source: server/other/unbound.xml@ 9ea9aa7

systemd-13485
Last change on this file since 9ea9aa7 was 9ea9aa7, checked in by DJ Lucas <dj@…>, 8 years ago

Merges from trunk to r17100.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@17231 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 11.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY unbound-download-http "http://www.unbound.net/downloads/unbound-&unbound-version;.tar.gz">
8 <!ENTITY unbound-download-ftp " ">
9 <!ENTITY unbound-md5sum "1c34282bae0c625b86374ee9caaef6f7">
10 <!ENTITY unbound-size "4.7 MB">
11 <!ENTITY unbound-buildsize "47 MB (with tests)">
12 <!ENTITY unbound-time "0.7 SBU (with tests)">
13]>
14
15<sect1 id="unbound" xreflabel="Unbound-&unbound-version;">
16 <?dbhtml filename="unbound.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Unbound-&unbound-version;</title>
24
25 <indexterm zone="unbound">
26 <primary sortas="a-Unbound">Unbound</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Unbound</title>
31
32 <para>
33 <application>Unbound</application> is a validating, recursive, and caching
34 DNS resolver. It is designed as a set of modular components that
35 incorporate modern features, such as enhanced security (DNSSEC)
36 validation, Internet Protocol Version 6 (IPv6), and a client resolver
37 library API as an integral part of the architecture.
38 </para>
39
40 &lfs78_checked;
41
42 <bridgehead renderas="sect3">Package Information</bridgehead>
43 <itemizedlist spacing="compact">
44 <listitem>
45 <para>
46 Download (HTTP): <ulink url="&unbound-download-http;"/>
47 </para>
48 </listitem>
49 <listitem>
50 <para>
51 Download (FTP): <ulink url="&unbound-download-ftp;"/>
52 </para>
53 </listitem>
54 <listitem>
55 <para>
56 Download MD5 sum: &unbound-md5sum;
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Download size: &unbound-size;
62 </para>
63 </listitem>
64 <listitem>
65 <para>
66 Estimated disk space required: &unbound-buildsize;
67 </para>
68 </listitem>
69 <listitem>
70 <para>
71 Estimated build time: &unbound-time;
72 </para>
73 </listitem>
74 </itemizedlist>
75
76 <bridgehead renderas="sect3">Unbound Dependencies</bridgehead>
77
78 <bridgehead renderas="sect4">Required</bridgehead>
79 <para role="required">
80 <xref linkend="openssl"/>
81<!-- broken?
82 or <xref linkend="nss"/>
83-->
84 </para>
85
86 <bridgehead renderas="sect4">Optional</bridgehead>
87 <para role="optional">
88 <xref linkend="libevent"/>,
89 <xref linkend="nettle"/>,
90 <xref linkend="python2"/>,
91 <xref linkend="swig"/> (for Python bindings),
92 <xref linkend="doxygen"/> (for html documentation),
93 <!--<ulink url="http://sourceforge.net/projects/expat/">expat</ulink>, installed by LFS. -->
94 <ulink url="http://dnstap.info/">dnstap</ulink>, and
95 <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (for
96 Python bindings documentation)
97 </para>
98
99 <para condition="html" role="usernotes">User Notes:
100 <ulink url="&blfs-wiki;/unbound"/>
101 </para>
102 </sect2>
103
104 <sect2 role="installation">
105 <title>Installation of Unbound</title>
106
107 <para>
108 There should be a dedicated user and group to take control of the
109 <command>unbound</command> daemon after it is started. Issue the following
110 commands as the <systemitem class="username">root</systemitem> user:
111 </para>
112
113<screen role="root"><userinput>groupadd -g 88 unbound &amp;&amp;
114useradd -c "Unbound DNS resolver" -d /var/lib/unbound -u 88 \
115 -g unbound -s /bin/false unbound</userinput></screen>
116
117 <para>
118 Install <application>Unbound</application> by running the following
119 commands:
120 </para>
121
122<screen><userinput>./configure --prefix=/usr \
123 --sysconfdir=/etc \
124 --disable-static \
125 --with-pidfile=/run/unbound.pid &amp;&amp;
126make</userinput></screen>
127
128 <para>
129 If you have <xref linkend="doxygen"/> package installed and want to build
130 html documentation, run the following command:
131 </para>
132
133<screen><userinput>make doc</userinput></screen>
134
135 <para>To test the results, issue <command>make check</command>.</para>
136
137 <para>
138 Now, as the <systemitem class="username">root</systemitem> user:
139 </para>
140
141<screen role="root"><userinput>make install &amp;&amp;
142mv -v /usr/sbin/unbound-host /usr/bin/</userinput></screen>
143
144 <para>
145 If you built html documentation, install it by running the following
146 commands as the <systemitem class="username">root</systemitem> user:
147 </para>
148
149<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &amp;&amp;
150install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;</userinput></screen>
151
152 </sect2>
153
154 <sect2 role="commands">
155 <title>Command Explanations</title>
156
157 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
158 href="../../xincludes/static-libraries.xml"/>
159
160 <para>
161 <option>--with-libevent</option>: This option enables libevent support
162 allowing use of large outgoing port ranges.
163 </para>
164
165 <para>
166 <option>--with-pyunbound</option>: This option enables building of the Python
167 bindings.
168 </para>
169
170 </sect2>
171
172 <sect2 role="configuration">
173 <title>Configuring Unbound</title>
174
175 <sect3 id="unbound-config">
176 <title>Config Files</title>
177
178 <para><filename>/etc/unbound/unbound.conf</filename></para>
179
180 <indexterm zone="unbound unbound-config">
181 <primary sortas="e-etc-unbound-unbound.conf">/etc/unbound/unbound.conf</primary>
182 </indexterm>
183
184 </sect3>
185
186 <sect3>
187 <title>Configuration Information</title>
188
189 <para>
190 In the default configuration, <command>unbound</command> will bind to
191 localhost (127.0.0.1 IP address) and allow recursive queries only from
192 localhost clients. If you want to use <command>unbound</command> for
193 local DNS resolution, run the following command as the
194 <systemitem class="username">root</systemitem> user:
195 </para>
196
197<screen role="root"><userinput>echo "nameserver 127.0.0.1" > /etc/resolv.conf</userinput></screen>
198
199 <para>
200 If you are using a DHCP client for connecting to a network,
201 <filename>/etc/resolv.conf</filename> gets overwritten with values
202 provided by DHCP server. You can override this, for example in <xref
203 linkend="dhcp"/>, by running the following command as the <systemitem
204 class="username">root</systemitem> user:
205 </para>
206
207<screen role="root"><userinput>sed -i '/request /i\supersede domain-name-servers 127.0.0.1;' \
208 /etc/dhcp/dhclient.conf</userinput></screen>
209
210 <para>
211 For advanced configuration see
212 <filename>/etc/unbound/unbound.conf</filename> file and the
213 documentation.
214 </para>
215
216 <para>
217 When <application>Unbound</application> is installed, some package
218 builds fail if the file <filename>/etc/unbound/root.key</filename> is
219 not found. This file is created by running the boot script (install
220 instructions below). Alternatively, it can be created by running the
221 following command as the <systemitem class="username">root</systemitem>
222 user:
223 </para>
224
225<screen role="root"><userinput>unbound-anchor</userinput></screen>
226
227 </sect3>
228
229 <sect3 id="unbound-init">
230 <title>Systemd Units</title>
231
232 <para>
233 To start the <command>unbound</command> daemon at boot,
234 install the systemd unit from the <xref linkend="bootscripts"/>
235 package by running the following command as the
236 <systemitem class="username">root</systemitem> user:
237 </para>
238
239 <indexterm zone="unbound unbound-init">
240 <primary sortas="f-unbound">unbound</primary>
241 </indexterm>
242
243<screen role="root"><userinput>make install-unbound</userinput></screen>
244
245 </sect3>
246
247 </sect2>
248
249 <sect2 role="content">
250 <title>Contents</title>
251
252 <segmentedlist>
253 <segtitle>Installed Programs</segtitle>
254 <segtitle>Installed Library</segtitle>
255 <segtitle>Installed Directories</segtitle>
256
257 <seglistitem>
258 <seg>
259 unbound, unbound-anchor, unbound-checkconf, unbound-control,
260 unbound-control-setup, and unbound-host
261 </seg>
262 <seg>
263 libunbound.so and (optional)
264 /usr/lib/python&python2-majorver;/site-packages/_unbound.so
265 </seg>
266 <seg>
267 /etc/unbound and /usr/share/doc/unbound-&unbound-version;
268 </seg>
269 </seglistitem>
270 </segmentedlist>
271
272 <variablelist>
273 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
274 <?dbfo list-presentation="list"?>
275 <?dbhtml list-presentation="table"?>
276
277 <varlistentry id="unbound-prog">
278 <term><command>unbound</command></term>
279 <listitem>
280 <para>
281 is a DNS resolver daemon.
282 </para>
283 <indexterm zone="unbound unbound-prog">
284 <primary sortas="b-unbound">unbound</primary>
285 </indexterm>
286 </listitem>
287 </varlistentry>
288
289 <varlistentry id="unbound-anchor">
290 <term><command>unbound-anchor</command></term>
291 <listitem>
292 <para>
293 performs setup or update of the root trust anchor for DNSSEC
294 validation.
295 </para>
296 <indexterm zone="unbound unbound-anchor">
297 <primary sortas="b-unbound-anchor">unbound-anchor</primary>
298 </indexterm>
299 </listitem>
300 </varlistentry>
301
302 <varlistentry id="unbound-checkconf">
303 <term><command>unbound-checkconf</command></term>
304 <listitem>
305 <para>
306 checks <command>unbound</command> configuration file for syntax
307 and other errors.
308 </para>
309 <indexterm zone="unbound unbound-checkconf">
310 <primary sortas="b-unbound-checkconf">unbound-checkconf</primary>
311 </indexterm>
312 </listitem>
313 </varlistentry>
314
315 <varlistentry id="unbound-control">
316 <term><command>unbound-control</command></term>
317 <listitem>
318 <para>
319 performs remote administration on the <command>unbound</command> DNS
320 resolver.
321 </para>
322 <indexterm zone="unbound unbound-control">
323 <primary sortas="b-unbound-control">unbound-control</primary>
324 </indexterm>
325 </listitem>
326 </varlistentry>
327
328 <varlistentry id="unbound-control-setup">
329 <term><command>unbound-control-setup</command></term>
330 <listitem>
331 <para>
332 generates self-signed certificate and private keys for the server
333 and client.
334 </para>
335 <indexterm zone="unbound unbound-control-setup">
336 <primary sortas="b-unbound-control-setup">unbound-control-setup</primary>
337 </indexterm>
338 </listitem>
339 </varlistentry>
340
341 <varlistentry id="unbound-host">
342 <term><command>unbound-host</command></term>
343 <listitem>
344 <para>
345 is a DNS lookup utility similar to <command>host</command> from
346 <xref linkend="bind-utils"/>.
347 </para>
348 <indexterm zone="unbound unbound-host">
349 <primary sortas="b-unbound-host">unbound-host</primary>
350 </indexterm>
351 </listitem>
352 </varlistentry>
353
354 <varlistentry id="libunbound">
355 <term><filename class="libraryfile">libunbound.so</filename></term>
356 <listitem>
357 <para>
358 provides the <application>Unbound</application> API functions to
359 programs.
360 </para>
361 <indexterm zone="unbound libunbound">
362 <primary sortas="c-libunbound">libunbound.so</primary>
363 </indexterm>
364 </listitem>
365 </varlistentry>
366
367 </variablelist>
368
369 </sect2>
370
371</sect1>
Note: See TracBrowser for help on using the repository browser.