Context Navigation

source: server/other/unbound.xml@ 55fb76ba

Visit:

12.0 12.1 gimp3 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 55fb76ba was 2a7cafa, checked in by Ken Moffat <ken@…>, 17 months ago
Tags
Property mode set to `100644`
File size: 12.3 KB

Rev	Line
[d224244f]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6
[c6b192c]	7	<!ENTITY unbound-download-http "https://nlnetlabs.nl/downloads/unbound/unbound-&unbound-version;.tar.gz">
[d224244f]	8	<!ENTITY unbound-download-ftp " ">
[1c78e1cb]	9	<!ENTITY unbound-md5sum "bb96df2dc579c11ada537dbc52781abc">
	10	<!ENTITY unbound-size "6.0 MB">
	11	<!ENTITY unbound-buildsize "141 MB (with docs; add 10 MB for tests)">
[0c5a3ec]	12	<!ENTITY unbound-time "0.5 SBU (Using parallelism=4; with docs; add 0.4 SBU for tests)">
[d224244f]	13	]>
	14
	15	<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
	16	<?dbhtml filename="unbound.html"?>
	17
	18
	19	<title>Unbound-&unbound-version;</title>
	20
	21	<indexterm zone="unbound">
	22	<primary sortas="a-Unbound">Unbound</primary>
	23	</indexterm>
	24
	25	<sect2 role="package">
	26	<title>Introduction to Unbound</title>
	27
	28	<para>
	29	<application>Unbound</application> is a validating, recursive, and caching
	30	DNS resolver. It is designed as a set of modular components that
	31	incorporate modern features, such as enhanced security (DNSSEC)
	32	validation, Internet Protocol Version 6 (IPv6), and a client resolver
	33	library API as an integral part of the architecture.
	34	</para>
	35
[2a7cafa]	36	&lfs113_checked;
[d224244f]	37
	38	<bridgehead renderas="sect3">Package Information</bridgehead>
	39	<itemizedlist spacing="compact">
	40	<listitem>
	41	<para>
	42	Download (HTTP): <ulink url="&unbound-download-http;"/>
	43	</para>
	44	</listitem>
	45	<listitem>
	46	<para>
	47	Download (FTP): <ulink url="&unbound-download-ftp;"/>
	48	</para>
	49	</listitem>
	50	<listitem>
	51	<para>
	52	Download MD5 sum: &unbound-md5sum;
	53	</para>
	54	</listitem>
	55	<listitem>
	56	<para>
	57	Download size: &unbound-size;
	58	</para>
	59	</listitem>
	60	<listitem>
	61	<para>
	62	Estimated disk space required: &unbound-buildsize;
	63	</para>
	64	</listitem>
	65	<listitem>
	66	<para>
	67	Estimated build time: &unbound-time;
	68	</para>
	69	</listitem>
	70	</itemizedlist>
	71
	72	<bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
[94b42903]	73	<!--
[d224244f]	74	<bridgehead renderas="sect4">Required</bridgehead>
	75	<para role="required">
	76	<xref linkend="openssl"/>
[94b42903]	77	broken?
[1b472ab]	78	or <xref linkend="nss"/>
[d224244f]	79	</para>
[94b42903]	80	-->
[d224244f]	81
	82	<bridgehead renderas="sect4">Optional</bridgehead>
	83	<para role="optional">
	84	<xref linkend="libevent"/>,
[a8e34533]	85	<xref linkend="nettle"/>,
[283bd88]	86	<xref linkend="python2"/>,
[c10acfe]	87	<xref linkend="sphinx"/> (for Python bindings documentation),
[90a3dc30]	88	<xref linkend="swig"/> (for Python bindings),
[c10acfe]	89	<xref linkend="doxygen"/> (for html documentation), and
	90	<ulink url="https://dnstap.info/">dnstap</ulink>
[d224244f]	91	</para>
	92
	93	<para condition="html" role="usernotes">User Notes:
	94	<ulink url="&blfs-wiki;/unbound"/>
	95	</para>
	96	</sect2>
	97
	98	<sect2 role="installation">
	99	<title>Installation of Unbound</title>
	100
	101	<para>
	102	There should be a dedicated user and group to take control of the
	103	<command>unbound</command> daemon after it is started. Issue the following
	104	commands as the <systemitem class="username">root</systemitem> user:
	105	</para>
	106
	107	<screen role="root"><userinput>groupadd -g 88 unbound &&
[1f9c8ece]	108	useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
[d224244f]	109	-g unbound -s /bin/false unbound</userinput></screen>
	110
	111	<para>
	112	Install <application>Unbound</application> by running the following
	113	commands:
	114	</para>
	115
[283bd88]	116	<screen><userinput>./configure --prefix=/usr \
[d224244f]	117	--sysconfdir=/etc \
[283bd88]	118	--disable-static \
	119	--with-pidfile=/run/unbound.pid &&
[d224244f]	120	make</userinput></screen>
	121
	122	<para>
[f3429309]	123	If you have <xref linkend="doxygen"/> package installed and want to build
[d224244f]	124	html documentation, run the following command:
	125	</para>
	126
[2f3e3de9]	127	<screen remap="doc"><userinput>make doc</userinput></screen>
[d224244f]	128
[27b601a]	129	<para>
	130	To test the results, issue <command>make check</command>.
	131	</para>
[d224244f]	132
	133	<para>
	134	Now, as the <systemitem class="username">root</systemitem> user:
	135	</para>
	136
	137	<screen role="root"><userinput>make install &&
[1b472ab]	138	mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
[d224244f]	139
	140	<para>
[c18fd2e6]	141	If you built the documentation, install it by running the following
[d224244f]	142	commands as the <systemitem class="username">root</systemitem> user:
	143	</para>
	144
[2f3e3de9]	145	<screen role="root"
	146	remap="doc"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &&
[d224244f]	147	install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
	148
	149	</sect2>
	150
	151	<sect2 role="commands">
	152	<title>Command Explanations</title>
	153
	154	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
	155	href="../../xincludes/static-libraries.xml"/>
	156
	157	<para>
	158	<option>--with-libevent</option>: This option enables libevent support
	159	allowing use of large outgoing port ranges.
	160	</para>
	161
	162	<para>
	163	<option>--with-pyunbound</option>: This option enables building of the Python
	164	bindings.
	165	</para>
	166
	167	</sect2>
	168
	169	<sect2 role="configuration">
	170	<title>Configuring Unbound</title>
	171
	172	<sect3 id="unbound-config">
	173	<title>Config Files</title>
	174
[27b601a]	175	<para>
	176	<filename>/etc/unbound/unbound.conf</filename>
	177	</para>
[d224244f]	178
	179	<indexterm zone="unbound unbound-config">
	180	<primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
	181	</indexterm>
	182
	183	</sect3>
	184
	185	<sect3>
	186	<title>Configuration Information</title>
	187
	188	<para>
	189	In the default configuration, <command>unbound</command> will bind to
	190	localhost (127.0.0.1 IP address) and allow recursive queries only from
	191	localhost clients. If you want to use <command>unbound</command> for
	192	local DNS resolution, run the following command as the
	193	<systemitem class="username">root</systemitem> user:
	194	</para>
	195
	196	<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
	197
	198	<para>
	199	If you are using a DHCP client for connecting to a network,
	200	<filename>/etc/resolv.conf</filename> gets overwritten with values
[68a57ecd]	201	provided by DHCP server. You can override this, for example in <xref
	202	linkend="dhcp"/>, by running the following command as the <systemitem
	203	class="username">root</systemitem> user:
[d224244f]	204	</para>
	205
	206	<screen role="root"><userinput>sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
	207	/etc/dhcp/dhclient.conf</userinput></screen>
	208
	209	<para>
[68a57ecd]	210	For advanced configuration see
	211	<filename>/etc/unbound/unbound.conf</filename> file and the
	212	documentation.
[d224244f]	213	</para>
	214
[0a96698]	215	<para revision="sysv">
[68a57ecd]	216	When <application>Unbound</application> is installed, some package
	217	builds fail if the file <filename>/etc/unbound/root.key</filename> is
	218	not found. This file is created by running the boot script (install
	219	instructions below). Alternatively, it can be created by running the
	220	following command as the <systemitem class="username">root</systemitem>
	221	user:
	222	</para>
	223
[0a96698]	224	<para revision="systemd">
	225	When <application>Unbound</application> is installed, some package
	226	builds fail if the file <filename>/etc/unbound/root.key</filename> is
	227	not found. Create this file by running the following command as the
	228	<systemitem class="username">root</systemitem> user:
	229	</para>
	230
[bd81aa63]	231	<screen role="nodump"><userinput>unbound-anchor</userinput></screen>
[68a57ecd]	232
[d224244f]	233	</sect3>
	234
	235	<sect3 id="unbound-init">
[1258125]	236	<title><phrase revision="sysv">Boot Script</phrase>
	237	<phrase revision="systemd">Systemd Unit</phrase></title>
[d224244f]	238
[27b601a]	239	<para>
	240	If you want the <application>Unbound</application> server to
	241	start automatically when the system is booted, install the
	242	<phrase revision="sysv"><filename>/etc/rc.d/init.d/unbound</filename>
	243	init script</phrase>
