Context Navigation

source: server/other/unbound.xml@ cddf294

Visit:

trunk

Last change on this file since cddf294 was 807a0ba, checked in by Douglas R. Reno <renodr@…>, 21 hours ago
Update to unbound-1.21.1 (Security Update)
Property mode set to `100644`
File size: 11.8 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY unbound-download-http "https://nlnetlabs.nl/downloads/unbound/unbound-&unbound-version;.tar.gz">
8	<!ENTITY unbound-download-ftp " ">
9	<!ENTITY unbound-md5sum "94fee452f4f7c3aad166d65533931c0f">
10	<!ENTITY unbound-size "6.3 MB">
11	<!ENTITY unbound-buildsize "148 MB (with docs; add 11 MB for tests)">
12	<!ENTITY unbound-time "0.3 SBU (Using parallelism=4; with docs; add 0.3 SBU for tests)">
13	]>
14
15	<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
16	<?dbhtml filename="unbound.html"?>
17
18
19	<title>Unbound-&unbound-version;</title>
20
21	<indexterm zone="unbound">
22	<primary sortas="a-Unbound">Unbound</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Unbound</title>
27
28	<para>
29	<application>Unbound</application> is a validating, recursive, and caching
30	DNS resolver. It is designed as a set of modular components that
31	incorporate modern features, such as enhanced security (DNSSEC)
32	validation, Internet Protocol Version 6 (IPv6), and a client resolver
33	library API as an integral part of the architecture.
34	</para>
35
36	&lfs122_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>
42	Download (HTTP): <ulink url="&unbound-download-http;"/>
43	</para>
44	</listitem>
45	<listitem>
46	<para>
47	Download (FTP): <ulink url="&unbound-download-ftp;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download MD5 sum: &unbound-md5sum;
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download size: &unbound-size;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Estimated disk space required: &unbound-buildsize;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated build time: &unbound-time;
68	</para>
69	</listitem>
70	</itemizedlist>
71
72	<bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
73	<!--
74	<bridgehead renderas="sect4">Required</bridgehead>
75	<para role="required">
76	<xref linkend="openssl"/>
77	broken?
78	or <xref linkend="nss"/>
79	</para>
80	-->
81
82	<bridgehead renderas="sect4">Optional</bridgehead>
83	<para role="optional">
84	<xref linkend="libevent"/>,
85	<xref linkend="nettle"/>,
86	<xref linkend="protobuf-c"/> (for dnstap),
87	<xref linkend="sphinx"/> (for Python bindings documentation),
88	<xref linkend="swig"/> (for Python bindings),
89	<xref linkend="doxygen"/> (for html documentation),
90	<ulink url="https://dnstap.info/">dnstap</ulink>, and
91	&python2;
92	</para>
93
94	</sect2>
95
96	<sect2 role="installation">
97	<title>Installation of Unbound</title>
98
99	<para>
100	There should be a dedicated user and group to take control of the
101	<command>unbound</command> daemon after it is started. Issue the following
102	commands as the <systemitem class="username">root</systemitem> user:
103	</para>
104
105	<screen role="root"><userinput>groupadd -g 88 unbound &&
106	useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
107	-g unbound -s /bin/false unbound</userinput></screen>
108
109	<para>
110	Install <application>Unbound</application> by running the following
111	commands:
112	</para>
113
114	<screen><userinput>./configure --prefix=/usr \
115	--sysconfdir=/etc \
116	--disable-static \
117	--with-pidfile=/run/unbound.pid &&
118	make</userinput></screen>
119
120	<para>
121	If you have <xref linkend="doxygen"/> package installed and want to build
122	html documentation, run the following command:
123	</para>
124
125	<screen remap="doc"><userinput>make doc</userinput></screen>
126
127	<para>
128	To test the results, issue <command>make check</command>.
129	</para>
130
131	<para>
132	Now, as the <systemitem class="username">root</systemitem> user:
133	</para>
134
135	<screen role="root"><userinput>make install &&
136	mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
137
138	<para>
139	If you built the documentation, install it by running the following
140	commands as the <systemitem class="username">root</systemitem> user:
141	</para>
142
143	<screen role="root"
144	remap="doc"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &&
145	install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
146
147	</sect2>
148
149	<sect2 role="commands">
150	<title>Command Explanations</title>
151
152	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
153	href="../../xincludes/static-libraries.xml"/>
154
155	<para>
156	<option>--with-libevent</option>: This option enables libevent support,
157	which allows for the use of large outgoing port ranges.
158	</para>
159
160	<para>
161	<option>--with-pyunbound</option>: This option enables building the Python
162	bindings. If you want to build the bindings, you also need to pass the
163	<envar>PYTHON_VERSION=&python3-majorver;</envar> environment variable to
164	configure.
165	</para>
166
167	</sect2>
168
169	<sect2 role="configuration">
170	<title>Configuring Unbound</title>
171
172	<sect3 id="unbound-config">
173	<title>Config Files</title>
174
175	<para>
176	<filename>/etc/unbound/unbound.conf</filename>
177	</para>
178
179	<indexterm zone="unbound unbound-config">
180	<primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
181	</indexterm>
182
183	</sect3>
184
185	<sect3>
186	<title>Configuration Information</title>
187
188	<para>
189	In the default configuration, <command>unbound</command> will bind to
