source: server/other/unbound.xml@ 9458059

10.0 10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 9458059 was 9458059, checked in by Thomas Trepl <thomas@…>, 16 months ago

Upgrade unbound-1.11.0

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23428 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 12.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY unbound-download-http "http://www.unbound.net/downloads/unbound-&unbound-version;.tar.gz">
8 <!ENTITY unbound-download-ftp " ">
9 <!ENTITY unbound-md5sum "528dcf9bb9aa693a14f9ad5bab417b85">
10 <!ENTITY unbound-size "5.6 MB">
11 <!ENTITY unbound-buildsize "129 MB (with docs; add 10 MB for tests)">
12 <!ENTITY unbound-time "0.6 SBU (Using parallelism=4; with docs; add 0.3 SBU for tests)">
13]>
14
15<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
16 <?dbhtml filename="unbound.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Unbound-&unbound-version;</title>
24
25 <indexterm zone="unbound">
26 <primary sortas="a-Unbound">Unbound</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Unbound</title>
31
32 <para>
33 <application>Unbound</application> is a validating, recursive, and caching
34 DNS resolver. It is designed as a set of modular components that
35 incorporate modern features, such as enhanced security (DNSSEC)
36 validation, Internet Protocol Version 6 (IPv6), and a client resolver
37 library API as an integral part of the architecture.
38 </para>
39
40 &lfs91_checked;
41
42 <bridgehead renderas="sect3">Package Information</bridgehead>
43 <itemizedlist spacing="compact">
44 <listitem>
45 <para>
46 Download (HTTP): <ulink url="&unbound-download-http;"/>
47 </para>
48 </listitem>
49 <listitem>
50 <para>
51 Download (FTP): <ulink url="&unbound-download-ftp;"/>
52 </para>
53 </listitem>
54 <listitem>
55 <para>
56 Download MD5 sum: &unbound-md5sum;
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download size: &unbound-size;
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Estimated disk space required: &unbound-buildsize;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Estimated build time: &unbound-time;
72 </para>
73 </listitem>
74 </itemizedlist>
75
76 <bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
77<!--
78 <bridgehead renderas="sect4">Required</bridgehead>
79 <para role="required">
80 <xref linkend="openssl"/>
81 broken?
82 or <xref linkend="nss"/>
83 </para>
84-->
85
86 <bridgehead renderas="sect4">Optional</bridgehead>
87 <para role="optional">
88 <xref linkend="libevent"/>,
89 <xref linkend="nettle"/>,
90 <xref linkend="python2"/>,
91 <xref linkend="swig"/> (for Python bindings),
92 <xref linkend="doxygen"/> (for html documentation),
93 <ulink url="http://dnstap.info/">dnstap</ulink>, and
94 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (for
95 Python bindings documentation)
96 </para>
97
98 <para condition="html" role="usernotes">User Notes:
99 <ulink url="&blfs-wiki;/unbound"/>
100 </para>
101 </sect2>
102
103 <sect2 role="installation">
104 <title>Installation of Unbound</title>
105
106 <para>
107 There should be a dedicated user and group to take control of the
108 <command>unbound</command> daemon after it is started. Issue the following
109 commands as the <systemitem class="username">root</systemitem> user:
110 </para>
111
112<screen role="root"><userinput>groupadd -g 88 unbound &amp;&amp;
113useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
114 -g unbound -s /bin/false unbound</userinput></screen>
115
116 <para>
117 Install <application>Unbound</application> by running the following
118 commands:
119 </para>
120
121<screen><userinput>./configure --prefix=/usr \
122 --sysconfdir=/etc \
123 --disable-static \
124 --with-pidfile=/run/unbound.pid &amp;&amp;
125make</userinput></screen>
126
127 <para>
128 If you have <xref linkend="doxygen"/> package installed and want to build
129 html documentation, run the following command:
130 </para>
131
132<screen remap="doc"><userinput>make doc</userinput></screen>
133
134 <para>
135 To test the results, issue <command>make check</command>.
136 </para>
137
138 <para>
139 Now, as the <systemitem class="username">root</systemitem> user:
140 </para>
141
142<screen role="root"><userinput>make install &amp;&amp;
143mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
144
145 <para>
146 If you built the documentation, install it by running the following
147 commands as the <systemitem class="username">root</systemitem> user:
148 </para>
149
150<screen role="root"
151 remap="doc"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &amp;&amp;
152install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
153
154 </sect2>
155
156 <sect2 role="commands">
157 <title>Command Explanations</title>
158
159 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
160 href="../../xincludes/static-libraries.xml"/>
161
162 <para>
163 <option>--with-libevent</option>: This option enables libevent support
164 allowing use of large outgoing port ranges.
165 </para>
166
167 <para>
168 <option>--with-pyunbound</option>: This option enables building of the Python
169 bindings.
170 </para>
171
172 </sect2>
173
174 <sect2 role="configuration">
175 <title>Configuring Unbound</title>
176
177 <sect3 id="unbound-config">
178 <title>Config Files</title>
179
180 <para>
181 <filename>/etc/unbound/unbound.conf</filename>
182 </para>
183
184 <indexterm zone="unbound unbound-config">
185 <primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
186 </indexterm>
187
188 </sect3>
189
190 <sect3>
191 <title>Configuration Information</title>
192
193 <para>
194 In the default configuration, <command>unbound</command> will bind to
195 localhost (127.0.0.1 IP address) and allow recursive queries only from