	244	<phrase revision="systemd"><filename>unbound.service</filename>
	245	unit</phrase> included
	246	in the <xref linkend="bootscripts" revision="sysv"/>
[4472e923]	247	<xref linkend="systemd-units" revision="systemd"/> package:
[27b601a]	248	</para>
[d224244f]	249
	250	<indexterm zone="unbound unbound-init">
	251	<primary sortas="f-unbound">unbound</primary>
	252	</indexterm>
	253
	254	<screen role="root"><userinput>make install-unbound</userinput></screen>
	255
	256	</sect3>
	257
	258	</sect2>
	259
	260	<sect2 role="content">
	261	<title>Contents</title>
	262
	263	<segmentedlist>
	264	<segtitle>Installed Programs</segtitle>
	265	<segtitle>Installed Library</segtitle>
	266	<segtitle>Installed Directories</segtitle>
	267
	268	<seglistitem>
	269	<seg>
	270	unbound, unbound-anchor, unbound-checkconf, unbound-control,
[283bd88]	271	unbound-control-setup, and unbound-host
[d224244f]	272	</seg>
	273	<seg>
[be4a407]	274	libunbound.so and (optional)
[b6ff9d3f]	275	/usr/lib/python&python2-majorver;/site-packages/_unbound.so
[d224244f]	276	</seg>
	277	<seg>
[c18fd2e6]	278	/etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional)
[d224244f]	279	</seg>
	280	</seglistitem>
	281	</segmentedlist>
	282
	283	<variablelist>
	284	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	285	<?dbfo list-presentation="list"?>
	286	<?dbhtml list-presentation="table"?>
	287
	288	<varlistentry id="unbound-prog">
	289	<term><command>unbound</command></term>
	290	<listitem>
	291	<para>
[4c24eb0a]	292	is a DNS resolver daemon
[d224244f]	293	</para>
	294	<indexterm zone="unbound unbound-prog">
	295	<primary sortas="b-unbound">unbound</primary>
	296	</indexterm>
	297	</listitem>
	298	</varlistentry>
	299
	300	<varlistentry id="unbound-anchor">
	301	<term><command>unbound-anchor</command></term>
	302	<listitem>
	303	<para>
	304	performs setup or update of the root trust anchor for DNSSEC
[4c24eb0a]	305	validation
[d224244f]	306	</para>
	307	<indexterm zone="unbound unbound-anchor">
	308	<primary sortas="b-unbound-anchor">unbound-anchor</primary>
	309	</indexterm>
	310	</listitem>
	311	</varlistentry>
	312
	313	<varlistentry id="unbound-checkconf">
	314	<term><command>unbound-checkconf</command></term>
	315	<listitem>
	316	<para>
[1f9c8ece]	317	checks the <command>unbound</command> configuration file for syntax
[4c24eb0a]	318	and other errors
[d224244f]	319	</para>
	320	<indexterm zone="unbound unbound-checkconf">
	321	<primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
	322	</indexterm>
	323	</listitem>
	324	</varlistentry>
	325
	326	<varlistentry id="unbound-control">
	327	<term><command>unbound-control</command></term>
	328	<listitem>
	329	<para>
	330	performs remote administration on the <command>unbound</command> DNS
[4c24eb0a]	331	resolver
[d224244f]	332	</para>
	333	<indexterm zone="unbound unbound-control">
	334	<primary sortas="b-unbound-control">unbound-control</primary>
	335	</indexterm>
	336	</listitem>
	337	</varlistentry>
	338
	339	<varlistentry id="unbound-control-setup">
	340	<term><command>unbound-control-setup</command></term>
	341	<listitem>
	342	<para>
[5d98241]	343	generates a self-signed certificate and private keys for the server
[4c24eb0a]	344	and client
[d224244f]	345	</para>
	346	<indexterm zone="unbound unbound-control-setup">
	347	<primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
	348	</indexterm>
	349	</listitem>
	350	</varlistentry>
	351
	352	<varlistentry id="unbound-host">
	353	<term><command>unbound-host</command></term>
	354	<listitem>
	355	<para>
	356	is a DNS lookup utility similar to <command>host</command> from
[4c24eb0a]	357	<xref linkend="bind-utils"/>
[d224244f]	358	</para>
	359	<indexterm zone="unbound unbound-host">
	360	<primary sortas="b-unbound-host">unbound-host</primary>
	361	</indexterm>
	362	</listitem>
	363	</varlistentry>
	364
	365	<varlistentry id="libunbound">
	366	<term><filename class="libraryfile">libunbound.so</filename></term>
	367	<listitem>
	368	<para>
	369	provides the <application>Unbound</application> API functions to
[4c24eb0a]	370	programs
[d224244f]	371	</para>
	372	<indexterm zone="unbound libunbound">
	373	<primary sortas="c-libunbound">libunbound.so</primary>
	374	</indexterm>
	375	</listitem>
	376	</varlistentry>
	377
	378	</variablelist>
	379
	380	</sect2>
	381
	382	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: