string_index, first_to_check)))
#else /* !HAVE_ATTR_FORMAT */
# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
#endif /* !HAVE_ATTR_FORMAT */
#if defined(DOXYGEN)
# define ATTR_UNUSED(x) x
#elif defined(__cplusplus)
# define ATTR_UNUSED(x)
#elif defined(HAVE_ATTR_UNUSED)
# define ATTR_UNUSED(x) x __attribute__((unused))
#else /* !HAVE_ATTR_UNUSED */
# define ATTR_UNUSED(x) x
#endif /* !HAVE_ATTR_UNUSED */
#ifndef HAVE_FSEEKO
#define fseeko fseek
#define ftello ftell
#endif /* HAVE_FSEEKO */
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 256
#endif
#ifndef HAVE_SNPRINTF
#define snprintf snprintf_unbound
#define vsnprintf vsnprintf_unbound
#include <stdarg.h>
int snprintf (char *str, size_t count, const char *fmt, ...);
int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);
#endif /* HAVE_SNPRINTF */
#ifndef HAVE_INET_PTON
#define inet_pton inet_pton_unbound
int inet_pton(int af, const char* src, void* dst);
#endif /* HAVE_INET_PTON */
#ifndef HAVE_INET_NTOP
#define inet_ntop inet_ntop_unbound
const char *inet_ntop(int af, const void *src, char *dst, size_t size);
#endif
#ifndef HAVE_INET_ATON
#define inet_aton inet_aton_unbound
int inet_aton(const char *cp, struct in_addr *addr);
#endif
#ifndef HAVE_MEMMOVE
#define memmove memmove_unbound
void *memmove(void *dest, const void *src, size_t n);
#endif
#ifndef HAVE_STRLCPY
#define strlcpy strlcpy_unbound
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_GMTIME_R
#define gmtime_r gmtime_r_unbound
struct tm *gmtime_r(const time_t *timep, struct tm *result);
#endif
#ifndef HAVE_SLEEP
#define sleep(x) Sleep((x)*1000) /* on win32 */
#endif /* HAVE_SLEEP */
#ifndef HAVE_USLEEP
#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */
#endif /* HAVE_USLEEP */
#ifndef HAVE_RANDOM
#define random rand /* on win32, for tests only (bad random) */
#endif /* HAVE_RANDOM */
#ifndef HAVE_SRANDOM
#define srandom(x) srand(x) /* on win32, for tests only (bad random) */
#endif /* HAVE_SRANDOM */
/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
#ifdef HAVE_WINSOCK2_H
#define FD_SET_T (u_int)
#else
#define FD_SET_T
#endif
#ifndef IPV6_MIN_MTU
#define IPV6_MIN_MTU 1280
#endif /* IPV6_MIN_MTU */
#ifdef MEMCMP_IS_BROKEN
#include "compat/memcmp.h"
#define memcmp memcmp_unbound
int memcmp(const void *x, const void *y, size_t n);
#endif
#ifndef HAVE_CTIME_R
#define ctime_r unbound_ctime_r
char *ctime_r(const time_t *timep, char *buf);
#endif
#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
#define strptime unbound_strptime
struct tm;
char *strptime(const char *s, const char *format, struct tm *tm);
#endif
#if defined(HAVE_EVENT_H) && !defined(HAVE_EVENT_BASE_ONCE) && !(defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && (defined(HAVE_PTHREAD) || defined(HAVE_SOLARIS_THREADS))
/* using version of libevent that is not threadsafe. */
# define LIBEVENT_SIGNAL_PROBLEM 1
#endif
#ifndef CHECKED_INET6
# define CHECKED_INET6
# ifdef AF_INET6
# define INET6
# else
# define AF_INET6 28
# endif
#endif /* CHECKED_INET6 */
/* maximum nesting of included files */
#define MAXINCLUDES 10
#ifndef HAVE_GETADDRINFO
struct sockaddr_storage;
#include "compat/fake-rfc2553.h"
#endif
#ifdef UNBOUND_ALLOC_STATS
# define malloc(s) unbound_stat_malloc_log(s, __FILE__, __LINE__, __func__)
# define calloc(n,s) unbound_stat_calloc_log(n, s, __FILE__, __LINE__, __func__)
# define free(p) unbound_stat_free_log(p, __FILE__, __LINE__, __func__)
# define realloc(p,s) unbound_stat_realloc_log(p, s, __FILE__, __LINE__, __func__)
void *unbound_stat_malloc(size_t size);
void *unbound_stat_calloc(size_t nmemb, size_t size);
void unbound_stat_free(void *ptr);
void *unbound_stat_realloc(void *ptr, size_t size);
void *unbound_stat_malloc_log(size_t size, const char* file, int line,
const char* func);
void *unbound_stat_calloc_log(size_t nmemb, size_t size, const char* file,
int line, const char* func);
void unbound_stat_free_log(void *ptr, const char* file, int line,
const char* func);
void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
int line, const char* func);
#elif defined(UNBOUND_ALLOC_LITE)
# include "util/alloc.h"
#endif /* UNBOUND_ALLOC_LITE and UNBOUND_ALLOC_STATS */
/** default port for DNS traffic. */
#define UNBOUND_DNS_PORT 53
/** default port for unbound control traffic, registered port with IANA,
ub-dns-control 8953/tcp unbound dns nameserver control */
#define UNBOUND_CONTROL_PORT 8953
/** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1

386
contrib/unbound/doc/libunbound.3 Normal file
View File

@ -0,0 +1,386 @@
.TH "libunbound" "3" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
.B libunbound,
.B unbound.h,
.B ub_ctx,
.B ub_result,
.B ub_callback_t,
.B ub_ctx_create,
.B ub_ctx_delete,
.B ub_ctx_set_option,
.B ub_ctx_get_option,
.B ub_ctx_config,
.B ub_ctx_set_fwd,
.B ub_ctx_resolvconf,
.B ub_ctx_hosts,
.B ub_ctx_add_ta,
.B ub_ctx_add_ta_file,
.B ub_ctx_trustedkeys,
.B ub_ctx_debugout,
.B ub_ctx_debuglevel,
.B ub_ctx_async,
.B ub_poll,
.B ub_wait,
.B ub_fd,
.B ub_process,
.B ub_resolve,
.B ub_resolve_async,
.B ub_cancel,
.B ub_resolve_free,
.B ub_strerror,
.B ub_ctx_print_local_zones,
.B ub_ctx_zone_add,
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.4.20 functions.
