source: server/other/unbound.xml@ 0a43695

10.0 10.1 11.0 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus perl-modules qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 0a43695 was 0a43695, checked in by Ken Moffat <ken@…>, 4 years ago

tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19788 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 11.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY unbound-download-http "http://www.unbound.net/downloads/unbound-&unbound-version;.tar.gz">
8 <!ENTITY unbound-download-ftp " ">
9 <!ENTITY unbound-md5sum "c9d26cef224b10705229d5072142636c">
10 <!ENTITY unbound-size "5.2 MB">
11 <!ENTITY unbound-buildsize "45 MB (with tests, add 80 MB for documentation)">
12 <!ENTITY unbound-time "0.6 SBU (usind parallelism=4; with tests)">
13]>
14
15<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
16 <?dbhtml filename="unbound.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Unbound-&unbound-version;</title>
24
25 <indexterm zone="unbound">
26 <primary sortas="a-Unbound">Unbound</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Unbound</title>
31
32 <para>
33 <application>Unbound</application> is a validating, recursive, and caching
34 DNS resolver. It is designed as a set of modular components that
35 incorporate modern features, such as enhanced security (DNSSEC)
36 validation, Internet Protocol Version 6 (IPv6), and a client resolver
37 library API as an integral part of the architecture.
38 </para>
39
40 &lfs82_checked;
41
42 <bridgehead renderas="sect3">Package Information</bridgehead>
43 <itemizedlist spacing="compact">
44 <listitem>
45 <para>
46 Download (HTTP): <ulink url="&unbound-download-http;"/>
47 </para>
48 </listitem>
49 <listitem>
50 <para>
51 Download (FTP): <ulink url="&unbound-download-ftp;"/>
52 </para>
53 </listitem>
54 <listitem>
55 <para>
56 Download MD5 sum: &unbound-md5sum;
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download size: &unbound-size;
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Estimated disk space required: &unbound-buildsize;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Estimated build time: &unbound-time;
72 </para>
73 </listitem>
74 </itemizedlist>
75
76 <bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
77<!--
78 <bridgehead renderas="sect4">Required</bridgehead>
79 <para role="required">
80 <xref linkend="openssl"/>
81 broken?
82 or <xref linkend="nss"/>
83 </para>
84-->
85
86 <bridgehead renderas="sect4">Optional</bridgehead>
87 <para role="optional">
88 <xref linkend="libevent"/>,
89 <xref linkend="nettle"/>,
90 <xref linkend="python2"/>,
91 <xref linkend="swig"/> (for Python bindings),
92 <xref linkend="doxygen"/> (for html documentation),
93 <ulink url="http://dnstap.info/">dnstap</ulink>, and
94 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (for
95 Python bindings documentation)
96 </para>
97
98 <para condition="html" role="usernotes">User Notes:
99 <ulink url="&blfs-wiki;/unbound"/>
100 </para>
101 </sect2>
102
103 <sect2 role="installation">
104 <title>Installation of Unbound</title>
105
106 <para>
107 There should be a dedicated user and group to take control of the
108 <command>unbound</command> daemon after it is started. Issue the following
109 commands as the <systemitem class="username">root</systemitem> user:
110 </para>
111
112<screen role="root"><userinput>groupadd -g 88 unbound &amp;&amp;
113useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
114 -g unbound -s /bin/false unbound</userinput></screen>
115
116 <para>
117 Install <application>Unbound</application> by running the following
118 commands:
119 </para>
120
121<screen><userinput>./configure --prefix=/usr \
122 --sysconfdir=/etc \
123 --disable-static \
124 --with-pidfile=/run/unbound.pid &amp;&amp;
125make</userinput></screen>
126
127 <para>
128 If you have <xref linkend="doxygen"/> package installed and want to build
129 html documentation, run the following command:
130 </para>
131
132<screen><userinput>make doc</userinput></screen>
133
134 <para>To test the results, issue <command>make check</command>.</para>
135
136 <para>
137 Now, as the <systemitem class="username">root</systemitem> user:
138 </para>
139
140<screen role="root"><userinput>make install &amp;&amp;
141mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
142
143 <para>
144 If you built html documentation, install it by running the following
145 commands as the <systemitem class="username">root</systemitem> user:
146 </para>
147
148<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &amp;&amp;
149install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
150
151 </sect2>
152
153 <sect2 role="commands">
154 <title>Command Explanations</title>
155
156 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
157 href="../../xincludes/static-libraries.xml"/>
158
159 <para>
160 <option>--with-libevent</option>: This option enables libevent support
161 allowing use of large outgoing port ranges.
162 </para>
163
164 <para>
165 <option>--with-pyunbound</option>: This option enables building of the Python
166 bindings.
167 </para>
168
169 </sect2>
170
171 <sect2 role="configuration">
172 <title>Configuring Unbound</title>
173
174 <sect3 id="unbound-config">
175 <title>Config Files</title>
176
177 <para><filename>/etc/unbound/unbound.conf</filename></para>
178
179 <indexterm zone="unbound unbound-config">
180 <primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
181 </indexterm>
182
183 </sect3>
184
185 <sect3>
186 <title>Configuration Information</title>
187
188 <para>
189 In the default configuration, <command>unbound</command> will bind to
190 localhost (127.0.0.1 IP address) and allow recursive queries only from
191 localhost clients. If you want to use <command>unbound</command> for
192 local DNS resolution, run the following command as the
193 <systemitem class="username">root</systemitem> user:
194 </para>
195
196<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
197
198 <para>
199 If you are using a DHCP client for connecting to a network,
200 <filename>/etc/resolv.conf</filename> gets overwritten with values
201 provided by DHCP server. You can override this, for example in <xref
202 linkend="dhcp"/>, by running the following command as the <systemitem
203 class="username">root</systemitem> user:
204 </para>
205
206<screen role="root"><userinput>sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
207 /etc/dhcp/dhclient.conf</userinput></screen>
208
209 <para>
210 For advanced configuration see
211 <filename>/etc/unbound/unbound.conf</filename> file and the
212 documentation.
213 </para>
214
215 <para>
216 When <application>Unbound</application> is installed, some package
217 builds fail if the file <filename>/etc/unbound/root.key</filename> is
218 not found. This file is created by running the boot script (install
219 instructions below). Alternatively, it can be created by running the
220 following command as the <systemitem class="username">root</systemitem>
221 user:
222 </para>
223
224<screen role="root"><userinput>unbound-anchor</userinput></screen>
225
226 </sect3>
227
228 <sect3 id="unbound-init">
229 <title><phrase revision="sysv">Boot Script</phrase>
230 <phrase revision="systemd">Systemd Unit</phrase></title>
231
232 <para>If you want the <application>Unbound</application> server to
233 start automatically when the system is booted, install the
234 <phrase revision="sysv"><filename>/etc/rc.d/init.d/unbound</filename>
235 init script</phrase>
236 <phrase revision="systemd"><filename>unbound.service</filename>
237 unit</phrase> included
238 in the <xref linkend="bootscripts" revision="sysv"/>
239 <xref linkend="systemd-units" revision="systemd"/> package.</para>
240
241 <indexterm zone="unbound unbound-init">
242 <primary sortas="f-unbound">unbound</primary>
243 </indexterm>
244
245<screen role="root"><userinput>make install-unbound</userinput></screen>
246
247 </sect3>
248
249 </sect2>
250
251 <sect2 role="content">
252 <title>Contents</title>
253
254 <segmentedlist>
255 <segtitle>Installed Programs</segtitle>
256 <segtitle>Installed Library</segtitle>
257 <segtitle>Installed Directories</segtitle>
258
259 <seglistitem>
260 <seg>
261 unbound, unbound-anchor, unbound-checkconf, unbound-control,
262 unbound-control-setup, and unbound-host
263 </seg>
264 <seg>
265 libunbound.so and (optional)
266 /usr/lib/python&python2-majorver;/site-packages/_unbound.so
267 </seg>
268 <seg>
269 /etc/unbound and /usr/share/doc/unbound-&unbound-version;
270 </seg>
271 </seglistitem>
272 </segmentedlist>
273
274 <variablelist>
275 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
276 <?dbfo list-presentation="list"?>
277 <?dbhtml list-presentation="table"?>
278
279 <varlistentry id="unbound-prog">
280 <term><command>unbound</command></term>
281 <listitem>
282 <para>
283 is a DNS resolver daemon.
284 </para>
285 <indexterm zone="unbound unbound-prog">
286 <primary sortas="b-unbound">unbound</primary>
287 </indexterm>
288 </listitem>
289 </varlistentry>
290
291 <varlistentry id="unbound-anchor">
292 <term><command>unbound-anchor</command></term>
293 <listitem>
294 <para>
295 performs setup or update of the root trust anchor for DNSSEC
296 validation.
297 </para>
298 <indexterm zone="unbound unbound-anchor">
299 <primary sortas="b-unbound-anchor">unbound-anchor</primary>
300 </indexterm>
301 </listitem>
302 </varlistentry>
303
304 <varlistentry id="unbound-checkconf">
305 <term><command>unbound-checkconf</command></term>
306 <listitem>
307 <para>
308 checks <command>unbound</command> configuration file for syntax
309 and other errors.
310 </para>
311 <indexterm zone="unbound unbound-checkconf">
312 <primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
313 </indexterm>
314 </listitem>
315 </varlistentry>
316
317 <varlistentry id="unbound-control">
318 <term><command>unbound-control</command></term>
319 <listitem>
320 <para>
321 performs remote administration on the <command>unbound</command> DNS
322 resolver.
323 </para>
324 <indexterm zone="unbound unbound-control">
325 <primary sortas="b-unbound-control">unbound-control</primary>
326 </indexterm>
327 </listitem>
328 </varlistentry>
329
330 <varlistentry id="unbound-control-setup">
331 <term><command>unbound-control-setup</command></term>
332 <listitem>
333 <para>
334 generates self-signed certificate and private keys for the server
335 and client.
336 </para>
337 <indexterm zone="unbound unbound-control-setup">
338 <primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
339 </indexterm>
340 </listitem>
341 </varlistentry>
342
343 <varlistentry id="unbound-host">
344 <term><command>unbound-host</command></term>
345 <listitem>
346 <para>
347 is a DNS lookup utility similar to <command>host</command> from
348 <xref linkend="bind-utils"/>.
349 </para>
350 <indexterm zone="unbound unbound-host">
351 <primary sortas="b-unbound-host">unbound-host</primary>
352 </indexterm>
353 </listitem>
354 </varlistentry>
355
356 <varlistentry id="libunbound">
357 <term><filename class="libraryfile">libunbound.so</filename></term>
358 <listitem>
359 <para>
360 provides the <application>Unbound</application> API functions to
361 programs.
362 </para>
363 <indexterm zone="unbound libunbound">
364 <primary sortas="c-libunbound">libunbound.so</primary>
365 </indexterm>
366 </listitem>
367 </varlistentry>
368
369 </variablelist>
370
371 </sect2>
372
373</sect1>
Note: See TracBrowser for help on using the repository browser.