196 localhost clients. If you want to use <command>unbound</command> for
197 local DNS resolution, run the following command as the
198 <systemitem class="username">root</systemitem> user:
199 </para>
200
201<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
202
203 <para>
204 If you are using a DHCP client for connecting to a network,
205 <filename>/etc/resolv.conf</filename> gets overwritten with values
206 provided by DHCP server. You can override this, for example in <xref
207 linkend="dhcp"/>, by running the following command as the <systemitem
208 class="username">root</systemitem> user:
209 </para>
210
211<screen role="root"><userinput>sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
212 /etc/dhcp/dhclient.conf</userinput></screen>
213
214 <para>
215 For advanced configuration see
216 <filename>/etc/unbound/unbound.conf</filename> file and the
217 documentation.
218 </para>
219
220 <para>
221 When <application>Unbound</application> is installed, some package
222 builds fail if the file <filename>/etc/unbound/root.key</filename> is
223 not found. This file is created by running the boot script (install
224 instructions below). Alternatively, it can be created by running the
225 following command as the <systemitem class="username">root</systemitem>
226 user:
227 </para>
228
229<screen role="root"><userinput>unbound-anchor</userinput></screen>
230
231 </sect3>
232
233 <sect3 id="unbound-init">
234 <title><phrase revision="sysv">Boot Script</phrase>
235 <phrase revision="systemd">Systemd Unit</phrase></title>
236
237 <para>
238 If you want the <application>Unbound</application> server to
239 start automatically when the system is booted, install the
240 <phrase revision="sysv"><filename>/etc/rc.d/init.d/unbound</filename>
241 init script</phrase>
242 <phrase revision="systemd"><filename>unbound.service</filename>
243 unit</phrase> included
244 in the <xref linkend="bootscripts" revision="sysv"/>
245 <xref linkend="systemd-units" revision="systemd"/> package:
246 </para>
247
248 <indexterm zone="unbound unbound-init">
249 <primary sortas="f-unbound">unbound</primary>
250 </indexterm>
251
252<screen role="root"><userinput>make install-unbound</userinput></screen>
253
254 </sect3>
255
256 </sect2>
257
258 <sect2 role="content">
259 <title>Contents</title>
260
261 <segmentedlist>
262 <segtitle>Installed Programs</segtitle>
263 <segtitle>Installed Library</segtitle>
264 <segtitle>Installed Directories</segtitle>
265
266 <seglistitem>
267 <seg>
268 unbound, unbound-anchor, unbound-checkconf, unbound-control,
269 unbound-control-setup, and unbound-host
270 </seg>
271 <seg>
272 libunbound.so and (optional)
273 /usr/lib/python&python2-majorver;/site-packages/_unbound.so
274 </seg>
275 <seg>
276 /etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional)
277 </seg>
278 </seglistitem>
279 </segmentedlist>
280
281 <variablelist>
282 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
283 <?dbfo list-presentation="list"?>
284 <?dbhtml list-presentation="table"?>
285
286 <varlistentry id="unbound-prog">
287 <term><command>unbound</command></term>
288 <listitem>
289 <para>
290 is a DNS resolver daemon.
291 </para>
292 <indexterm zone="unbound unbound-prog">
293 <primary sortas="b-unbound">unbound</primary>
294 </indexterm>
295 </listitem>
296 </varlistentry>
297
298 <varlistentry id="unbound-anchor">
299 <term><command>unbound-anchor</command></term>
300 <listitem>
301 <para>
302 performs setup or update of the root trust anchor for DNSSEC
303 validation.
304 </para>
305 <indexterm zone="unbound unbound-anchor">
306 <primary sortas="b-unbound-anchor">unbound-anchor</primary>
307 </indexterm>
308 </listitem>
309 </varlistentry>
310
311 <varlistentry id="unbound-checkconf">
312 <term><command>unbound-checkconf</command></term>
313 <listitem>
314 <para>
315 checks <command>unbound</command> configuration file for syntax
316 and other errors.
317 </para>
318 <indexterm zone="unbound unbound-checkconf">
319 <primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
320 </indexterm>
321 </listitem>
322 </varlistentry>
323
324 <varlistentry id="unbound-control">
325 <term><command>unbound-control</command></term>
326 <listitem>
327 <para>
328 performs remote administration on the <command>unbound</command> DNS
329 resolver.
330 </para>
331 <indexterm zone="unbound unbound-control">
332 <primary sortas="b-unbound-control">unbound-control</primary>
333 </indexterm>
334 </listitem>
335 </varlistentry>
336
337 <varlistentry id="unbound-control-setup">
338 <term><command>unbound-control-setup</command></term>
339 <listitem>
340 <para>
341 generates a self-signed certificate and private keys for the server
342 and client.
343 </para>
344 <indexterm zone="unbound unbound-control-setup">
345 <primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
346 </indexterm>
347 </listitem>
348 </varlistentry>
349
350 <varlistentry id="unbound-host">
351 <term><command>unbound-host</command></term>
352 <listitem>
353 <para>
354 is a DNS lookup utility similar to <command>host</command> from
355 <xref linkend="bind-utils"/>.
356 </para>
357 <indexterm zone="unbound unbound-host">
358 <primary sortas="b-unbound-host">unbound-host</primary>
359 </indexterm>
360 </listitem>
361 </varlistentry>
362
363 <varlistentry id="libunbound">
364 <term><filename class="libraryfile">libunbound.so</filename></term>
365 <listitem>
366 <para>
367 provides the <application>Unbound</application> API functions to
368 programs.
369 </para>
370 <indexterm zone="unbound libunbound">
371 <primary sortas="c-libunbound">libunbound.so</primary>
372 </indexterm>
373 </listitem>
374 </varlistentry>
375
376 </variablelist>
377
378 </sect2>
379
380</sect1>
Note: See TracBrowser for help on using the repository browser.