.SH "SYNOPSIS"
.LP
.B #include <unbound.h>
.LP
\fIstruct ub_ctx *\fR
\fBub_ctx_create\fR(\fIvoid\fR);
.LP
\fIvoid\fR
\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val);
.LP
\fIint\fR
\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val);
.LP
\fIint\fR
\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr);
.LP
\fIint\fR
\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
.LP
\fIint\fR
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out);
.LP
\fIint\fR
\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
.LP
\fIint\fR
\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
.LP
\fIint\fR
\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name,
.br
\fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
.LP
\fIint\fR
\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name,
.br
\fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata,
.br
\fIub_callback_t\fR callback, \fIint*\fR async_id);
.LP
\fIint\fR
\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
.LP
\fIvoid\fR
\fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
.LP
\fIconst char *\fR
\fBub_strerror\fR(\fIint\fR err);
.LP
\fIint\fR
\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type);
.LP
\fIint\fR
\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name);
.LP
\fIint\fR
\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
.LP
\fIint\fR
\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
.SH "DESCRIPTION"
.LP
.B Unbound
is an implementation of a DNS resolver, that does caching and
DNSSEC validation. This is the library API, for using the \-lunbound library.
The server daemon is described in \fIunbound\fR(8).
The library can be used to convert hostnames to ip addresses, and back,
and obtain other information from the DNS. The library performs public\-key
validation of results with DNSSEC.
.P
The library uses a variable of type \fIstruct ub_ctx\fR to keep context
between calls. The user must maintain it, creating it with
.B ub_ctx_create
and deleting it with
.B ub_ctx_delete\fR.
It can be created and deleted at any time. Creating it anew removes any
previous configuration (such as trusted keys) and clears any cached results.
.P
The functions are thread\-safe, and a context an be used in a threaded (as
well as in a non\-threaded) environment. Also resolution (and validation)
can be performed blocking and non\-blocking (also called asynchronous).
The async method returns from the call immediately, so that processing
can go on, while the results become available later.
.P
The functions are discussed in turn below.
.SH "FUNCTIONS"
.TP
.B ub_ctx_create
Create a new context, initialised with defaults.
The information from /etc/resolv.conf and /etc/hosts is not utilised
by default. Use
.B ub_ctx_resolvconf
and
.B ub_ctx_hosts
to read them.
.TP
.B ub_ctx_delete
Delete validation context and free associated resources.
Outstanding async queries are killed and callbacks are not called for them.
.TP
.B ub_ctx_set_option
A power\-user interface that lets you specify one of the options from the
config file format, see \fIunbound.conf\fR(5). Not all options are
relevant. For some specific options, such as adding trust anchors, special
routines exist. Pass the option name with the trailing ':'.
.TP
.B ub_ctx_get_option
A power\-user interface that gets an option value. Some options cannot be
gotten, and others return a newline separated list. Pass the option name
without trailing ':'. The returned value must be free(2)d by the caller.
.TP
.B ub_ctx_config
A power\-user interface that lets you specify an unbound config file, see
\fIunbound.conf\fR(5), which is read for configuration. Not all options are
relevant. For some specific options, such as adding trust anchors, special
routines exist.
.TP
.B ub_ctx_set_fwd
Set machine to forward DNS queries to, the caching resolver to use.
IP4 or IP6 address. Forwards all DNS requests to that machine, which
is expected to run a recursive resolver. If the proxy is not
DNSSEC capable, validation may fail. Can be called several times, in
that case the addresses are used as backup servers.
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_resolvconf
By default the root servers are queried and full resolver mode is used, but
you can use this call to read the list of nameservers to use from the
filename given.
Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
If they do not support DNSSEC, validation may fail.
Only nameservers are picked up, the searchdomain, ndots and other
settings from \fIresolv.conf\fR(5) are ignored.
If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows,
the system\-wide configured nameserver is picked instead).
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_hosts
Read list of hosts from the filename given.
Usually "/etc/hosts". When queried for, these addresses are not marked
DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used
(if on Windows, etc/hosts from WINDIR is picked instead).
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B
ub_ctx_add_ta
Add a trust anchor to the given context.
At this time it is only possible to add trusted keys before the
first resolve is done.
The format is a string, similar to the zone\-file format,
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
.TP
.B ub_ctx_add_ta_file
Add trust anchors to the given context.
Pass name of a file with DS and DNSKEY records in zone file format.
At this time it is only possible to add trusted keys before the
first resolve is done.
.TP
.B ub_ctx_trustedkeys
Add trust anchors to the given context.
Pass the name of a bind\-style config file with trusted\-keys{}.
At this time it is only possible to add trusted keys before the
first resolve is done.
.TP
.B ub_ctx_debugout
Set debug and error log output to the given stream. Pass NULL to disable
output. Default is stderr. File\-names or using syslog can be enabled
using config options, this routine is for using your own stream.
.TP
.B ub_ctx_debuglevel
Set debug verbosity for the context. Output is directed to stderr.
Higher debug level gives more output.
.TP
.B ub_ctx_async
Set a context behaviour for asynchronous action.
if set to true, enables threading and a call to
.B ub_resolve_async
creates a thread to handle work in the background.
If false, a process is forked to handle work in the background.
Changes to this setting after
.B ub_resolve_async
calls have been made have no effect (delete and re\-create the context
to change).
.TP
.B ub_poll
Poll a context to see if it has any new results.
Do not poll in a loop, instead extract the fd below to poll for readiness,
and then check, or wait using the wait routine.
Returns 0 if nothing to read, or nonzero if a result is available.
If nonzero, call
.B ub_process
to do callbacks.
.TP
.B ub_wait
Wait for a context to finish with results. Calls
.B ub_process
after the wait for you. After the wait, there are no more outstanding
asynchronous queries.
.TP
.B ub_fd
Get file descriptor. Wait for it to become readable, at this point
answers are returned from the asynchronous validating resolver.
Then call the \fBub_process\fR to continue processing.
.TP
.B ub_process
Call this routine to continue processing results from the validating
resolver (when the fd becomes readable).
Will perform necessary callbacks.
.TP
.B ub_resolve
Perform resolution and validation of the target name.
The name is a domain name in a zero terminated text string.
The rrtype and rrclass are DNS type and class codes.
The result structure is newly allocated with the resulting data.
.TP
.B ub_resolve_async
Perform asynchronous resolution and validation of the target name.
Arguments mean the same as for \fBub_resolve\fR except no
data is returned immediately, instead a callback is called later.
The callback receives a copy of the mydata pointer, that you can use to pass
information to the callback. The callback type is a function pointer to
a function declared as
.IP
void my_callback_function(void* my_arg, int err,
.br
struct ub_result* result);
.IP
The async_id is returned so you can (at your option) decide to track it
and cancel the request if needed. If you pass a NULL pointer the async_id
is not returned.
.TP
.B ub_cancel
Cancel an async query in progress. This may return an error if the query
does not exist, or the query is already being delivered, in that case you
may still get a callback for the query.
.TP
.B ub_resolve_free
Free struct ub_result contents after use.
.TP
.B ub_strerror
Convert error value from one of the unbound library functions
to a human readable string.
.TP
.B ub_ctx_print_local_zones
Debug printout the local authority information to debug output.
.TP
.B ub_ctx_zone_add
Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5)
statement.
.TP
.B ub_ctx_zone_remove
Delete zone from local authority info.
.TP
.B ub_ctx_data_add
Add resource record data to local authority info, like local\-data
\fIunbound.conf\fR(5) statement.
.TP
.B ub_ctx_data_remove
Delete local authority data from the name given.
.SH "RESULT DATA STRUCTURE"
.LP
The result of the DNS resolution and validation is returned as
\fIstruct ub_result\fR. The result structure contains the following entries.
.P
.nf
struct ub_result {
char* qname; /* text string, original question */
int qtype; /* type code asked for */
int qclass; /* class code asked for */
char** data; /* array of rdata items, NULL terminated*/
int* len; /* array with lengths of rdata items */
char* canonname; /* canonical name of result */
int rcode; /* additional error code in case of no data */
void* answer_packet; /* full network format answer packet */
int answer_len; /* length of packet in octets */
int havedata; /* true if there is data */
int nxdomain; /* true if nodata because name does not exist */
int secure; /* true if result is secure */
int bogus; /* true if a security failure happened */
char* why_bogus; /* string with error if bogus */
int ttl; /* number of seconds the result is valid */
};
.fi
.P
If both secure and bogus are false, security was not enabled for the
domain of the query.
.SH "RETURN VALUES"
Many routines return an error code. The value 0 (zero) denotes no error
happened. Other values can be passed to
.B ub_strerror
to obtain a readable error string.
.B ub_strerror
returns a zero terminated string.
.B ub_ctx_create
returns NULL on an error (a malloc failure).
.B ub_poll
returns true if some information may be available, false otherwise.
.B ub_fd
returns a file descriptor or \-1 on error.
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\fR(8).
.SH "AUTHORS"
.B Unbound
developers are mentioned in the CREDITS file in the distribution.

176
contrib/unbound/doc/unbound-anchor.8 Normal file
View File

@ -0,0 +1,176 @@
.TH "unbound-anchor" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
.\"
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
.\"
.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
.B unbound\-anchor
\- Unbound anchor utility.
.SH "SYNOPSIS"
.B unbound\-anchor
.RB [ opts ]
.SH "DESCRIPTION"
.B Unbound\-anchor
performs setup or update of the root trust anchor for DNSSEC validation.
It can be run (as root) from the commandline, or run as part of startup
scripts. Before you start the \fIunbound\fR(8) DNS server.
.P
Suggested usage:
.P
.nf
# in the init scripts.
# provide or update the root anchor (if necessary)
unbound-anchor -a "/var/unbound/root.key"
# Please note usage of this root anchor is at your own risk
# and under the terms of our LICENSE (see source).
#
# start validating resolver
# the unbound.conf contains:
# auto-trust-anchor-file: "/var/unbound/root.key"
unbound -c unbound.conf
.fi
.P
This tool provides builtin default contents for the root anchor and root
update certificate files.
.P
It tests if the root anchor file works, and if not, and an update is possible,
attempts to update the root anchor using the root update certificate.
It performs a https fetch of root-anchors.xml and checks the results, if
all checks are successful, it updates the root anchor file. Otherwise
the root anchor file is unchanged. It performs RFC5011 tracking if the
DNSSEC information available via the DNS makes that possible.
.P
It does not perform an update if the certificate is expired, if the network
is down or other errors occur.
.P
The available options are:
.TP
.B \-a \fIfile
The root anchor key file, that is read in and written out.
Default is /var/unbound/root.key.
If the file does not exist, or is empty, a builtin root key is written to it.
.TP
.B \-c \fIfile
The root update certificate file, that is read in.
Default is /var/unbound/icannbundle.pem.
If the file does not exist, or is empty, a builtin certificate is used.
.TP
.B \-l
List the builtin root key and builtin root update certificate on stdout.
.TP
.B \-u \fIname
The server name, it connects to https://name. Specify without https:// prefix.
The default is "data.iana.org". It connects to the port specified with \-P.
You can pass an IPv4 addres or IPv6 address (no brackets) if you want.
.TP
.B \-x \fIpath
The pathname to the root\-anchors.xml file on the server. (forms URL with \-u).
The default is /root\-anchors/root\-anchors.xml.
.TP
.B \-s \fIpath
The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u).
The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7
signature over the xml file, using the pem file (\-c) as trust anchor.
.TP
.B \-n \fIname
The emailAddress for the Subject of the signer's certificate from the p7s
signature file. Only signatures from this name are allowed. default is
dnssec@iana.org. If you pass "" then the emailAddress is not checked.
.TP
.B \-4
Use IPv4 for domain resolution and contacting the server on https. Default is
to use IPv4 and IPv6 where appropriate.
.TP
.B \-6
Use IPv6 for domain resolution and contacting the server on https. Default is
to use IPv4 and IPv6 where appropriate.
.TP
.B \-f \fIresolv.conf
Use the given resolv.conf file. Not enabled by default, but you could try to
pass /etc/resolv.conf on some systems. It contains the IP addresses of the
recursive nameservers to use. However, since this tool could be used to
bootstrap that very recursive nameserver, it would not be useful (since
that server is not up yet, since we are bootstrapping it). It could be
useful in a situation where you know an upstream cache is deployed (and
running) and in captive portal situations.
.TP
.B \-r \fIroot.hints
Use the given root.hints file (same syntax as the BIND and Unbound root hints
file) to bootstrap domain resolution. By default a list of builtin root
hints is used. Unbound\-anchor goes to the network itself for these roots,
to resolve the server (\-u option) and to check the root DNSKEY records.
It does so, because the tool when used for bootstrapping the recursive
resolver, cannot use that recursive resolver itself because it is bootstrapping
that server.
.TP
.B \-v
More verbose. Once prints informational messages, multiple times may enable
large debug amounts (such as full certificates or byte\-dumps of downloaded
files). By default it prints almost nothing. It also prints nothing on
errors by default; in that case the original root anchor file is simply
left undisturbed, so that a recursive server can start right after it.
.TP
.B \-C \fIunbound.conf
Debug option to read unbound.conf into the resolver process used.
.TP
.B \-P \fIport
Set the port number to use for the https connection. The default is 443.
.TP
.B \-F
Debug option to force update of the root anchor through downloading the xml
file and verifying it with the certificate. By default it first tries to
update by contacting the DNS, which uses much less bandwidth, is much
faster (200 msec not 2 sec), and is nicer to the deployed infrastructure.
With this option, it still attempts to do so (and may verbosely tell you),
but then ignores the result and goes on to use the xml fallback method.
.TP
.B \-h
Show the version and commandline option help.
.SH "EXIT CODE"
This tool exits with value 1 if the root anchor was updated using the
certificate or if the builtin root-anchor was used. It exits with code
0 if no update was necessary, if the update was possible with RFC5011
tracking, or if an error occurred.
.P
You can check the exit value in this manner:
.nf
unbound-anchor -a "root.key" || logger "Please check root.key"
.fi
Or something more suitable for your operational environment.
.SH "TRUST"
The root keys and update certificate included in this tool
are provided for convenience and under the terms of our
license (see the LICENSE file in the source distribution or
http://unbound.nlnetlabs.nl/svn/trunk/LICENSE) and might be stale or
not suitable to your purpose.
.P
By running "unbound\-anchor \-l" the keys and certificate that are
configured in the code are printed for your convenience.
.P
The build\-in configuration can be overridden by providing a root\-cert
file and a rootkey file.
.SH "FILES"
.TP
.I /var/unbound/root.key
The root anchor file, updated with 5011 tracking, and read and written to.
The file is created if it does not exist.
.TP
.I /var/unbound/icannbundle.pem
The trusted self\-signed certificate that is used to verify the downloaded
DNSSEC root trust anchor. You can update it by fetching it from
https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
If the file does not exist or is empty, a builtin version is used.
.TP
.I https://data.iana.org/root\-anchors/root\-anchors.xml
Source for the root key information.
.TP
.I https://data.iana.org/root\-anchors/root\-anchors.p7s
Signature on the root key information.
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\fR(8).

49
contrib/unbound/doc/unbound-checkconf.8 Normal file
View File

@ -0,0 +1,49 @@
.TH "unbound-checkconf" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
.\"
.\" unbound-checkconf.8 -- unbound configuration checker manual
.\"
.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
unbound\-checkconf
\- Check unbound configuration file for errors.
.SH "SYNOPSIS"
.B unbound\-checkconf
.RB [ \-h ]
.RB [ \-o
.IR option ]
.RI [ cfgfile ]
.SH "DESCRIPTION"
.B Unbound\-checkconf
checks the configuration file for the
\fIunbound\fR(8)
DNS resolver for syntax and other errors.
The config file syntax is described in
\fIunbound.conf\fR(5).
.P
The available options are:
.TP
.B \-h
Show the version and commandline option help.
.TP
.B \-o\fI option
If given, after checking the config file the value of this option is
printed to stdout. For "" (disabled) options an empty line is printed.
.TP
.I cfgfile
The config file to read with settings for unbound. It is checked.
If omitted, the config file at the default location is checked.
.SH "EXIT CODE"
The unbound\-checkconf program exits with status code 1 on error,
0 for a correct config file.
.SH "FILES"
.TP
.I /etc/unbound/unbound.conf
unbound configuration file.
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\fR(8).

456
contrib/unbound/doc/unbound-control.8 Normal file
View File

@ -0,0 +1,456 @@
.TH "unbound-control" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
.\"
.\" unbound-control.8 -- unbound remote control manual
.\"
.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
.B unbound\-control,
.B unbound\-control\-setup
\- Unbound remote server control utility.
.SH "SYNOPSIS"
.B unbound\-control
.RB [ \-hq ]
.RB [ \-c
.IR cfgfile ]
.RB [ \-s
.IR server ]
.IR command
.SH "DESCRIPTION"
.B Unbound\-control
performs remote administration on the \fIunbound\fR(8) DNS server.
It reads the configuration file, contacts the unbound server over SSL
sends the command and displays the result.
.P
The available options are:
.TP
.B \-h
Show the version and commandline option help.
.TP
.B \-c \fIcfgfile
The config file to read with settings. If not given the default
config file /etc/unbound/unbound.conf is used.
.TP
.B \-s \fIserver[@port]
IPv4 or IPv6 address of the server to contact. If not given, the
address is read from the config file.
.TP
.B \-q
quiet, if the option is given it does not print anything if it works ok.
.SH "COMMANDS"
There are several commands that the server understands.
.TP
.B start
Start the server. Simply execs \fIunbound\fR(8). The unbound executable
is searched for in the \fBPATH\fR set in the environment. It is started
with the config file specified using \fI\-c\fR or the default config file.
.TP
.B stop
Stop the server. The server daemon exits.
.TP
.B reload
Reload the server. This flushes the cache and reads the config file fresh.
.TP
.B verbosity \fInumber
Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
\fIunbound.conf\fR(5). This new setting lasts until the server is issued
a reload (taken from config file again), or the next verbosity control command.
.TP
.B log_reopen
Reopen the logfile, close and open it. Useful for logrotation to make the
daemon release the file it is logging to. If you are using syslog it will
attempt to close and open the syslog (which may not work if chrooted).
.TP
.B stats
Print statistics. Resets the internal counters to zero, this can be
controlled using the \fBstatistics\-cumulative\fR config statement.
Statistics are printed with one [name]: [value] per line.
.TP
.B stats_noreset
Peek at statistics. Prints them like the \fBstats\fR command does, but does not
reset the internal counters to zero.
.TP
.B status
Display server status. Exit code 3 if not running (the connection to the
port is refused), 1 on error, 0 if running.
.TP
.B local_zone \fIname\fR \fItype
Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
If the zone already exists, the type is changed to the given argument.
.TP
.B local_zone_remove \fIname
Remove the local zone with the given name. Removes all local data inside
it. If the zone does not exist, the command succeeds.
.TP
.B local_data \fIRR data...
Add new local data, the given resource record. Like \fBlocal\-data\fR
config statement, except for when no covering zone exists. In that case
this remote control command creates a transparent zone with the same
name as this record. This command is not good at returning detailed syntax
errors.
.TP
.B local_data_remove \fIname
Remove all RR data from local name. If the name already has no items,
nothing happens. Often results in NXDOMAIN for the name (in a static zone),
but if the name has become an empty nonterminal (there is still data in
domain names below the removed name), NOERROR nodata answers are the
result for that name.
.TP
.B dump_cache
The contents of the cache is printed in a text format to stdout. You can
redirect it to a file to store the cache in a file.
.TP
.B load_cache
The contents of the cache is loaded from stdin. Uses the same format as
dump_cache uses. Loading the cache with old, or wrong data can result
in old or wrong data returned to clients. Loading data into the cache
in this way is supported in order to aid with debugging.
.TP
.B lookup \fIname
Print to stdout the name servers that would be used to look up the
name specified.
.TP
.B flush \fIname
Remove the name from the cache. Removes the types
A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
Because that is fast to do. Other record types can be removed using
.B flush_type
or
.B flush_zone\fR.
.TP
.B flush_type \fIname\fR \fItype
Remove the name, type information from the cache.
.TP
.B flush_zone \fIname
Remove all information at or below the name from the cache.
The rrsets and key entries are removed so that new lookups will be performed.
This needs to walk and inspect the entire cache, and is a slow operation.
.TP
.B flush_bogus
Remove all bogus data from the cache.
.TP
.B flush_stats
Reset statistics to zero.
.TP
.B flush_requestlist
Drop the queries that are worked on. Stops working on the queries that the
server is working on now. The cache is unaffected. No reply is sent for
those queries, probably making those users request again later.
Useful to make the server restart working on queries with new settings,
such as a higher verbosity level.
.TP
.B dump_requestlist
Show what is worked on. Prints all queries that the server is currently
working on. Prints the time that users have been waiting. For internal
requests, no time is printed. And then prints out the module status.
.TP
.B flush_infra \fIall|IP
If all then entire infra cache is emptied. If a specific IP address, the
entry for that address is removed from the cache. It contains EDNS, ping
and lameness data.
.TP
.B dump_infra
Show the contents of the infra cache.
.TP
.B set_option \fIopt: val
Set the option to the given value without a reload. The cache is
therefore not flushed. The option must end with a ':' and whitespace
must be between the option and the value. Some values may not have an
effect if set this way, the new values are not written to the config file,
not all options are supported. This is different from the set_option call
in libunbound, where all values work because unbound has not been inited.
.IP
The values that work are: statistics\-interval, statistics\-cumulative,
do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
hide\-identity, hide\-version, identity, version, val\-log\-level,
val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
keep\-missing, tcp\-upstream, ssl\-upstream.
.TP
.B get_option \fIopt
Get the value of the option. Give the option name without a trailing ':'.
The value is printed. If the value is "", nothing is printed
and the connection closes. On error 'error ...' is printed (it gives
a syntax error on unknown option). For some options a list of values,
one on each line, is printed. The options are shown from the config file
as modified with set_option. For some options an override may have been
taken that does not show up with this command, not results from e.g. the
verbosity and forward control commands. Not all options work, see list_stubs,
list_forwards, list_local_zones and list_local_data for those.
.TP
.B list_stubs
List the stub zones in use. These are printed one by one to the output.
This includes the root hints in use.
.TP
.B list_forwards
List the forward zones in use. These are printed zone by zone to the output.
.TP
.B list_local_zones
List the local zones in use. These are printed one per line with zone type.
.TP
.B list_local_data
List the local data RRs in use. The resource records are printed.
.TP
.B forward_add \fR[\fI+i\fR] \fIzone addr ...
Add a new forward zone to running unbound. With +i option also adds a
\fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
a DNSSEC root trust anchor configured for other names).
The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
in unbound.conf.
.TP
.B forward_remove \fR[\fI+i\fR] \fIzone
Remove a forward zone from running unbound. The +i also removes a
\fIdomain\-insecure\fR for the zone.
.TP
.B stub_add \fR[\fI+ip\fR] \fIzone addr ...
Add a new stub zone to running unbound. With +i option also adds a
\fIdomain\-insecure\fR for the zone. With +p the stub zone is set to prime,
without it it is set to notprime. The addr can be IP4, IP6 or nameserver
names, like the \fIstub-zone\fR config in unbound.conf.
.TP
.B stub_remove \fR[\fI+i\fR] \fIzone
Remove a stub zone from running unbound. The +i also removes a
\fIdomain\-insecure\fR for the zone.
.TP
.B forward \fR[\fIoff\fR | \fIaddr ...\fR ]
Setup forwarding mode. Configures if the server should ask other upstream
nameservers, should go to the internet root nameservers itself, or show
the current config. You could pass the nameservers after a DHCP update.
.IP
Without arguments the current list of addresses used to forward all queries
to is printed. On startup this is from the forward\-zone "." configuration.
Afterwards it shows the status. It prints off when no forwarding is used.
.IP
If \fIoff\fR is passed, forwarding is disabled and the root nameservers
are used. This can be used to avoid to avoid buggy or non\-DNSSEC supporting
nameservers returned from DHCP. But may not work in hotels or hotspots.
.IP
If one or more IPv4 or IPv6 addresses are given, those are then used to forward
queries to. The addresses must be separated with spaces. With '@port' the
port number can be set explicitly (default port is 53 (DNS)).
.IP
By default the forwarder information from the config file for the root "." is
used. The config file is not changed, so after a reload these changes are
gone. Other forward zones from the config file are not affected by this command.
.SH "EXIT CODE"
The unbound\-control program exits with status code 1 on error, 0 on success.
.SH "SET UP"
The setup requires a self\-signed certificate and private keys for both
the server and client. The script \fIunbound\-control\-setup\fR generates
these in the default run directory, or with \-d in another directory.
If you change the access control permissions on the key files you can decide
who can use unbound\-control, by default owner and group but not all users.
Run the script under the same username as you have configured in unbound.conf
or as root, so that the daemon is permitted to read the files, for example with:
.nf
sudo \-u unbound unbound\-control\-setup
.fi
If you have not configured
a username in unbound.conf, the keys need read permission for the user
credentials under which the daemon is started.
The script preserves private keys present in the directory.
After running the script as root, turn on \fBcontrol\-enable\fR in
\fIunbound.conf\fR.
.SH "STATISTIC COUNTERS"
The \fIstats\fR command shows a number of statistic counters.
.TP
.I threadX.num.queries
number of queries received by thread
.TP
.I threadX.num.cachehits
number of queries that were successfully answered using a cache lookup
.TP
.I threadX.num.cachemiss
number of queries that needed recursive processing
.TP
.I threadX.num.prefetch
number of cache prefetches performed. This number is included in
cachehits, as the original query had the unprefetched answer from cache,
and resulted in recursive processing, taking a slot in the requestlist.
Not part of the recursivereplies (or the histogram thereof) or cachemiss,
as a cache response was sent.
.TP
.I threadX.num.recursivereplies
The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
.TP
.I threadX.requestlist.avg
The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query.
.TP
.I threadX.requestlist.max
Maximum size attained by the internal recursive processing request list.
.TP
.I threadX.requestlist.overwritten
Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time.
.TP
.I threadX.requestlist.exceeded
Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up.
.TP
.I threadX.requestlist.current.all
Current size of the request list, includes internally generated queries (such
as priming queries and glue lookups).
.TP
.I threadX.requestlist.current.user
Current size of the request list, only the requests from client queries.
.TP
.I threadX.recursion.time.avg
Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average.
.TP
.I threadX.recursion.time.median
The median of the time it took to answer queries that needed recursive
processing. The median means that 50% of the user queries were answered in
less than this time. Because of big outliers (usually queries to non
responsive servers), the average can be bigger than the median. This median
has been calculated by interpolation from a histogram.
.TP
.I total.num.queries
summed over threads.
.TP
.I total.num.cachehits
summed over threads.
.TP
.I total.num.cachemiss
summed over threads.
.TP
.I total.num.prefetch
summed over threads.
.TP
.I total.num.recursivereplies
summed over threads.
.TP
.I total.requestlist.avg
averaged over threads.
.TP
.I total.requestlist.max
the maximum of the thread requestlist.max values.
.TP
.I total.requestlist.overwritten
summed over threads.
.TP
.I total.requestlist.exceeded
summed over threads.
.TP
.I total.requestlist.current.all
summed over threads.
.TP
.I total.recursion.time.median
averaged over threads.
.TP
.I time.now
current time in seconds since 1970.
.TP
.I time.up
uptime since server boot in seconds.
.TP
.I time.elapsed
time since last statistics printout, in seconds.
.SH EXTENDED STATISTICS
.TP
.I mem.total.sbrk
If sbrk(2) is available, an estimate of the heap size of the program in number of bytes. Close to the total memory used by the program, as reported by top and ps. Could be wrong if the OS allocates memory non\-contiguously.
.TP
.I mem.cache.rrset
Memory in bytes in use by the RRset cache.
.TP
.I mem.cache.message
Memory in bytes in use by the message cache.
.TP
.I mem.mod.iterator
Memory in bytes in use by the iterator module.
.TP
.I mem.mod.validator
Memory in bytes in use by the validator module. Includes the key cache and
negative cache.
.TP
.I histogram.<sec>.<usec>.to.<sec>.<usec>
Shows a histogram, summed over all threads. Every element counts the
recursive queries whose reply time fit between the lower and upper bound.
Times larger or equal to the lowerbound, and smaller than the upper bound.
There are 40 buckets, with bucket sizes doubling.
.TP
.I num.query.type.A
The total number of queries over all threads with query type A.
Printed for the other query types as well, but only for the types for which
queries were received, thus =0 entries are omitted for brevity.
.TP
.I num.query.type.other
Number of queries with query types 256\-65535.
.TP
.I num.query.class.IN
The total number of queries over all threads with query class IN (internet).
Also printed for other classes (such as CH (CHAOS) sometimes used for
debugging), or NONE, ANY, used by dynamic update.
num.query.class.other is printed for classes 256\-65535.
.TP
.I num.query.opcode.QUERY
The total number of queries over all threads with query opcode QUERY.
Also printed for other opcodes, UPDATE, ...
.TP
.I num.query.tcp
Number of queries that were made using TCP towards the unbound server.
.TP
.I num.query.ipv6
Number of queries that were made using IPv6 towards the unbound server.
.TP
.I num.query.flags.RD
The number of queries that had the RD flag set in the header.
Also printed for flags QR, AA, TC, RA, Z, AD, CD.
Note that queries with flags QR, AA or TC may have been rejected
because of that.
.TP
.I num.query.edns.present
number of queries that had an EDNS OPT record present.
.TP
.I num.query.edns.DO
number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set.
These queries are also included in the num.query.edns.present number.
.TP
.I num.answer.rcode.NXDOMAIN
The number of answers to queries, from cache or from recursion, that had the
return code NXDOMAIN. Also printed for the other return codes.
.TP
.I num.answer.rcode.nodata
The number of answers to queries that had the pseudo return code nodata.
This means the actual return code was NOERROR, but additionally, no data was
carried in the answer (making what is called a NOERROR/NODATA answer).
These queries are also included in the num.answer.rcode.NOERROR number.
Common for AAAA lookups when an A record exists, and no AAAA.
.TP
.I num.answer.secure
Number of answers that were secure. The answer validated correctly.
The AD bit might have been set in some of these answers, where the client
signalled (with DO or AD bit in the query) that they were ready to accept
the AD bit in the answer.
.TP
.I num.answer.bogus
Number of answers that were bogus. These answers resulted in SERVFAIL
to the client because the answer failed validation.
.TP
.I num.rrset.bogus
The number of rrsets marked bogus by the validator. Increased for every
RRset inspection that fails.
.TP
.I unwanted.queries
Number of queries that were refused or dropped because they failed the
access control settings.
.TP
.I unwanted.replies
Replies that were unwanted or unsolicited. Could have been random traffic,
delayed duplicates, very late answers, or could be spoofing attempts.
Some low level of late answers and delayed duplicates are to be expected
with the UDP protocol. Very high values could indicate a threat (spoofing).
.SH "FILES"
.TP
.I /etc/unbound/unbound.conf
unbound configuration file.
.TP
.I /var/unbound
directory with private keys (unbound_server.key and unbound_control.key) and
self\-signed certificates (unbound_server.pem and unbound_control.pem).
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\fR(8).

51
contrib/unbound/doc/unbound.8 Normal file
View File

@ -0,0 +1,51 @@
.TH "unbound" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
.\"
.\" unbound.8 -- unbound manual
.\"
.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.LP
.B unbound
\- Unbound DNS validating resolver 1.4.20.
.SH "SYNOPSIS"
.LP
.B unbound
.RB [ \-h ]
.RB [ \-d ]
.RB [ \-v ]
.RB [ \-c
.IR cfgfile ]
.SH "DESCRIPTION"
.LP
.B Unbound
is an implementation of a DNS resolver, that does caching and
DNSSEC validation.
.P
The available options are:
.TP
.B \-h
Show the version and commandline option help.
.TP
.B \-c\fI cfgfile
Set the config file with settings for unbound to read instead of reading the
file at the default location, /etc/unbound/unbound.conf. The syntax is
described in \fIunbound.conf\fR(5).
.TP
.B \-d
Debug flag, do not fork into the background, but stay attached to the
console. This flag will also delay writing to the logfile until the
thread\-spawn time. So that most config and setup errors appear on stderr.
.TP
.B \-v
Increase verbosity. If given multiple times, more information is logged.
This is in addition to the verbosity (if any) from the config file.
.SH "SEE ALSO"
\fIunbound.conf\fR(5),
\fIunbound\-checkconf\fR(8).
.SH "AUTHORS"
.B Unbound
developers are mentioned in the CREDITS file in the distribution.

1098
contrib/unbound/doc/unbound.conf.5 Normal file
View File

File diff suppressed because it is too large Load Diff