190	localhost (127.0.0.1 IP address) and allow recursive queries only from
191	localhost clients. If you want to use <command>unbound</command> for
192	local DNS resolution, run the following command as the
193	<systemitem class="username">root</systemitem> user:
194	</para>
195
196	<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
197
198	<para>
199	For advanced configuration see
200	<filename>/etc/unbound/unbound.conf</filename> file and the
201	documentation.
202	</para>
203
204	<para revision="sysv">
205	When <application>Unbound</application> is installed, some package
206	builds fail if the file <filename>/etc/unbound/root.key</filename> is
207	not found. This file is created by running the boot script (install
208	instructions below). Alternatively, it can be created by running the
209	following command as the <systemitem class="username">root</systemitem>
210	user:
211	</para>
212
213	<para revision="systemd">
214	When <application>Unbound</application> is installed, some package
215	builds fail if the file <filename>/etc/unbound/root.key</filename> is
216	not found. Create this file by running the following command as the
217	<systemitem class="username">root</systemitem> user:
218	</para>
219
220	<screen role="nodump"><userinput>unbound-anchor</userinput></screen>
221
222	</sect3>
223
224	<sect3 id="unbound-init">
225	<title><phrase revision="sysv">Boot Script</phrase>
226	<phrase revision="systemd">Systemd Unit</phrase></title>
227
228	<para>
229	If you want the <application>Unbound</application> server to
230	start automatically when the system is booted, install the
231	<phrase revision="sysv"><filename>/etc/rc.d/init.d/unbound</filename>
232	init script</phrase>
233	<phrase revision="systemd"><filename>unbound.service</filename>
234	unit</phrase> included
235	in the <xref linkend="bootscripts" revision="sysv"/>
236	<xref linkend="systemd-units" revision="systemd"/> package:
237	</para>
238
239	<indexterm zone="unbound unbound-init">
240	<primary sortas="f-unbound">unbound</primary>
241	</indexterm>
242
243	<screen role="root"><userinput>make install-unbound</userinput></screen>
244
245	</sect3>
246
247	</sect2>
248
249	<sect2 role="content">
250	<title>Contents</title>
251
252	<segmentedlist>
253	<segtitle>Installed Programs</segtitle>
254	<segtitle>Installed Library</segtitle>
255	<segtitle>Installed Directories</segtitle>
256
257	<seglistitem>
258	<seg>
259	unbound, unbound-anchor, unbound-checkconf, unbound-control,
260	unbound-control-setup, and unbound-host
261	</seg>
262	<seg>
263	libunbound.so
264	</seg>
265	<seg>
266	/etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional)
267	</seg>
268	</seglistitem>
269	</segmentedlist>
270
271	<variablelist>
272	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
273	<?dbfo list-presentation="list"?>
274	<?dbhtml list-presentation="table"?>
275
276	<varlistentry id="unbound-prog">
277	<term><command>unbound</command></term>
278	<listitem>
279	<para>
280	is a DNS resolver daemon
281	</para>
282	<indexterm zone="unbound unbound-prog">
283	<primary sortas="b-unbound">unbound</primary>
284	</indexterm>
285	</listitem>
286	</varlistentry>
287
288	<varlistentry id="unbound-anchor">
289	<term><command>unbound-anchor</command></term>
290	<listitem>
291	<para>
292	initializes or updates the root trust anchor for DNSSEC
293	validation
294	</para>
295	<indexterm zone="unbound unbound-anchor">
296	<primary sortas="b-unbound-anchor">unbound-anchor</primary>
297	</indexterm>
298	</listitem>
299	</varlistentry>
300
301	<varlistentry id="unbound-checkconf">
302	<term><command>unbound-checkconf</command></term>
303	<listitem>
304	<para>
305	checks the <command>unbound</command> configuration file for syntax
306	and other errors
307	</para>
308	<indexterm zone="unbound unbound-checkconf">
309	<primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
310	</indexterm>
311	</listitem>
312	</varlistentry>
313
314	<varlistentry id="unbound-control">
315	<term><command>unbound-control</command></term>
316	<listitem>
317	<para>
318	performs remote administration on the <command>unbound</command> DNS
319	resolver
320	</para>
321	<indexterm zone="unbound unbound-control">
322	<primary sortas="b-unbound-control">unbound-control</primary>
323	</indexterm>
324	</listitem>
325	</varlistentry>
326
327	<varlistentry id="unbound-control-setup">
328	<term><command>unbound-control-setup</command></term>
329	<listitem>
330	<para>
331	generates a self-signed certificate and private keys for the server
332	and client
333	</para>
334	<indexterm zone="unbound unbound-control-setup">
335	<primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
336	</indexterm>
337	</listitem>
338	</varlistentry>
339
340	<varlistentry id="unbound-host">
341	<term><command>unbound-host</command></term>
342	<listitem>
343	<para>
344	is a DNS lookup utility similar to <command>host</command> from
345	<xref linkend="bind-utils"/>
346	</para>
347	<indexterm zone="unbound unbound-host">
348	<primary sortas="b-unbound-host">unbound-host</primary>
349	</indexterm>
350	</listitem>
351	</varlistentry>
352
353	<varlistentry id="libunbound">
354	<term><filename class="libraryfile">libunbound.so</filename></term>
355	<listitem>
356	<para>
357	provides the <application>Unbound</application> API functions to
358	programs
359	</para>
360	<indexterm zone="unbound libunbound">
361	<primary sortas="c-libunbound">libunbound.so</primary>
362	</indexterm>
363	</listitem>
364	</varlistentry>
365
366	</variablelist>
367
368	</sect2>
369
370	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: