diff options
Diffstat (limited to 'contrib/unbound/doc')
21 files changed, 10063 insertions, 0 deletions
diff --git a/contrib/unbound/doc/CREDITS b/contrib/unbound/doc/CREDITS new file mode 100644 index 0000000..429a799 --- /dev/null +++ b/contrib/unbound/doc/CREDITS @@ -0,0 +1,21 @@ +Unbound was developed at NLnet Labs by Wouter Wijngaards. + +Unbound was architected in January of 2004 by Jakob Schlyter of Kirei +and Roy Arends of Nominet. VeriSign and EP.Net funded development of +the prototype, which was built by David Blacka and Matt Larson of VeriSign. +Late in 2006, NLnet Labs joined the effort, writing an implementation in C +based on the existing prototype and using experience NLnet Labs gained +during the development of NSD, an authoritative DNS server. + +At NLnet Labs, Jelte Jansen, Mark Santcroos and Matthijs Mekking +reviewed the unbound C sources. + +Jakob Schlyter - for advice on secure settings, random numbers and blacklists. +Ondřej Surý - running coverity analysis tool on 0.9 dev version. +Alexander Gall - multihomed, anycast testing of unbound resolver server. +Zdenek Vasicek and Marek Vavrusa - python module. +cz.nic - sponsoring 'summer of code' development by Zdenek and Marek. +Brett Carr - windows beta testing. +Luca Bruno - patch for windows support in libunbound hosts and resolvconf(). +Tom Hendrikx - contributed split-itar.sh a useful script to 5011-track ITAR. +Daisuke HIGASHI - patch for rrset-roundrobin and minimal-responses. diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog new file mode 100644 index 0000000..3b2753f --- /dev/null +++ b/contrib/unbound/doc/Changelog @@ -0,0 +1,4780 @@ +24 May 2012: Wouter + - tag for 1.4.17 release. + +18 May 2012: Wouter + - Review comments, removed duplicate memset to zero in delegpt. + +16 May 2012: Wouter + - Updated doc/FEATURES with RFCs that are implemented but not listed. + - Protect if statements in val_anchor for compile without locks. + - tag for 1.4.17rc1. + +15 May 2012: Wouter + - fix configure ECDSA support in ldns detection for windows compile. + - fix possible uninitialised variable in windows pipe implementation. + +9 May 2012: Wouter + - Fix alignment problem in util/random on sparc64/freebsd. + +8 May 2012: Wouter + - Fix for accept spinning reported by OpenBSD. + - iana portlist updated. + +2 May 2012: Wouter + - Fix validation of nodata for DS query in NSEC zones, reported by + Ondrej Mikle. + +13 April 2012: Wouter + - ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older + openssl. + +10 April 2012: Wouter + - Applied patch from Daisuke HIGASHI for rrset-roundrobin and + minimal-responses features. + - iana portlist updated. + +5 April 2012: Wouter + - fix bug #443: --with-chroot-dir not honoured by configure. + - fix bug #444: setusercontext was called too late (thanks Bjorn + Ketelaars). + +27 March 2012: Wouter + - fix bug #442: Fix that Makefile depends on pythonmod headers + even using --without-pythonmodule. + +22 March 2012: Wouter + - contrib/validation-reporter follows rotated log file (patch from + Augie Schwer). + +21 March 2012: Wouter + - new approach to NS fetches for DS lookup that works with + cornercases, and is more robust and considers forwarders. + +19 March 2012: Wouter + - iana portlist updated. + - fix to locate nameservers for DS lookup with NS fetches. + +16 March 2012: Wouter + - Patch for access to full DNS packet data in unbound python module + from Ondrej Mikle. + +9 March 2012: Wouter + - Applied line-buffer patch from Augie Schwer to validation.reporter.sh. + +2 March 2012: Wouter + - flush_infra cleans timeouted servers from the cache too. + - removed warning from --enable-ecdsa. + +1 March 2012: Wouter + - forward-first option. Tries without forward if a query fails. + Also stub-first option that is similar. + +28 February 2012: Wouter + - Fix from code review, if EINPROGRESS not defined chain if statement + differently. + +27 February 2012: Wouter + - Fix bug#434: on windows check registry for config file location + for unbound-control.exe, and unbound-checkconf.exe. + +23 February 2012: Wouter + - Fix to squelch 'network unreachable' errors from tcp connect in + logs, high verbosity will show them. + +16 February 2012: Wouter + - iter_hints is now thread-owned in module env, and thus threadsafe. + - Fix prefetch and sticky NS, now the prefetch works. It picks + nameservers that 'would be valid in the future', and if this makes + the NS timeout, it updates that NS by asking delegation from the + parent again. If child NS has longer TTL, that TTL does not get + refreshed from the lookup to the child nameserver. + +15 February 2012: Wouter + - Fix forward-zone memory, uses malloc and frees original root dp. + - iter hints (stubs) uses malloc inside for more dynamicity. + - unbound-control forward_add, forward_remove, stub_add, stub_remove + can modify stubs and forwards for running unbound (on mobile computer) + they can also add and remove domain-insecure for the zone. + +14 February 2012: Wouter + - Fix sticky NS (ghost domain problem) if prefetch is yes. + - iter forwards uses malloc inside for more dynamicity. + +13 February 2012: Wouter + - RT#2955. Fix for cygwin compilation. + - iana portlist updated. + +10 February 2012: Wouter + - Slightly smaller critical region in one case in infra cache. + - Fix timeouts to keep track of query type, A, AAAA and other, if + another has caused timeout blacklist, different type can still probe. + - unit test fix for nomem_cnametopos.rpl race condition. + +9 February 2012: Wouter + - Fix AHX_BROKEN_MEMCMP for autoheader mess up of #undef in config.h. + +8 February 2012: Wouter + - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This + implementation is experimental at this time and not recommended + for use on the public internet (the protocol numbers have not + been assigned). Needs recent ldns with --enable-ecdsa. + - fix memory leak in errorcase for DSA signatures. + - iana portlist updated. + - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. + +3 February 2012: Wouter + - fix for windows, rename() is not posix compliant on windows. + +2 February 2012: Wouter + - 1.4.16 release tag. + - svn trunk is 1.4.17 in development. + - iana portlist updated. + +1 February 2012: Wouter + - Fix validation failures (like: validation failure xx: no NSEC3 + closest encloser from yy for DS zz. while building chain of trust, + because of a bug in the TTL-fix in 1.4.15, it picked the wrong rdata + for an NSEC3. Now it does not change rdata, and fixes TTL. + +30 January 2012: Wouter + - Fix version-number in libtool to be version-info so it produces + libunbound.so.2 like it should. + +26 January 2012: Wouter + - Tag 1.4.15 (same as 1.4.15rc1), for 1.4.15 release. + - trunk 1.4.16; includes changes memset testcode, #424 openindiana, + and keyfile write fixup. + - applied patch to support outgoing-interface with ub_ctx_set_option. + +23 January 2012: Wouter + - Fix memset in test code. + +20 January 2012: Wouter + - Fix bug #424: compile on OpenIndiana OS with gcc 4.6.2. + +19 January 2012: Wouter + - Fix to write key files completely to a temporary file, and if that + succeeds, replace the real key file. So failures leave a useful file. + +18 January 2012: Wouter + - tag 1.4.15rc1 created + - updated libunbound/ubsyms.def and remade tag 1.4.15rc1. + +17 January 2012: Wouter + - Fix bug where canonical_compare of RRSIG did not downcase the + signer-name. This is mostly harmless because RRSIGs do not have + to be sorted in canonical order, usually. + +12 January 2012: Wouter + - bug#428: add ub_version() call to libunbound. API version increase, + with (binary) backwards compatibility for the previous version. + +10 January 2012: Wouter + - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL + that would be permissible by the RFCs but it is not the TTL in the + cache. + - iana portlist updated. + - uninitialised variable in reprobe for rtt blocked domains fixed. + - lintfix and new flex output. + +2 January 2012: Wouter + - Fix to randomize hash function, based on 28c3 congress, reported + by Peter van Dijk. + +24 December 2011: Wouter + - Fix for memory leak (about 20 bytes when a tcp or udp send operation + towards authority servers failed, takes about 50.000 such failures to + leak one Mb, such failures are also usually logged), reported by + Robert Fleischmann. + - iana portlist updated. + +19 December 2011: Wouter + - Fix for VU#209659 CVE-2011-4528: Unbound denial of service + vulnerabilities from nonstandard redirection and denial of existence + http://www.unbound.net/downloads/CVE-2011-4528.txt + - robust checks for next-closer NSEC3s. + - tag 1.4.14 created. + - trunk has 1.4.15 in development. + +15 December 2011: Wouter + - remove uninit warning from cachedump code. + - Fix parse error on negative SOA RRSIGs if badly ordered in the packet. + +13 December 2011: Wouter + - iana portlist updated. + - svn tag 1.4.14rc1 + - fix infra cache comparison. + - Fix to constrain signer_name to be a parent of the lookupname. + +5 December 2011: Wouter + - Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. + - Fix warnings with gcc 4.6 in compat/inet_ntop.c. + - Fix warning unused in compat/strptime.c. + - Fix malloc detection and double defintion. + +2 December 2011: Wouter + - configure generated with autoconf 2.68. + +30 November 2011: Wouter + - Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes + SERVFAILs. Also fixed for UDP (but less likely). + +28 November 2011: Wouter + - Fix quartile time estimate, it was too low, (thanks Jan Komissar). + - iana ports updated. + +11 November 2011: Wouter + - Makefile compat with SunOS make, BSD make and GNU make. + - iana ports updated. + +10 November 2011: Wouter + - Makefile changed for BSD make compatibility. + +9 November 2011: Wouter + - added unit test for SSL service and SSL-upstream. + +8 November 2011: Wouter + - can configure ssl service to one port number, and not on others. + - fixup windows compile with ssl support. + - Fix double free in unbound-host, reported by Steve Grubb. + - iana portlist updated. + +1 November 2011: Wouter + - dns over ssl support as a client, ssl-upstream yes turns it on. + It performs an SSL transaction for every DNS query (250 msec). + - documentation for new options: ssl-upstream, ssl-service-key and + ssl-service.pem. + - iana portlist updated. + - fix -flto detection on Lion for llvm-gcc. + +31 October 2011: Wouter + - dns over ssl support, ssl-service-pem and ssl-service-key files + can be given and then TCP queries are serviced wrapped in SSL. + +27 October 2011: Wouter + - lame-ttl and lame-size options no longer exist, it is integrated + with the host info. They are ignored (with verbose warning) if + encountered to keep the config file backwards compatible. + - fix iana-update for changing gzip compression of results. + - fix export-all-symbols on OSX. + +26 October 2011: Wouter + - iana portlist updated. + - Infra cache stores information about ping and lameness per IP, zone. + This fixes bug #416. + - fix iana_update target for gzipped file on iana site. + +24 October 2011: Wouter + - Fix resolve of partners.extranet.microsoft.com with a fix for the + server selection for choosing out of a (particular) list of bad + choices. (bug#415) + - Fix make_new_space function so that the incoming query is not + overwritten if a jostled out query causes a waiting query to be + resumed that then fails and sends an error message. (Thanks to + Matthew Lee). + +21 October 2011: Wouter + - fix --enable-allsymbols, fptr wlist is disabled on windows with this + option enabled because of memory layout exe vs dll. + +19 October 2011: Wouter + - fix unbound-anchor for broken strptime on OSX lion, detected + in configure. + - Detect if GOST really works, openssl1.0 on OSX fails. + - Implement ipv6%interface notation for scope_id usage. + +17 October 2011: Wouter + - better documentation for inform_super (Thanks Yang Zhe). + +14 October 2011: Wouter + - Fix for out-of-memory condition in libunbound (thanks + Robert Fleischman). + +13 October 2011: Wouter + - Fix --enable-allsymbols, it depended on link specifics of the + target platform, or fptr_wlist assertion failures could occur. + +12 October 2011: Wouter + - updated contrib/unbound_munin_ to family=auto so that it works with + munin-node-configure automatically (if installed as + /usr/local/share/munin/plugins/unbound_munin_ ). + +27 September 2011: Wouter + - unbound.exe -w windows option for start and stop service. + +23 September 2011: Wouter + - TCP-upstream calculates tcp-ping so server selection works if there + are alternatives. + +20 September 2011: Wouter + - Fix classification of NS set in answer section, where there is a + parent-child server, and the answer has the AA flag for dir.slb.com. + Thanks to Amanda Constant from Secure64. + +16 September 2011: Wouter + - fix bug #408: accept patch from Steve Snyder that comments out + unused functions in lookup3.c. + - iana portlist updated. + - fix EDNS1480 change memleak and TCP fallback. + - fix various compiler warnings (reported by Paul Wouters). + - max sent count. EDNS1480 only for rtt < 5000. No promiscuous + fetch if sentcount > 3, stop query if sentcount > 16. Count is + reset when referral or CNAME happens. This makes unbound better + at managing large NS sets, they are explored when there is continued + interest (in the form of queries). + +15 September 2011: Wouter + - release 1.4.13. + - trunk contains 1.4.14 in development. + - Unbound probes at EDNS1480 if there an EDNS0 timeout. + +12 September 2011: Wouter + - Reverted dns EDNS backoff fix, it did not help and needs + fragmentation fixes instead. + - tag 1.4.13rc2 + +7 September 2011: Wouter + - Fix operation in ipv6 only (do-ip4: no) mode. + +6 September 2011: Wouter + - fedora specfile updated. + +5 September 2011: Wouter + - tag 1.4.13rc1 + +2 September 2011: Wouter + - iana portlist updated. + +26 August 2011: Wouter + - Fix num-threads 0 does not segfault, reported by Simon Deziel. + - Fix validation failures due to EDNS backoff retries, the retry + for fetch of data has want_dnssec because the iter_indicate_dnssec + function returns true when validation failure retry happens, and + then the serviced query code does not fallback to noEDNS, even if + the cache says it has this. This helps for DLV deployment when + the DNSSEC status is not known for sure before the lookup concludes. + +24 August 2011: Wouter + - Applied patch from Karel Slany that fixes a memory leak in the + unbound python module, in string conversions. + +22 August 2011: Wouter + - Fix validation of qtype ANY responses with CNAMEs (thanks Cathy + Zhang and Luo Ce). Unbound responds with the RR types that are + available at the name for qtype ANY and validates those RR types. + It does not test for completeness (i.e. with NSEC or NSEC3 query), + and it does not follow the CNAME or DNAME to another name (with + even more data for the already large response). + - Fix that internally, CNAMEs with NXDOMAIN have that as rcode. + - Documented the options that work with control set_option command. + - tcp-upstream yes/no option (works with set_option) for tunnels. + +18 August 2011: Wouter + - fix autoconf call in makedist crosscompile to RC or snapshot. + +17 August 2011: Wouter + - Fix validation of . DS query. + - new xml format at IANA, new awk for iana_update. + - iana portlist updated. + +10 August 2011: Wouter + - Fix python site-packages path to /usr/lib64. + - updated patch from Tom. + - fix memory and fd leak after out-of-memory condition. + +9 August 2011: Wouter + - patch from Tom Hendrikx fixes load of python modules. + +8 August 2011: Wouter + - make clean had ldns-src reference, removed. + +1 August 2011: Wouter + - Fix autoconf 2.68 warnings + +14 July 2011: Wouter + - Unbound implements RFC6303 (since version 1.4.7). + - tag 1.4.12rc1 is released as 1.4.12 (without the other fixes in the + meantime, those are for 1.4.13). + - iana portlist updated. + +13 July 2011: Wouter + - Quick fix for contrib/unbound.spec example, no ldns-builtin any more. + +11 July 2011: Wouter + - Fix wildcard expansion no-data reply under an optout NSEC3 zone is + validated as insecure, reported by Jia Li (lijia@cnnic.cn). + +4 July 2011: Wouter + - 1.4.12rc1 tag created. + +1 July 2011: Wouter + - version number in example config file. + - fix that --enable-static-exe does not complain about it unknown. + +30 June 2011: Wouter + - tag relase 1.4.11, trunk is 1.4.12 development. + - iana portlist updated. + - fix bug#395: id bits of other query may leak out under conditions + - fix replyaddr count wrong after jostled queries, which leads to + eventual starvation where the daemon has no replyaddrs left to use. + - fix comment about rndc port, that referred to the old port number. + - fix that the listening socket is not closed when too many remote + control connections are made at the same time. + - removed ldns-src tarball inside the unbound tarball. + +23 June 2011: Wouter + - Changed -flto check to support clang compiler. + - tag 1.4.11rc3 created. + +17 June 2011: Wouter + - tag 1.4.11rc1 created. + - remove warning about signed/unsigned from flex (other flex version). + - updated aclocal.m4 and libtool to match. + - tag 1.4.11rc2 created. + +16 June 2011: Wouter + - log-queries: yesno option, default is no, prints querylog. + - version is 1.4.11. + +14 June 2011: Wouter + - Use -flto compiler flag for link time optimization, if supported. + - iana portlist updated. + +12 June 2011: Wouter + - IPv6 service address for d.root-servers.net (2001:500:2D::D). + +10 June 2011: Wouter + - unbound-control has version number in the header, + UBCT[version]_space_ is the header sent by the client now. + - Unbound control port number is registered with IANA: + ub-dns-control 8953/tcp unbound dns nameserver control + This is the new default for the control-port config setting. + - statistics-interval prints the number of jostled queries to log. + +30 May 2011: Wouter + - Fix Makefile for U in environment, since wrong U is more common than + deansification necessity. + - iana portlist updated. + - updated ldns tarball to 1.6.10rc2 snapshot of today. + +25 May 2011: Wouter + - Fix assertion failure when unbound generates an empty error reply + in response to a query, CVE-2011-1922 VU#531342. + - This fix is in tag 1.4.10. + - defense in depth against the above bug, an error is printed to log + instead of an assertion failure. + +10 May 2011: Wouter + - bug#386: --enable-allsymbols option links all binaries to libunbound + and reduces install size significantly. + - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers. + - iana portlist updated. + - Fix TTL of SOA so negative TTL is separately cached from normal TTL. + +14 April 2011: Wouter + - configure created with newer autoconf 2.66. + +12 April 2011: Wouter + - bug#378: Fix that configure checks for ldns_get_random presence. + +8 April 2011: Wouter + - iana portlist updated. + - queries with CD flag set cause DNSSEC validation, but the answer is + not withheld if it is bogus. Thus, unbound will retry if it is bad + and curb the TTL if it is bad, thus protecting the cache for use by + downstream validators. + - val-override-date: -1 ignores dates entirely, for NTP usage. + +29 March 2011: Wouter + - harden-below-nxdomain: changed so that it activates when the + cached nxdomain is dnssec secure. This avoids backwards + incompatibility because those old servers do not have dnssec. + +24 March 2011: Wouter + - iana portlist updated. + - release 1.4.9. + - trunk is 1.5.0 + +17 March 2011: Wouter + - bug#370: new unbound.spec for CentOS 5.x from Harold Jones. + Applied but did not do the --disable-gost. + +10 March 2011: Wouter + - tag 1.4.9 release candidate 1 created. + +3 March 2011: Wouter + - updated ldns to today. + +1 March 2011: Wouter + - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. + - give config parse error for multiple names on a stub or forward zone. + - updated ldns tarball to 1.6.9(todays snapshot). + +24 February 2011: Wouter + - bug #361: Fix, time.elapsed variable not reset with stats_noreset. + +23 February 2011: Wouter + - iana portlist updated. + - common.sh to version 3. + +18 February 2011: Wouter + - common.sh in testdata updated to version 2. + +15 February 2011: Wouter + - Added explicit note on unbound-anchor usage: + Please note usage of unbound-anchor root anchor is at your own risk + and under the terms of our LICENSE (see that file in the source). + +11 February 2011: Wouter + - iana portlist updated. + - tpkg updated with common.sh for common functionality. + +7 February 2011: Wouter + - Added regression test for addition of a .net DS to the root, and + cache effects with different TTL for glue and DNSKEY. + - iana portlist updated. + +28 January 2011: Wouter + - Fix remove private address does not throw away entire response. + +24 January 2011: Wouter + - release 1.4.8 + +19 January 2011: Wouter + - fix bug#349: no -L/usr for ldns. + +18 January 2011: Wouter + - ldns 1.6.8 tarball included. + - release 1.4.8rc1. + +17 January 2011: Wouter + - add get and set option for harden-below-nxdomain feature. + - iana portlist updated. + +14 January 2011: Wouter + - Fix so a changed NS RRset does not get moved name stuck on old + server, for type NS the TTL is not increased. + +13 January 2011: Wouter + - Fix prefetch so it does not get stuck on old server for moved names. + +12 January 2011: Wouter + - iana portlist updated. + +11 January 2011: Wouter + - Fix insecure CNAME sequence marked as secure, reported by Bert + Hubert. + +10 January 2011: Wouter + - faster lruhash get_mem routine. + +4 January 2011: Wouter + - bug#346: remove ITAR scripts from contrib, the service is discontinued, use the root. + - iana portlist updated. + +23 December 2010: Wouter + - Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept. + +21 December 2010: Wouter + - algorithm compromise protection using the algorithms signalled in + the DS record. Also, trust anchors, DLV, and RFC5011 receive this, + and thus, if you have multiple algorithms in your trust-anchor-file + then it will now behave different than before. Also, 5011 rollover + for algorithms needs to be double-signature until the old algorithm + is revoked. + It is not an option, because I see no use to turn the security off. + - iana portlist updated. + +17 December 2010: Wouter + - squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them). + - fix validation in this case: CNAME to nodata for co-hosted opt-in + NSEC3 insecure delegation, was bogus, fixed to be insecure. + +16 December 2010: Wouter + - Fix our 'BDS' license (typo reported by Xavier Belanger). + +10 December 2010: Wouter + - iana portlist updated. + - review changes for unbound-anchor. + +2 December 2010: Wouter + - feature typetransparent localzone, does not block other RR types. + +1 December 2010: Wouter + - Fix bug#338: print address when socket creation fails. + +30 November 2010: Wouter + - Fix storage of EDNS failures in the infra cache. + - iana portlist updated. + +18 November 2010: Wouter + - harden-below-nxdomain option, default off (because very old + software may be incompatible). We could enable it by default in + the future. + +17 November 2010: Wouter + - implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN. + - make test output nicer. + +15 November 2010: Wouter + - silence 'tcp connect: broken pipe' and 'net down' at low verbosity. + - iana portlist updated. + - so-sndbuf option for very busy servers, a bit like so-rcvbuf. + +9 November 2010: Wouter + - unbound-anchor compiles with openssl 0.9.7. + +8 November 2010: Wouter + - release tag 1.4.7. + - trunk is version 1.4.8. + - Be lenient and accept imgw.pl malformed packet (like BIND). + +5 November 2010: Wouter + - do not synthesize a CNAME message from cache for qtype DS. + +4 November 2010: Wouter + - Use central entropy to seed threads. + +3 November 2010: Wouter + - Change the rtt used to probe EDNS-timeout hosts to 1000 msec. + +2 November 2010: Wouter + - tag 1.4.7rc1. + - code review. + +1 November 2010: Wouter + - GOST code enabled by default (RFC 5933). + +27 October 2010: Wouter + - Fix uninit value in dump_infra print. + - Fix validation failure for parent and child on same server with an + insecure childzone and a CNAME from parent to child. + - Configure detects libev-4.00. + +26 October 2010: Wouter + - dump_infra and flush_infra commands for unbound-control. + - no timeout backoff if meanwhile a query succeeded. + - Change of timeout code. No more lost and backoff in blockage. + At 12sec timeout (and at least 2x lost before) one probe per IP + is allowed only. At 120sec, the IP is blocked. After 15min, a + 120sec entry has a single retry packet. + +25 October 2010: Wouter + - Configure errors if ldns is not found. + +22 October 2010: Wouter + - Windows 7 fix for the installer. + +21 October 2010: Wouter + - Fix bug where fallback_tcp causes wrong roundtrip and edns + observation to be noted in cache. Fix bug where EDNSprobe halted + exponential backoff if EDNS status unknown. + - new unresponsive host method, exponentially increasing block backoff. + - iana portlist updated. + +20 October 2010: Wouter + - interface automatic works for some people with ip6 disabled. + Therefore the error check is removed, so they can use the option. + +19 October 2010: Wouter + - Fix for request list growth, if a server has long timeout but the + lost counter is low, then its effective rtt is the one without + exponential backoff applied. Because the backoff is not working. + The lost counter can then increase and the server is blacklisted, + or the lost counter does not increase and the server is working + for some queries. + +18 October 2010: Wouter + - iana portlist updated. + +13 October 2010: Wouter + - Fix TCP so it uses a random outgoing-interface. + - unbound-anchor handles ADDPEND keystate. + +11 October 2010: Wouter + - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where + the zone has a secure delegation hosted on the same server did not + verify as secure (it was insecure by mistake). + - iana portlist updated. + - ldns tarball updated (for reading cachedumps with bad RR data). + +1 October 2010: Wouter + - test for unbound-anchor. fix for reading certs. + - Fix alloc_reg_release for longer uptime in out of memory conditions. + +28 September 2010: Wouter + - unbound-anchor working, it creates or updates a root.key file. + Use it before you start the validator (e.g. at system boot time). + +27 September 2010: Wouter + - iana portlist updated. + +24 September 2010: Wouter + - bug#329: in example.conf show correct ipv4 link-local 169.254/16. + +23 September 2010: Wouter + - unbound-anchor app, unbound requires libexpat (xml parser library). + +22 September 2010: Wouter + - compliance with draft-ietf-dnsop-default-local-zones-14, removed + reverse ipv6 orchid prefix from builtin list. + - iana portlist updated. + +17 September 2010: Wouter + - DLV has downgrade protection again, because the RFC says so. + - iana portlist updated. + +16 September 2010: Wouter + - Algorithm rollover operational reality intrudes, for trust-anchor, + 5011-store, and DLV-anchor if one key matches it's good enough. + - iana portlist updated. + - Fix reported validation error in out of memory condition. + +15 September 2010: Wouter + - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. + +14 September 2010: Wouter + - increased mesh-max-activation from 1000 to 3000 for crazy domains + like _tcp.slb.com with 262 servers. + - iana portlist updated. + +13 September 2010: Wouter + - bug#327: Fix for cannot access stub zones until the root is primed. + +9 September 2010: Wouter + - unresponsive servers are not completely blacklisted (because of + firewalls), but also not probed all the time (because of the request + list size it generates). The probe rate is 1%. + - iana portlist updated. + +20 August 2010: Wouter + - openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled. + iterator get_mem includes priv_get_mem. delegpt nodup removed. + listen_pushback, query_info_allocqname, write_socket, send_packet, + comm_point_set_cb_arg and listen_resume removed. + +19 August 2010: Wouter + - Fix bug#321: resolution of rs.ripe.net artifacts with 0x20. + Delegpt structures checked for duplicates always. + No more nameserver lookups generated when depth is full anyway. + - example.conf notes how to do DNSSEC validation and track the root. + - iana portlist updated. + +18 August 2010: Wouter + - Fix bug#322: configure does not respect CFLAGS on Solaris. + Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line + if use sun-cc, but some systems need different flags. + +16 August 2010: Wouter + - Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP + changes, uses m4_bpatsubst now. + - make test (or make check) should be more portable and run the unit + test and testbound scripts. (make longtest has special requirements). + +13 August 2010: Wouter + - More pleasant remote control command parsing. + - documentation added for return values reported by doxygen 1.7.1. + - iana portlist updated. + +9 August 2010: Wouter + - Fix name of rrset printed that failed validation. + +5 August 2010: Wouter + - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. + +4 August 2010: Wouter + - Fix validation in case a trust anchor enters into a zone with + unsupported algorithms. + +3 August 2010: Wouter + - updated ldns tarball with bugfixes. + - release tag 1.4.6. + - trunk becomes 1.4.7 develop. + - iana portlist updated. + +22 July 2010: Wouter + - more error details on failed remote control connection. + +15 July 2010: Wouter + - rlimit adjustments for select and ulimit can happen at the same time. + +14 July 2010: Wouter + - Donation text added to README. + - Fix integer underflow in prefetch ttl creation from cache. This + fixes a potential negative prefetch ttl. + +12 July 2010: Wouter + - Changed the defaults for num-queries-per-thread/outgoing-range. + For builtin-select: 512/960, for libevent 1024/4096 and for + windows 24/48 (because of win api). This makes the ratio this way + to improve resilience under heavy load. For high performance, use + libevent and possibly higher numbers. + +10 July 2010: Wouter + - GOST enabled if SSL is recent and ldns has GOST enabled too. + - ldns tarball updated. + +9 July 2010: Wouter + - iana portlist updated. + - Fix validation of qtype DNSKEY when a key-cache entry exists but + no rr-cache entry is used (it expired or prefetch), it then goes + back up to the DS or trust-anchor to validate the DNSKEY. + +7 July 2010: Wouter + - Neat function prototypes, unshadowed local declarations. + +6 July 2010: Wouter + - failure to chown the pidfile is not fatal any more. + - testbound uses UTC timezone. + - ldns tarball updated (ports and works on Minix 3.1.7). On Minix, add + /usr/gnu/bin to PATH, use ./configure AR=/usr/gnu/bin/gar and gmake. + +5 July 2010: Wouter + - log if a server is skipped because it is on the donotquery list, + at verbosity 4, to enable diagnosis why no queries to 127.0.0.1. + - added feature to print configure date, target and options with -h. + - added feature to print event backend system details with -h. + - wdiff is not actually required by make test, updated requirements. + +1 July 2010: Wouter + - Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex + must be signed with all algorithms from the DS rrset at the parent. + This is now checked and becomes bogus if not. + +28 June 2010: Wouter + - Fix jostle list bug found by Vince (luoce@cnnic), it caused the qps + in overload situations to be about 5 qps for the class of shortly + serviced queries. + The capacity of the resolver is then about (numqueriesperthread / 2) + / (average time for such long queries) qps for long queries. + And about (numqueriesperthread / 2)/(jostletimeout in whole seconds) + qps for short queries, per thread. + - Fix the max number of reply-address count to be applied for duplicate + queries, and not for new query list entries. This raises the memory + usage to a max of (16+1)*numqueriesperthread reply addresses. + +25 June 2010: Wouter + - Fix handling of corner case reply from lame server, follows rfc2308. + It could lead to a nodata reply getting into the cache if the search + for a non-lame server turned up other misconfigured servers. + - unbound.h has extern "C" statement for easier include in c++. + +23 June 2010: Wouter + - iana portlist updated. + - makedist upgraded cross compile openssl option, like this: + ./makedist.sh -s -wssl openssl-1.0.0a.tar.gz -w --enable-gost + +22 June 2010: Wouter + - Unbound reports libev or libevent correctly in logs in verbose mode. + - Fix to unload gost dynamic library module for leak testing. + +18 June 2010: Wouter + - iana portlist updated. + +17 June 2010: Wouter + - Add AAAA to root hints for I.ROOT-SERVERS.NET. + +16 June 2010: Wouter + - Fix assertion failure reported by Kai Storbeck from XS4ALL, the + assertion was wrong. + - updated ldns tarball. + +15 June 2010: Wouter + - tag 1.4.5 created. + - trunk contains 1.4.6 in development. + - Fix TCPreply on systems with no writev, if just 1 byte could be sent. + - Fix to use one pointer less for iterator query state store_parent_NS. + - makedist crosscompile to windows uses builtin ldns not host ldns. + - Max referral count from 30 to 130, because 128 one character domains + is valid DNS. + - added documentation for the histogram printout to syslog. + +11 June 2010: Wouter + - When retry to parent the retrycount is not wiped, so failed + nameservers are not tried again. + - iana portlist updated. + +10 June 2010: Wouter + - Fix bug where a long loop could be entered, now cycle detection + has a loop-counter and maximum search amount. + +4 June 2010: Wouter + - iana portlist updated. + - 1.4.5rc1 tag created. + +3 June 2010: Wouter + - ldns tarball updated, 1.6.5. + - review comments, split dependency cycle tracking for parentside + last resort lookups for A and AAAA so there are more lookup options. + +2 June 2010: Wouter + - Fix compile warning if compiled without threads. + - updated ldns-tarball with current ldns svn (pre 1.6.5). + - GOST disabled-by-default, the algorithm number is allocated but the + RFC is still has to pass AUTH48 at the IETF. + +1 June 2010: Wouter + - Ignore Z flag in incoming messages too. + - Fix storage of negative parent glue if that last resort fails. + - libtoolize 2.2.6b, autoconf 2.65 applied to configure. + - new splint flags for newer splint install. + +31 May 2010: Wouter + - Fix AD flag handling, it could in some cases mistakenly copy the AD + flag from upstream servers. + - alloc_special_obtain out of memory is not a fatal error any more, + enabling unbound to continue longer in out of memory conditions. + - parentside names are dispreferred but not said to be dnssec-lame. + - parentside check for cached newname glue. + - fix parentside and querytargets modulestate, for dump_requestlist. + - unbound-control-setup makes keys -rw-r--- so not all users permitted. + - fix parentside from cache to be marked dispreferred for bad names. + +28 May 2010: Wouter + - iana portlist updated. + - parent-child disagreement approach altered. Older fixes are + removed in place of a more exhaustive search for misconfigured data + available via the parent of a delegation. + This is designed to be throttled by cache entries, with TTL from the + parent if possible. Additionally the loop-counter is used. + It also tests for NS RRset differences between parent and child. + The fetch of misconfigured data should be more reliable and thorough. + It should work reliably even with no or only partial data in cache. + Data received from the child (as always) is deemed more + authoritative than information received from the delegation parent. + The search for misconfigured data is not performed normally. + +26 May 2010: Wouter + - Contribution from Migiel de Vos (Surfnet): nagios patch for + unbound-host, in contrib/ (in the source tarball). Makes + unbound-host suitable for monitoring dnssec(-chain) status. + +21 May 2010: Wouter + - EDNS timeout code will not fire if EDNS status already known. + - EDNS failure not stored if EDNS status known to work. + +19 May 2010: Wouter + - Fix resolution for domains like safesvc.com.cn. If the iterator + can not recurse further and it finds the delegation in a state + where it would otherwise have rejected it outhand if so received + from a cache lookup, then it can try to ask higherup (with loop + protection). + - Fix comments in iter_utils:dp_is_useless. + +18 May 2010: Wouter + - Fix various compiler warnings from the clang llvm compiler. + - iana portlist updated. + +6 May 2010: Wouter + - Fix bug#308: spelling error in variable name in parser and lexer. + +4 May 2010: Wouter + - Fix dnssec-missing detection that was turned off by server selection. + - Conforms to draft-ietf-dnsop-default-local-zones-13. Added default + reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa, + 113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa. + +29 April 2010: Wouter + - Fix for dnssec lameness detection to use the key cache. + - infra cache entries that are expired are wiped clean. Previously + it was possible to not expire host data (if accessed often). + +28 April 2010: Wouter + - ldns tarball updated and GOST support is detected and then enabled. + - iana portlist updated. + - Fix detection of gost support in ldns (reported by Chris Smith). + +27 April 2010: Wouter + - unbound-control get_option domain-insecure shows config file items. + - fix retry sequence if prime hints are recursion-lame. + - autotrust anchor file can be initialized with a ZSK key as well. + - harden-referral-path does not result in failures due to max-depth. + You can increase the max-depth by adding numbers (' 0') after the + target-fetch-policy, this increases the depth to which is checked. + +26 April 2010: Wouter + - Compile fix using Sun Studio 12 compiler on Solaris 5.9, use + CPPFLAGS during configure process. + - if libev is installed on the base system (not libevent), detect + it from the event.h header file and link with -lev. + - configlexer.lex gets config.h, and configyyrename.h added by make, + no more double include. + - More strict scrubber (Thanks to George Barwood for the idea): + NS set must be pertinent to the query (qname subdomain nsname). + - Fix bug#307: In 0x20 backoff fix fallback so the number of + outstanding queries does not become -1 and block the request. + Fixed handling of recursion-lame in combination with 0x20 fallback. + Fix so RRsets are compared canonicalized and sorted if the immediate + comparison fails, this makes it work around round-robin sites. + +23 April 2010: Wouter + - Squelch log message: sendto failed permission denied for + 255.255.255.255, it is visible in VERB_DETAIL (verbosity 2). + - Fix to fetch data as last resort more tenaciously. When cycle + targets cause the server selection to believe there are more options + when they really are not there, the server selection is reinitiated. + - Fix fetch from blacklisted dnssec lame servers as last resort. The + server's IP address is then given in validator errors as well. + - Fix local-zone type redirect that did not use the query name for + the answer rrset. + +22 April 2010: Wouter + - tag 1.4.4. + - trunk contains 1.4.5 in development. + - Fix validation failure for qtype ANY caused by a RRSIG parse failure. + The validator error message was 'no signatures from ...'. + +16 April 2010: Wouter + - more portability defines for CMSG_SPACE, CMSG_ALIGN, CMSG_LEN. + - tag 1.4.4rc1. + +15 April 2010: Wouter + - ECC-GOST algorithm number 12 that is assigned by IANA. New test + example key and signatures for GOST. GOST requires openssl-1.0.0. + GOST is still disabled by default. + +9 April 2010: Wouter + - Fix bug#305: pkt_dname_tolower could read beyond end of buffer or + get into an endless loop, if 0x20 was enabled, and buffers are small + or particular broken packets are received. + - Fix chain of trust with CNAME at an intermediate step, for the DS + processing proof. + +8 April 2010: Wouter + - Fix validation of queries with wildcard names (*.example). + +6 April 2010: Wouter + - Fix EDNS probe for .de DNSSEC testbed failure, where the infra + cache timeout coincided with a server update, the current EDNS + backoff is less sensitive, and does not cache the backoff unless + the backoff actually works and the domain is not expecting DNSSEC. + - GOST support with correct algorithm numbers. + +1 April 2010: Wouter + - iana portlist updated. + +24 March 2010: Wouter + - unbound control flushed items are not counted when flushed again. + +23 March 2010: Wouter + - iana portlist updated. + +22 March 2010: Wouter + - unbound-host disables use-syslog from config file so that the + config file for the main server can be used more easily. + - fix bug#301: unbound-checkconf could not parse interface + '0.0.0.0@5353', even though unbound itself worked fine. + +19 March 2010: Wouter + - fix fwd_ancil test to pass if the socket options are not supported. + +18 March 2010: Wouter + - Fixed random numbers for port, interface and server selection. + Removed very small bias. + - Refer to the listing in unbound-control man page in the extended + statistics entry in the unbound.conf man page. + +16 March 2010: Wouter + - Fix interface-automatic for OpenBSD: msg.controllen was too small, + also assertions on ancillary data buffer. + - check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO. + - for NSEC3 check if signatures are cached. + +15 March 2010: Wouter + - unit test for util/regional.c. + +12 March 2010: Wouter + - Reordered configure checks so fork and -lnsl -lsocket checks are + earlier, and thus later checks benefit from and do not hinder them. + - iana portlist updated. + - ldns tarball updated. + - Fix python use when multithreaded. + - Fix solaris python compile. + - Include less in config.h and include per code file for ldns, ssl. + +11 March 2010: Wouter + - another memory allocation option: --enable-alloc-nonregional. + exposes the regional allocations to other memory purifiers. + - fix for memory alignment in struct sock_list allocation. + - Fix for MacPorts ldns without ssl default, unbound checks if ldns + has dnssec functionality and uses the builtin if not. + - Fix daemonize on Solaris 10, it did not detach from terminal. + - tag 1.4.3 created. + - trunk is 1.4.4 in development. + - spelling fix in validation error involving cnames. + +10 March 2010: Wouter + - --enable-alloc-lite works with test set. + - portability in the testset: printf format conversions, prototypes. + +9 March 2010: Wouter + - tag 1.4.2 created. + - trunk is 1.4.3 in development. + - --enable-alloc-lite debug option. + +8 March 2010: Wouter + - iana portlist updated. + +4 March 2010: Wouter + - Fix crash in control channel code. + +3 March 2010: Wouter + - better casts in pipe code, brackets placed wrongly. + - iana portlist updated. + +1 March 2010: Wouter + - make install depends on make all. + - Fix 5011 auto-trust-anchor-file initial read to skip RRSIGs. + - --enable-checking: enables assertions but does not look nonproduction. + - nicer VERB_DETAIL (verbosity 2, unbound-host -d) output, with + nxdomain and nodata distinguished. + - ldns tarball updated. + - --disable-rpath fixed for libtool not found errors. + - new fedora specfile from Fedora13 in contrib from Paul Wouters. + +26 February 2010: Wouter + - Fixup prototype for lexer cleanup in daemon code. + - unbound-control list_stubs, list_forwards, list_local_zones and + list_local_data. + +24 February 2010: Wouter + - Fix scrubber bug that potentially let NS records through. Reported + by Amanda Constant. + - Also delete potential poison references from additional. + - Fix: no classification of a forwarder as lame, throw away instead. + +23 February 2010: Wouter + - libunbound ub_ctx_get_option() added. + - unbound-control set_option and get_option commands. + - iana portlist updated. + +18 February 2010: Wouter + - A little more strict DS scrubbing. + - No more blacklisting of unresponsive servers, a 2 minute timeout + is backed off to. + - RD flag not enabled for dnssec-blacklisted tries, unless necessary. + - pickup ldns compile fix, libdl for libcrypto. + - log 'tcp connect: connection timed out' only in high verbosity. + - unbound-control log_reopen command. + - moved get_option code from unbound-checkconf to util/config_file.c + +17 February 2010: Wouter + - Disregard DNSKEY from authority section for chain of trust. + DS records that are irrelevant to a referral scrubbed. Anti-poison. + - iana portlist updated. + +16 February 2010: Wouter + - Check for 'no space left on device' (or other errors) when + writing updated autotrust anchors and print errno to log. + +15 February 2010: Wouter + - Fixed the requery protection, the TTL was 0, it is now 900 seconds, + hardcoded. We made the choice to send out more conservatively, + protecting against an aggregate effect more than protecting a + single user (from their own folly, perhaps in case of misconfig). + +12 February 2010: Wouter + - Re-query pattern changed on validation failure. To protect troubled + authority servers, unbound caches a failure for the DNSKEY or DS + records for the entire zone, and only retries that 900 seconds later. + This implies that only a handful of packets are sent extra to the + authority if the zone fails. + +11 February 2010: Wouter + - ldns tarball update for long label length syntax error fix. + - iana portlist updated. + +9 February 2010: Wouter + - Fixup in compat snprintf routine, %f 1.02 and %g support. + - include math.h for testbound test compile portability. + +2 February 2010: Wouter + - Updated url of IANA itar, interim trust anchor repository, in script. + +1 February 2010: Wouter + - iana portlist updated. + - configure test for memcmp portability. + +27 January 2010: Wouter + - removed warning on format string in validator error log statement. + - iana portlist updated. + +22 January 2010: Wouter + - libtool finish the install of unbound python dynamic library. + +21 January 2010: Wouter + - acx_nlnetlabs.m4 synchronised with nsd's version. + +20 January 2010: Wouter + - Fixup lookup trouble for parent-child domains on the first query. + +14 January 2010: Wouter + - Fixup ldns detection to also check for header files. + +13 January 2010: Wouter + - prefetch-key option that performs DNSKEY queries earlier in the + validation process, and that could halve the latency on DNSSEC + queries. It takes some extra processing (CPU, a cache is needed). + +12 January 2010: Wouter + - Fix unbound-checkconf for auto-trust-anchor-file present checks. + +8 January 2010: Wouter + - Fix for parent-child disagreement code which could have trouble + when (a) ipv6 was disabled and (b) the TTL for parent and child + were different. There were two bugs, the parent-side information + is fixed to no longer block lookup of child side information and + the iterator is fixed to no longer attempt to get ipv6 when it is + not enabled and then give up in failure. + - test and fixes to make prefetch actually store the answer in the + cache. Considers some rrsets 'already expired' but does not allow + overwriting of rrsets considered more secure. + +7 January 2010: Wouter + - Fixup python documentation (thanks Leo Vandewoestijne). + - Work on cache prefetch feature. + - Stats for prefetch, in log print stats, unbound-control stats + and in unbound_munin plugin. + +6 January 2010: Wouter + - iana portlist updated. + - bug#291: DNS wireformat max is 255. dname_valid allowed 256 length. + - verbose output includes parent-side-address notion for lameness. + - documented val-log-level: 2 setting in example.conf and man page. + - change unbound-control-setup from 1024(sha1) to 1536(sha256). + +1 January 2010: Wouter + - iana portlist updated. + +22 December 2009: Wouter + - configure with newer libtool 2.2.6b. + +17 December 2009: Wouter + - review comments. + - tag 1.4.1. + - trunk to version 1.4.2. + +15 December 2009: Wouter + - Answer to qclass=ANY queries, with class IN contents. + Test that validation also works. + - updated ldns snapshot tarball with latest fixes (parsing records). + +11 December 2009: Wouter + - on IPv4 UDP turn off DF flag. + +10 December 2009: Wouter + - requirements.txt updated with design choice explanations. + - Reading fixes: fix to set unlame when child confirms parent glue, + and fix to avoid duplicate addresses in delegation point. + - verify_rrsig routine checks expiration last. + +9 December 2009: Wouter + - Fix Bug#287(reopened): update of ldns tarball with fix for parse + errors generated for domain names like '.example.com'. + - Fix SOA excluded from negative DS responses. Reported by Hauke + Lampe. The negative cache did not include proper SOA records for + negative qtype DS responses which makes BIND barf on it, such + responses are now only used internally. + - Fix negative cache lookup of closestencloser check of DS type bit. + +8 December 2009: Wouter + - Fix for lookup of parent-child disagreement domains, where the + parent-side glue works but it does not provide proper NS, A or AAAA + for itself, fixing domains such as motorcaravanners.eu. + - Feature: you can specify a port number in the interface: line, so + you can bind the same interface multiple times at different ports. + +7 December 2009: Wouter + - Bug#287: Fix segfault when unbound-control remove nonexistent local + data. Added check to tests. + +1 December 2009: Wouter + - Fix crash with module-config "iterator". + - Added unit test that has "iterator" module-config. + +30 November 2009: Wouter + - bug#284: fix parse of # without end-of-line at end-of-file. + +26 November 2009: Wouter + - updated ldns with release candidate for version 1.6.3. + - tag for 1.4.0 release. + - 1.4.1 version in trunk. + - Fixup major libtool version to 2 because of why_bogus change. + It was 1:5:0 but should have been 2:0:0. + +23 November 2009: Wouter + - Patch from David Hubbard for libunbound manual page. + - Fixup endless spinning in unbound-control stats reported by + Attila Nagy. Probably caused by clock reversal. + +20 November 2009: Wouter + - contrib/split-itar.sh contributed by Tom Hendrikx. + +19 November 2009: Wouter + - better argument help for unbound-control. + - iana portlist updated. + +17 November 2009: Wouter + - noted multiple entries for multiple domain names in example.conf. + - iana portlist updated. + +16 November 2009: Wouter + - Fixed signer detection of CNAME responses without signatures. + - Fix#282 libunbound memleak on error condition by Eric Sesterhenn. + - Tests for CNAMEs to deeper trust anchors, secure and bogus. + - svn tag 1.4.0rc1 made. + +13 November 2009: Wouter + - Fixed validation failure for CNAME to optout NSEC3 nodata answer. + - unbound-host does not fail on type ANY. + - Fixed wireparse failure to put RRSIGs together with data in some + long ANY mix cases, which fixes validation failures. + +12 November 2009: Wouter + - iana portlist updated. + - fix manpage errors reported by debian lintian. + - review comments. + - fixup very long vallog2 level error strings. + +11 November 2009: Wouter + - ldns tarball updated (to 1.6.2). + - review comments. + +10 November 2009: Wouter + - Thanks to Surfnet found bug in new dnssec-retry code that failed + to combine well when combined with DLV and a particular failure. + - Fixed unbound-control -h output about argument optionality. + - review comments. + +5 November 2009: Wouter + - lint fixes and portability tests. + - better error text for multiple domain keys in one autotrust file. + +2 November 2009: Wouter + - Fix bug where autotrust does not work when started with a DS. + - Updated GOST unit tests for unofficial algorithm number 249 + and DNSKEY-format changes in draft version -01. + +29 October 2009: Wouter + - iana portlist updated. + - edns-buffer-size option, default 4096. + - fixed do-udp: no. + +28 October 2009: Wouter + - removed abort on prealloc failure, error still printed but softfail. + - iana portlist updated. + - RFC 5702: RSASHA256 and RSASHA512 support enabled by default. + - ldns tarball updated (which also enables rsasha256 support). + +27 October 2009: Wouter + - iana portlist updated. + +8 October 2009: Wouter + - please doxygen + - add val-log-level print to corner case (nameserver.epost.bg). + - more detail to errors from insecure delegation checks. + - Fix double time subtraction in negative cache reported by + Amanda Constant and Hugh Mahon. + - Made new validator error string available from libunbound for + applications. It is in result->why_bogus, a zero-terminated string. + unbound-host prints it by default if a result is bogus. + Also the errinf is public in module_qstate (for other modules). + +7 October 2009: Wouter + - retry for validation failure in DS and prime results. Less mem use. + unit test. Provisioning in other tests for requeries. + - retry for validation failure in DNSKEY in middle of chain of trust. + unit test. + - retry for empty non terminals in chain of trust and unit test. + - Fixed security bug where the signatures for NSEC3 records were not + checked when checking for absence of DS records. This could have + enabled the substitution of an insecure delegation. + - moved version number to 1.4.0 because of 1.3.4 release with only + the NSEC3 patch from the entry above. + - val-log-level: 2 shows extended error information for validation + failures, but still one (longish) line per failure. For example: + validation failure <example.com. DNSKEY IN>: signature expired from + 192.0.2.4 for trust anchor example.com. while building chain of trust + validation failure <www.example.com. A IN>: no signatures from + 192.0.2.6 for key example.com. while building chain of trust + +6 October 2009: Wouter + - Test set updated to provide additional ns lookup result. + The retry would attempt to fetch the data from other nameservers + for bogus data, and this needed to be provisioned in the tests. + +5 October 2009: Wouter + - first validation failure retry code. Retries for data failures. + And unit test. + +2 October 2009: Wouter + - improve 5011 modularization. + - fix unbound-host so -d can be given before -C. + - iana portlist updated. + +28 September 2009: Wouter + - autotrust-anchor-file can read multiline input and $ORIGIN. + - prevent integer overflow in holddown calculation. review fixes. + - fixed race condition in trust point revocation. review fix. + - review fixes to comments, removed unused code. + +25 September 2009: Wouter + - so-rcvbuf: 4m option added. Set this on large busy servers to not + drop the occasional packet in spikes due to full socket buffers. + netstat -su keeps a counter of UDP dropped due to full buffers. + - review of validator/autotrust.c, small fixes and comments. + +23 September 2009: Wouter + - 5011 query failed counts verification failures, not lookup failures. + - 5011 probe failure handling fixup. + - test unbound reading of original autotrust data. + The metadata per-key, such as key state (PENDING, MISSING, VALID) is + picked up, otherwise performs initial probe like usual. + +22 September 2009: Wouter + - autotrust test with algorithm rollover, new ordering of checks + assists in orderly rollover. + - autotrust test with algorithm rollover to unknown algorithm. + checks if new keys are supported before adding them. + - autotrust test with trust point revocation, becomes unsigned. + - fix DNSSEC-missing-signature detection for minimal responses + for qtype DNSKEY (assumes DNSKEY occurs at zone apex). + +18 September 2009: Wouter + - autotrust tests, fix trustpoint timer deletion code. + fix count of valid anchors during missing remove. + - autotrust: pick up REVOKE even if not signed with known other keys. + +17 September 2009: Wouter + - fix compile of unbound-host when --enable-alloc-checks. + - Fix lookup problem reported by Koh-ichi Ito and Jaap Akkerhuis. + - Manual page fixes reported by Tony Finch. + +16 September 2009: Wouter + - Fix memory leak reported by Tao Ma. + - Fix memstats test tool for log-time-ascii log format. + +15 September 2009: Wouter + - iana portlist updated. + +10 September 2009: Wouter + - increased MAXSYSLOGLEN so .bg key can be printed in debug output. + - use linebuffering for log-file: output, this can be significantly + faster than the previous fflush method and enable some class of + resolvers to use high verbosity (for short periods). + Not on windows, because line buffering does not work there. + +9 September 2009: Wouter + - Fix bug where DNSSEC-bogus messages were marked with too high TTL. + The RRsets would still expire at the normal time, but this would + keep messages bogus in the cache for too long. + - regression test for that bug. + - documented that load_cache is meant for debugging. + +8 September 2009: Wouter + - fixup printing errors when load_cache, they were printed to the + SSL connection which broke, now to the log. + - new ldns - with fixed parse of large SOA values. + +7 September 2009: Wouter + - autotrust testbound scenarios. + - autotrust fix that failure count is written to file. + - autotrust fix that keys may become valid after add holddown time + alone, before the probe returns. + +4 September 2009: Wouter + - Changes to make unbound work with libevent-2.0.3 alpha. (in + configure detection due to new ssl dependency in libevent) + - do not call sphinx for documentation when python is disabled. + - remove EV_PERSIST from libevent timeout code to make the code + compatible with the libevent-2.0. Works with older libevent too. + - fix memory leak in python code. + +3 September 2009: Wouter + - Got a patch from Luca Bruno for libunbound support on windows to + pick up the system resolvconf nameservers and hosts there. + - included ldns updated (enum warning fixed). + - makefile fix for parallel makes. + - Patch from Zdenek Vasicek and Attila Nagy for using the source IP + from python scripts. See pythonmod/examples/resip.py. + - doxygen comment fixes. + +2 September 2009: Wouter + - TRAFFIC keyword for testbound. Simplifies test generation. + ${range lower val upper} to check probe timeout values. + - test with 5011-prepublish rollover and revocation. + - fix revocation of RR for autotrust, stray exclamation mark. + +1 September 2009: Wouter + - testbound variable arithmetic. + - autotrust probe time is randomised. + - autotrust: the probe is active and does not fetch from cache. + +31 August 2009: Wouter + - testbound variable processing. + +28 August 2009: Wouter + - fixup unbound-control lookup to print forward and stub servers. + +27 August 2009: Wouter + - autotrust: mesh answer callback is empty. + +26 August 2009: Wouter + - autotrust probing. + - iana portlist updated. + +25 August 2009: Wouter + - fixup memleak in trust anchor unsupported algorithm check. + - iana portlist updated. + - autotrust options: add-holddown, del-holddown, keep-missing. + - autotrust store revoked status of trust points. + - ctime_r compat definition. + - detect yylex_destroy() in configure. + - detect SSL_get_compression_methods declaration in configure. + - fixup DS lookup at anchor point with unsigned parent. + - fixup DLV lookup for DS queries to unsigned domains. + +24 August 2009: Wouter + - cleaner memory allocation on exit. autotrust test routines. + - free all memory on program exit, fix for ssl and flex. + +21 August 2009: Wouter + - autotrust: debug routines. Read,write and conversions work. + +20 August 2009: Wouter + - autotrust: save and read trustpoint variables. + +19 August 2009: Wouter + - autotrust: state table updates. + - iana portlist updated. + +17 August 2009: Wouter + - autotrust: process events. + +17 August 2009: Wouter + - Fix so that servers are only blacklisted if they fail to reply + to 16 queries in a row and the timeout gets above 2 minutes. + - autotrust work, split up DS verification of DNSKEYs. + +14 August 2009: Wouter + - unbound-control lookup prints out infra cache information, like RTT. + - Fix bug in DLV lookup reported by Amanda from Secure64. + It could sometimes wrongly classify a domain as unsigned, which + does not give the AD bit on replies. + +13 August 2009: Wouter + - autotrust read anchor files. locked trust anchors. + +12 August 2009: Wouter + - autotrust import work. + +11 August 2009: Wouter + - Check for openssl compatible with gost if enabled. + - updated unit test for GOST=211 code. + Nicer naming of test files. + - iana portlist updated. + +7 August 2009: Wouter + - call OPENSSL_config() in unbound and unit test so that the + operator can use openssl.cnf for configuration options. + - removed small memory leak from config file reader. + +6 August 2009: Wouter + - configure --enable-gost for GOST support, experimental + implementation of draft-dolmatov-dnsext-dnssec-gost-01. + - iana portlist updated. + - ldns tarball updated (with GOST support). + +5 August 2009: Wouter + - trunk moved to 1.3.4. + +4 August 2009: Wouter + - Added test that the examples from draft rsasha256-14 verify. + - iana portlist updated. + - tagged 1.3.3 + +3 August 2009: Wouter + - nicer warning when algorithm not supported, tells you to upgrade. + - iana portlist updated. + +27 July 2009: Wouter + - Updated unbound-cacti contribution from Dmitriy Demidov, with + the queue statistics displayed in its own graph. + - iana portlist updated. + +22 July 2009: Wouter + - Fix bug found by Michael Tokarev where unbound would try to + prime the root servers even though forwarders are configured for + the root. + - tagged 1.3.3rc1 + +21 July 2009: Wouter + - Fix server selection, so that it waits for open target queries when + faced with lameness. + +20 July 2009: Wouter + - Ignore transient sendto errors, no route to host, and host, net down. + - contrib/update-anchor.sh has -r option for root-hints. + - feature val-log-level: 1 prints validation failures so you can + keep track of them during dnssec deployment. + +16 July 2009: Wouter + - fix replacement malloc code. Used in crosscompile. + - makedist -w creates crosscompiled setup.exe on fedora11. + +15 July 2009: Wouter + - dependencies for compat items, for crosscompile. + - mingw32 crosscompile changes, dependencies and zipfile creation. + and with System.dll from the windows NSIS you can make setup.exe. + - package libgcc_s_sjlj exception handler for NSISdl.dll. + +14 July 2009: Wouter + - updated ldns tarball for solaris x64 compile assistance. + - no need to define RAND_MAX from config.h. + - iana portlist updated. + - configure changes and ldns update for mingw32 crosscompile. + +13 July 2009: Wouter + - Fix for crash at start on windows. + - tag for release 1.3.2. + - trunk has version 1.3.3. + - Fix for ID bits on windows to use all 16. RAND_MAX was not + defined like you'd expect on mingw. Reported by Mees de Roo. + +9 July 2009: Wouter + - tag for release 1.3.1. + - trunk has version 1.3.2. + +7 July 2009: Wouter + - iana portlist updated. + +6 July 2009: Wouter + - prettier error handling in SSL setup. + - makedist.sh uname fix (same as ldns). + - updated fedora spec file. + +3 July 2009: Wouter + - fixup linking when ldnsdir is "". + +30 June 2009: Wouter + - more lenient truncation checks. + +29 June 2009: Wouter + - ldns trunk r2959 imported as tarball, because of solaris cc compile + support for c99. r2960 for better configure. + - better wrongly_truncated check. + - On Linux, fragment IPv6 datagrams to the IPv6 minimum MTU, to + avoid dropped packets at routers. + +26 June 2009: Wouter + - Fix EDNS fallback when EDNS works for short answers but long answers + are dropped. + +22 June 2009: Wouter + - fixup iter priv strict aliasing while preserving size of sockaddr. + - iana portlist updated. (one less port allocated, one more fraction + of a bit for security!) + - updated fedora specfile in contrib from Paul Wouters. + +19 June 2009: Wouter + - Fixup strict aliasing warning in iter priv code. + and config_file code. + - iana portlist updated. + - harden-referral-path: handle cases where NS is in answer section. + +18 June 2009: Wouter + - Fix of message parse bug where (specifically) an NSEC and RRSIG + in the wrong order would be parsed, but put wrongly into internal + structures so that later validation would fail. + - Extreme lenience for wrongly truncated replies where a positive + reply has an NS in the authority but no signatures. They are + turned into minimal responses with only the (secure) answer. + - autoconf 2.63 for configure. + - python warnings suppress. Keep python API away from header files. + +17 June 2009: Wouter + - CREDITS entry for cz.nic, sponsoring a 'summer of code' that was + used for the python code in unbound. (http://www.nic.cz/vip/ in cz). + +16 June 2009: Wouter + - Fixup opportunistic target query generation to it does not + generate queries that are known to fail. + - Touchup on munin total memory report. + - messages picked out of the cache by the iterator are checked + if their cname chain is still correct and if validation status + has to be reexamined. + +15 June 2009: Wouter + - iana portlist updated. + +14 June 2009: Wouter + - Fixed bug where cached responses would lose their security + status on second validation, which especially impacted dlv + lookups. Reported by Hauke Lampe. + +13 June 2009: Wouter + - bug #254. removed random whitespace from example.conf. + +12 June 2009: Wouter + - Fixup potential wrong NSEC picked out of the cache. + - If unfulfilled callbacks are deleted they are called with an error. + - fptr wlist checks for mesh callbacks. + - fwd above stub in configuration works. + +11 June 2009: Wouter + - Fix queries for type DS when forward or stub zones are there. + They are performed to higherup domains, and thus treated as if + going to higher zones when looking up the right forward or stub + server. This makes a stub pointing to a local server that has + a local view of example.com signed with the same keys as are + publicly used work. Reported by Johan Ihren. + - Added build-unbound-localzone-from-hosts.pl to contrib, from + Dennis DeDonatis. It converts /etc/hosts into config statements. + - same thing fixed for forward-zone and DS, chain of trust from + public internet into the forward-zone works now. Added unit test. + +9 June 2009: Wouter + - openssl key files are opened apache-style, when user is root and + before chrooting. This makes permissions on remote-control key + files easier to set up. Fixes bug #251. + - flush_type and flush_name remove msg cache entries. + - codereview - dp copy bogus setting fix. + +8 June 2009: Wouter + - Removed RFC5011 REVOKE flag support. Partial 5011 support may cause + inadvertant behaviour. + - 1.3.0 tarball for release created. + - 1.3.1 development in svn trunk. + - iana portlist updated. + - fix lint from complaining on ldns/sha.h. + - help compiler figure out aliasing in priv_rrset_bad() routine. + - fail to configure with python if swig is not found. + - unbound_munin_ in contrib uses ps to show rss if sbrk does not work. + +3 June 2009: Wouter + - fixup bad free() when wrongly encoded DSA signature is seen. + Reported by Paul Wouters. + - review comments from Matthijs. + +2 June 2009: Wouter + - --enable-sha2 option. The draft rsasha256 changed its algorithm + numbers too often. Therefore it is more prudent to disable the + RSASHA256 and RSASHA512 support by default. + - ldns trunk included as new tarball. + - recreated the 1.3.0 tag in svn. rc1 tarball generated at this point. + +29 May 2009: Wouter + - fixup doc bug in README reported by Matthew Dempsky. + +28 May 2009: Wouter + - update iana port list + - update ldns lib tarball + +27 May 2009: Wouter + - detect lack of IPv6 support on XP (with a different error code). + - Fixup a crash-on-exit which was triggered by a very long queue. + Unbound would try to re-use ports that came free, but this is + of course not really possible because everything is deleted. + Most easily triggered on XP (not Vista), maybe because of the + network stack encouraging large messages backlogs. + - change in debug statements. + - Fixed bug that could cause a crash if root prime failed when there + were message backlogs. + +26 May 2009: Wouter + - Thanks again to Brett Carr, found an assertion that was not true. + Assertion checked if recursion parent query still existed. + +29 April 2009: Wouter + - Thanks to Brett Carr, caught windows resource leak, use + closesocket() and not close() on sockets or else the network stack + starts to leak handles. + - Removed usage of windows Mutex because windows cannot handle enough + mutexes open. Provide own mutex implementation using primitives. + +28 April 2009: Wouter + - created svn tag for 1.3.0. + +27 April 2009: Wouter + - optimised cname from cache. + - ifdef windows functions in testbound. + +23 April 2009: Wouter + - fix for threadsafety in solaris thr_key_create() in tests. + - iana portlist updated. + - fix pylib test for Darwin. + - fix pymod test for Darwin and a python threading bug in pymod init. + - check python >= 2.4 in configure. + - -ldl check for libcrypto 1.0.0beta. + +21 April 2009: Wouter + - fix for build outside sourcedir. + - fix for configure script swig detection. + +17 April 2009: Wouter + - Fix reentrant in minievent handler for unix. Could have resulted + in spurious event callbacks. + - timers do not take up a fd slot for winsock handler. + - faster fix for winsock reentrant check. + - fix rsasha512 unit test for new (interim) algorithm number. + - fix test:ldns doesn't like DOS line endings in keyfiles on unix. + - fix compile warning on ubuntu (configlexer fwrite return value). + - move python include directives into CPPFLAGS instead of CFLAGS. + +16 April 2009: Wouter + - winsock event handler exit very quickly on signal, even if + under heavy load. + - iana portlist updated. + - fixup windows winsock handler reentrant problem. + +14 April 2009: Wouter + - bug #245: fix munin plugin, perform cleanup of stale lockfiles. + - makedist.sh; better help text. + - cache-min-ttl option and tests. + - mingw detect error condition on TCP sockets (NOTCONN). + +9 April 2009: Wouter + - Fix for removal of RSASHA256_NSEC3 protonumber from ldns. + - ldns tarball updated. + - iana portlist update. + - detect GOST support in openssl-1.0.0-beta1, and fix compile problem + because that openssl defines the name STRING for itself. + +6 April 2009: Wouter + - windows compile fix. + - Detect FreeBSD jail without ipv6 addresses assigned. + - python libunbound wrapper unit test. + - installs the following files. Default is to not build them. + from configure --with-pythonmodule: + /usr/lib/python2.x/site-packages/unboundmodule.py + from configure --with-pyunbound: + /usr/lib/python2.x/site-packages/unbound.py + /usr/lib/python2.x/site-packages/_unbound.so* + The example python scripts (pythonmod/examples and + libunbound/python/examples) are not installed. + - python invalidate routine respects packed rrset ids and locks. + - clock skew checks in unbound, config statements. + - nxdomain ttl considerations in requirements.txt + +3 April 2009: Wouter + - Fixed a bug that caused messages to be stored in the cache too + long. Hard to trigger, but NXDOMAINs for nameservers or CNAME + targets have been more vulnerable to the TTL miscalculation bug. + - documentation test fixed for python addition. + +2 April 2009: Wouter + - pyunbound (libunbound python plugin) compiles using libtool. + - documentation for pythonmod and pyunbound is generated in doc/html. + - iana portlist updated. + - fixed bug in unbound-control flush_zone where it would not flush + every message in the target domain. This especially impacted + NXDOMAIN messages which could remain in the cache regardless. + - python module test package. + +1 April 2009: Wouter + - suppress errors when trying to contact authority servers that gave + ipv6 AAAA records for their nameservers with ipv4 mapped contents. + Still tries to do so, could work when deployed in intranet. + Higher verbosity shows the error. + - new libunbound calls documented. + - pyunbound in libunbound/python. Removed compile warnings. + Makefile to make it. + +30 March 2009: Wouter + - Fixup LDFLAGS from libevent sourcedir compile configure restore. + - Fixup so no non-absolute rpaths are added. + - Fixup validation of RRSIG queries, they are let through. + - read /dev/random before chroot + - checkconf fix no python checks when no python module enabled. + - fix configure, pthread first, so other libs do not change outcome. + +27 March 2009: Wouter + - nicer -h output. report linked libraries and modules. + - prints modules in intuitive order (config file friendly). + - python compiles easily on BSD. + +26 March 2009: Wouter + - ignore swig varargs warnings with gcc. + - remove duplicate example.conf text from python example configs. + - outofdir compile fix for python. + - pyunbound works. + - print modules compiled in on -h. manpage. + +25 March 2009: Wouter + - initial import of the python contribution from Zdenek Vasicek and + Marek Vavrusa. + - pythonmod in Makefile; changes to remove warnings/errors for 1.3.0. + +24 March 2009: Wouter + - more neat configure.ac. Removed duplicate config.h includes. + - neater config.h.in. + - iana portlist updated. + - fix util/configlexer.c and solaris -std=c99 flag. + - fix postcommit aclocal errors. + - spaces stripped. Makefile cleaner, /usr omitted from -I, -L, -R. + - swap order of host detect and libtool generation. + +23 March 2009: Wouter + - added launchd plist example file for MacOSX to contrib. + - deprecation test for daemon(3). + - moved common configure actions to m4 include, prettier Makefile. + +20 March 2009: Wouter + - bug #239: module-config entries order is important. Documented. + - build fix for test asynclook. + +19 March 2009: Wouter + - winrc/README.txt dos-format text file. + - iana portlist updated. + - use _beginthreadex() when available (performs stack alignment). + - defaults for windows baked into configure.ac (used if on mingw). + +18 March 2009: Wouter + - Added tests, unknown algorithms become insecure. fallback works. + - Fix for and test for unknown algorithms in a trust anchor + definition. Trust anchors with no supported algos are ignored. + This means a (higher)DS or DLV entry for them could succeed, and + otherwise they are treated as insecure. + - domain-insecure: "example.com" statement added. Sets domain + insecure regardless of chain of trust DSs or DLVs. The inverse + of a trust-anchor. + +17 March 2009: Wouter + - unit test for unsupported algorithm in anchor warning. + - fixed so queries do not fail on opportunistic target queries. + +16 March 2009: Wouter + - fixup diff error printout in contrib/update-itar.sh. + - added contrib/unbound_cacti for statistics support in cacti, + contributed by Dmitriy Demidov. + +13 March 2009: Wouter + - doxygen and lex/yacc on linux. + - strip update-anchor on makedist -w. + - fix testbound on windows. + - default log to syslog for windows. + - uninstaller can stop unbound - changed text on it to reflect that. + - remove debugging from windows 'cron' actions. + +12 March 2009: Wouter + - log to App.logs on windows prints executable identity. + - fixup tests. + - munin plugin fix benign locking error printout. + - anchor-update for windows, called every 24 hours; unbound reloads. + +11 March 2009: Wouter + - winsock event handler resets WSAevents after signalled. + - winsock event handler tests if signals are really signalled. + - install and service with log to file works on XP and Vista on + default install location. + - on windows logging to the Application logbook works (as a service). + - fix RUN_DIR on windows compile setting in makedist. + - windows registry has Software\Unbound\ConfigFile element. + If does not exist, the default is used. The -c switch overrides it. + - fix makedist version cleanup function. + +10 March 2009: Wouter + - makedist -w strips out old rc.. and snapshot info from version. + - setup.exe starts and stops unbound after install, before uninstall. + - unbound-checkconf recognizes absolute pathnames on windows (C:...). + +9 March 2009: Wouter + - Nullsoft NSIS installer creation script. + +5 March 2009: Wouter + - fixup memory leak introduced on 18feb in mesh reentrant fix. + +3 March 2009: Wouter + - combined icon with 16x16(4) 32x32(4) 48x48(8) 64x64(8). + - service works on xp/vista, no config necessary (using defaults). + - windows registry settings. + +2 March 2009: Wouter + - fixup --export-symbols to be -export-symbls for libtool. + This should fix extraneous symbols exported from libunbound. + Thanks to Ondrej Sury and Robert Edmonds for finding it. + - iana portlist updated. + - document FAQ entry on stub/forward zones and default blocking. + - fix asynclook test app for libunbound not exporting symbols. + - service install and remove utils that work with vista UAC. + +27 February 2009: Wouter + - Fixup lexer, to not give warnings about fwrite. Appeared in + new lexer features. + - makedistro functionality for mingw. Has RC support. + - support spaces and backslashes in configured defaults paths. + - register, deregister in service control manager. + +25 February 2009: Wouter + - windres usage for application resources. + +24 February 2009: Wouter + - isc moved their dlv key download location. + - fixup warning on vista/mingw. + - makedist -w for window zip distribution first version. + +20 February 2009: Wouter + - Fixup contrib/update-itar.sh, the exit codes 1 and 0 were swapped. + Nicer script layout. Added url to site in -h output. + +19 February 2009: Wouter + - unbound-checkconf and unbound print warnings when trust anchors + have unsupported algorithms. + - added contrib/update-itar.sh This script is similar to + update-anchor.sh, and updates from the IANA ITAR repository. + You can provide your own PGP key and trust repo, or can use the + builtin. The program uses wget and gpg to work. + - iana portlist updated. + - update-itar.sh: using ftp:// urls because https godaddy certificate + is not available everywhere and then gives fatal errors. The + security is provided by pgp signature. + +18 February 2009: Wouter + - more cycle detection. Also for target queries. + - fixup bug where during deletion of the mesh queries the callbacks + that were reentrant caused assertion failures. Keep the mesh in + a reentrant safe state. Affects libunbound, reload of server, + on quit and flush_requestlist. + - iana portlist updated. + +13 February 2009: Wouter + - forwarder information now per-thread duplicated. + This keeps it read only for speed, with no locking necessary. + - forward command for unbound control to change forwarders to use + on the fly. + - document that unbound-host reads no config file by default. + - updated iana portlist. + +12 February 2009: Wouter + - call setusercontext if available (on BSD). + - small refactor of stats clearing. + - #227: flush_stats feature for unbound-control. + - stats_noreset feature for unbound-control. + - flush_requestlist feature for unbound-control. + - libunbound version upped API (was changed 5 feb). + - unbound-control status shows if root forwarding is in use. + - slightly nicer memory management in iter-fwd code. + +10 February 2009: Wouter + - keys with rfc5011 REVOKE flag are skipped and not considered when + validating data. + - iana portlist updated + - #226: dump_requestlist feature for unbound-control. + +6 February 2009: Wouter + - contrib contains specfile for fedora 1.2.1 (from Paul Wouters). + - iana portlist updated. + - fixup EOL in include directive (reported by Paul Wouters). + You can no longer specify newlines in the names of included files. + - config parser changed. Gives some syntax errors closer to where they + occurred. Does not enforce a space after keyword anymore. + Does not allow literal newlines inside quoted strings anymore. + - verbosity level 5 logs customer IP for new requestlist entries. + - test fix, lexer and cancel test. + - new option log-time-ascii: yes if you enable it prints timestamps + in the log file as Feb 06 13:45:26 (like syslog does). + - detect event_base_new in libevent-1.4.1 and later and use it. + - #231 unbound-checkconf -o option prints that value from config file. + Useful for scripting in management scripts and the like. + +5 February 2009: Wouter + - ldns 1.5.0 rc as tarball included. + - 1.3.0 development continues: + change in libunbound API: ub_cancel can return an error, that + the async_id did not exist, or that it was already delivered. + The result could have been delivered just before the cancel + routine managed to acquire the lock, so a caller may get the + result at the same time they call cancel. For this case, + ub_cancel tries to return an error code. + Fixes race condition in ub_cancel() libunbound function. + - MacOSX Leopard cleaner text output from configure. + - initgroups(3) is called to drop secondary group permissions, if + applicable. + - configure option --with-ldns-builtin forces the use of the + inluded ldns package with the unbound source. The -I include + is put before the others, so it avoids bad include files from + an older ldns install. + - daemon(3) posix call is used when available. + - testbound test for older fix added. + +4 February 2009: Wouter + - tag for release 1.2.1. + - trunk setup for 1.3.0 development. + +3 February 2009: Wouter + - noted feature requests in doc/TODO. + - printout more detailed errors on ssl certificate loading failures. + - updated IANA portlist. + +16 January 2009: Wouter + - more quiet about ipv6 network failures, i.e. when ipv6 is not + available (network unreachable). Debug still printed on high + verbosity. + - unbound-host -4 and -6 options. Stops annoying ipv6 errors when + debugging with unbound-host -4 -d ... + - more cycle detection for NS-check, addr-check, root-prime and + stub-prime queries in the iterator. Avoids possible deadlock + when priming fails. + +15 January 2009: Wouter + - bug #229: fixup configure checks for compilation with Solaris + Sun cc compiler, ./configure CC=/opt/SUNWspro/bin/cc + - fixup suncc warnings. + - fix bug where unbound could crash using libevent 1.3 and older. + - update testset for recent retry change. + +14 January 2009: Wouter + - 1.2.1 feature: negative caching for failed queries. + Queries that failed are cached for 5 seconds (NORR_TTL). + If the failure is local, like out of memory, it is not cached. + - the TTL comparison for the cache used different comparisons, + causing many cache responses that used the iterator and validator + state machines unnecessarily. + - retry from 4 to 5 so that EDNS drop retry is part of the first + query resolve attempt, and cached error does not stop EDNS fallback. + - remove debug prints that protect against bad referrals. + - honor QUIET=no on make commandline (or QUIET=yes ). + +13 January 2009: Wouter + - fixed bug in lameness marking, removed printouts. + - find NS rrset more cleanly for qtype NS. + - Moved changes to 1.2.0 for release. Thanks to Mark Zealey for + reporting and logs. + - 1.2.1 feature: stops resolving AAAAs promiscuously when they + are in the negative cache. + +12 January 2009: Wouter + - fixed bug in infrastructure lameness cache, did not lowercase + name of zone to hash when setting lame. + - lameness debugging printouts. + +9 January 2009: Wouter + - created svn tag for 1.2.0 release. + - svn trunk contains 1.2.1 version number. + - iana portlist updated for todays list. + - removed debug print. + +8 January 2009: Wouter + - new version of ldns-trunk (today) included as tarball, fixed + bug #224, building with -j race condition. + - remove possible race condition in the test for race conditions. + +7 January 2009: Wouter + - version 1.2.0 in preparation. + - feature to allow wildcards (*, ?, [], {}. ~) in trusted-keys-file + statements. (Adapted from patch by Paul Wouters). + - typo fix and iana portlist updated. + - porting testsuite; unused var warning, and type fixup. + +6 January 2009: Wouter + - fixup packet-of-death when compiled with --enable-debug. + A malformed packet could cause an internal assertion failure. + - added test for HINFO canonicalisation behaviour. + - fixup reported problem with transparent local-zone data where + queries with different type could get nxdomain. Now queries + with a different name get resolved normally, with different type + get a correct NOERROR/NODATA answer. + - HINFO no longer downcased for validation, making unbound compatible + with bind and ldns. + - fix reading included config files when chrooted. + Give full path names for include files. + Relative path names work if the start dir equals the working dir. + - fix libunbound message transport when no packet buffer is available. + +5 January 2009: Wouter + - fixup getaddrinfo failure handling for remote control port. + - added L.ROOT-SERVERS.NET. AAAA 2001:500:3::42 to builtin root hints. + - fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/ + - comm_timer_set performs base_set operation after event_add. + +18 December 2008: Wouter + - fixed bug reported by Duane Wessels: error in DLV lookup, would make + some zones that had correct DLV keys as insecure. + - follows -rc makedist from ldns changes (no _rc). + - ldns tarball updated with 1.4.1rc for DLV unit test. + - verbose prints about recursion lame detection and server selection. + - fixup BSD port for infra host storage. It hashed wrongly. + - fixup makedist snapshot name generation. + - do not reopen syslog to avoid dev/log dependency. + +17 December 2008: Wouter + - follows ldns makedist.sh. -rc option. autom4te dir removed. + - unbound-control status command. + - extended statistics has a number of ipv6 queries counter. + contrib/unbound_munin_ was updated to draw ipv6 in the hits graph. + +16 December 2008: Wouter + - follow makedist improvements from ldns, for maintainers prereleases. + - snapshot version uses _ not - to help rpm distinguish the + version number. + +11 December 2008: Wouter + - better fix for bug #219: use LOG_NDELAY with openlog() call. + Thanks to Tamas Tevesz. + +9 December 2008: Wouter + - bug #221 fixed: unbound checkconf checks if key files exist if + remote control is enabled. Also fixed NULL printf when not chrooted. + - iana portlist updated. + +3 December 2008: Wouter + - Fix problem reported by Jaco Engelbrecht where unbound-control stats + freezes up unbound if this was compiled without threading, and + was using multiple processes. + - iana portlist updated. + - test for remote control with interprocess communication. + - created command distribution mechanism so that remote control + commands other than 'stats' work on all processes in a nonthreaded + compiled version. dump/load cache work, on the first process. + - fixup remote control local_data addition memory corruption bug. + +1 December 2008: Wouter + - SElinux policy files in contrib/selinux for the unbound daemon, + by Paul Wouters and Adam Tkac. + +25 November 2008: Wouter + - configure complains when --without-ssl is given (bug #220). + - skip unsupported feature tests on vista/mingw. + - fixup testcode/streamtcp to work on vista/mingw. + - root-hints test checks version of dig required. + - blacklisted servers are polled at a low rate (1%) to see if they + come back up. But not if there is some other working server. + +24 November 2008: Wouter + - document that the user of the server daemon needs read privileges + on the keys and certificates generated by unbound-control-setup. + This is different per system or distribution, usually, running the + script under the same username as the server uses suffices. + i.e. sudo -u unbound unbound-control-setup + - testset port to vista/mingw. + - tcp_sigpipe to freebsd port. + +21 November 2008: Wouter + - fixed tcp accept, errors were printed when they should not. + - unbound-control-setup.sh removes read/write permissions other + from the keys it creates (as suggested by Dmitriy Demidov). + +20 November 2008: Wouter + - fixup fatal error due to faulty error checking after tcp accept. + - add check in rlimit to avoid integer underflow. + - rlimit check with new formula; better estimate for number interfaces + - nicer comments in rlimit check. + - tag 1.1.1 created in svn. + - trunk label is 1.1.2 + +19 November 2008: Wouter + - bug #219: fixed so that syslog which delays opening until the first + log line is written, gets a log line while not chroot'ed yet. + +18 November 2008: Wouter + - iana portlist updated. + - removed cast in unit test debug print that was not 64bit safe. + - trunk back to 1.1.0; copied to tags 1.1.0 release. + - trunk to has version number 1.1.1 again. + - in 1.1.1; make clean nicer. grammar in manpage. + +17 November 2008: Wouter + - theoretical fix for problems reported on mailing list. + If a delegation point has no A but only AAAA and do-ip6 is no, + resolution would fail. Fixed to ask for the A and AAAA records. + It has to ask for both always, so that it can fail quietly, from + TLD perspective, when a zone is only reachable on one transport. + - test for above, only AAAA and doip6 is no. Fix causes A record + for nameserver to be fetched. + - fixup address duplication on cache fillup for delegation points. + - testset updated for new query answer requirements. + +14 November 2008: Wouter + - created 1.1.0 release tag in svn. + - trunk moved to 1.1.1 + - fixup unittest-neg for locking. + +13 November 2008: Wouter + - added fedora init and specfile to contrib (by Paul Wouters). + - added configure check for ldns 1.4.0 (using its compat funcs). + - neater comments in worker.h. + - removed doc/plan and updated doc/TODO. + - silenced EHOSTDOWN (verbosity 2 or higher to see it). + - review comments from Jelte, Matthijs. Neater code. + +12 November 2008: Wouter + - add unbound-control manpage to makedist replace list. + +11 November 2008: Wouter + - unit test for negative cache, stress tests the refcounting. + - fix for refcounting error that could cause fptr_wlist fatal exit + in the negative cache rbtree (upcoming 1.1 feature). (Thanks to + Attila Nagy for testing). + - nicer comments in cachedump about failed RR to string conversion. + - fix 32bit wrap around when printing large (4G and more) mem usage + for extended statistics. + +10 November 2008: Wouter + - fixup the getaddrinfo compat code rename. + +8 November 2008: Wouter + - added configure check for eee build warning. + +7 November 2008: Wouter + - fix bug 217: fixed, setreuid and setregid do not work on MacOSX10.4. + - detect nonblocking problems in network stack in configure script. + +6 November 2008: Wouter + - dname_priv must decompress the name before comparison. + - iana portlist updated. + +5 November 2008: Wouter + - fixed possible memory leak in key_entry_key deletion. + Would leak a couple bytes when trust anchors were replaced. + - if query and reply qname overlap, the bytes are skipped not copied. + - fixed file descriptor leak when messages were jostled out that + had outstanding (TCP) replies. + - DNAMEs used from cache have their synthesized CNAMEs initialized + properly. + - fixed file descriptor leak for localzone type deny (for TCP). + - fixed memleak at exit for nsec3 negative cached zones. + - fixed memleak for the keyword 'nodefault' when reading config. + - made verbosity of 'edns incapable peer' warning higher, so you + do not get spammed by it. + - caught elusive Bad file descriptor error bug, that would print the + error while unnecessarily try to listen to a closed fd. Fixed. + +4 November 2008: Wouter + - fixed -Wwrite-strings warnings that result in better code. + +3 November 2008: Wouter + - fixup build process for Mac OSX linker, use ldns b32 compat funcs. + - generated configure with autoconf-2.61. + - iana portlist updated. + - detect if libssl needs libdl. For static linking with libssl. + - changed to use new algorithm identifiers for sha256/sha512 + from ldns 1.4.0 (need very latest version). + - updated the included ldns tarball. + - proper detection of SHA256 and SHA512 functions (not just sizes). + +23 October 2008: Wouter + - a little more debug info for failure on signer names. prints names. + +22 October 2008: Wouter + - CFLAGS are picked up by configure from the environment. + - iana portlist updated. + - updated ldns to use 1.4.0-pre20081022 so it picks up CFLAGS too. + - new stub-prime: yesno option. Default is off, so it does not prime. + can be turned on to get same behaviour as previous unbound release. + - made automated test that checks if builtin root hints are uptodate. + - finished draft-wijngaards-dnsext-resolver-side-mitigation + implementation. The unwanted-reply-threshold can be set. + - fixup so fptr_whitelist test in alloc.c works. + +21 October 2008: Wouter + - fix update-anchors.sh, so it does not report different RR order + as an update. Sorts the keys in the file. Updated copyright. + - fixup testbound on windows, the command control pipe doesn't exist. + - skip 08hostlib test on windows, no fork() available. + - made unbound-remote work on windows. + +20 October 2008: Wouter + - quench a log message that is debug only. + - iana portlist updated. + - do not query bogus nameservers. It is like nameservers that have + the NS or A or AAAA record bogus are listed as donotquery. + - if server selection is faced with only bad choices, it will + attempt to get more options to be fetched. + - changed bogus-ttl default value from 900 to 60 seconds. + In anticipation that operator caused failures are more likely than + actual attacks at this time. And thus repeated validation helps + the operators get the problem fixed sooner. It makes validation + failures go away sooner (60 seconds after the zone is fixed). + Also it is likely to try different nameserver targets every minute, + so that if a zone is bad on one server but not another, it is + likely to pick up the 'correct' one after a couple minutes, + and if the TTL is big enough that solves validation for the zone. + - fixup unbound-control compilation on windows. + +17 October 2008: Wouter + - port Leopard/G5: fixup type conversion size_t/uint32. + please ranlib, stop file without symbols warning. + - harden referral path now also validates the root after priming. + It looks up the root NS authoritatively as well as the root servers + and attemps to validate the entries. + +16 October 2008: Wouter + - Fixup negative TTL values appearing (reported by Attila Nagy). + +15 October 2008: Wouter + - better documentation for 0x20; remove fallback TODO, it is done. + - harden-referral-path feature includes A, AAAA queries for glue, + as well as very careful NS caching (only when doing NS query). + A, AAAA use the delegation from the NS-query. + +14 October 2008: Wouter + - fwd_three.tpkg test was flaky. If the three requests hit the + wrong threads by chance (or bad OS) then the test would fail. + Made less flaky by increasing number of retries. + - stub_udp.tpkg changed to work, give root hints. fixed ldns_dname_abs. + - ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081014). + Which includes the ldns_dname_absolute fix. + - fwd_three test remains flaky now that unbound does not stop + listening when full. Thus, removed timeout problem. + It may be serviced by three threads, or maybe by one. + Mostly only useful for lock-check testing now. + +13 October 2008: Wouter + - fixed recursion servers deployed as authoritative detection, so + that as a last resort, a +RD query is sent there to get the + correct answer. + - iana port list update. + - ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081013). + +10 October 2008: Wouter + - fixup tests - the negative cache contained the correct NSEC3s for + two tests that are supposed to fail to validate. + +9 October 2008: Wouter + - negative cache caps max iterations of NSEC3 done. + - NSEC3 negative cache for qtype DS works. + +8 October 2008: Wouter + - NSEC negative cache for DS. + +6 October 2008: Wouter + - jostle-timeout option, so you can config for slow links. + - 0x20 fallback code. Tries 3xnumber of nameserver addresses + queries that must all be the same. Sent to random nameservers. + - documented choices for DoS, EDNS, 0x20. + +2 October 2008: Wouter + - fixup unlink of pidfile. + - fixup SHA256 algorithm collation code. + - contrib/update-anchor.sh does not overwrite anchors if not needed. + exits 0 when a restart is needed, other values if not. + so, update-anchor.sh -d mydir && /etc/rc.d/unbound restart + can restart unbound exactly when needed. + +30 September 2008: Wouter + - fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1. + - tests for sha256 support and downgrade resistance. + - RSASHA256 and RSASHA512 support (using the draft in dnsext), + using the drafted protocol numbers. + - when using stub on localhost (127.0.0.1@10053) unbound works. + Like when running NSD to host a local zone, on the same machine. + The noprime feature. manpages more explanation. Added a test for it. + - shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com" + +29 September 2008: Wouter + - EDNS lameness detection, if EDNS packets are dropped this is + detected, eventually. + - multiple query timeout rtt backoff does not backoff too much. + +26 September 2008: Wouter + - tests for remote-control. + - small memory leak in exception during remote control fixed. + - fixup for lock checking but not unchecking in remote control. + - iana portlist updated. + +23 September 2008: Wouter + - Msg cache is loaded. A cache load enables cache responses. + - unbound-control flush [name], flush_type and flush_zone. + +22 September 2008: Wouter + - dump_cache and load_cache statements in unbound-control. + RRsets are dumped and loaded correctly. + Msg cache is dumped. + +19 September 2008: Wouter + - locking on the localdata structure. + - add and remove local zone and data with unbound-control. + - ldns trunk snapshot updated, make tests work again. + +18 September 2008: Wouter + - fixup error in time calculation. + - munin plugin improvements. + - nicer abbreviations for high query types values (ixfr, axfr, any...) + - documented the statistics output in unbound-control man page. + - extended statistics prints out histogram, over unbound-control. + +17 September 2008: Wouter + - locking for threadsafe bogus rrset counter. + - ldns trunk no longer exports b32 functions, provide compat. + - ldns tarball updated. + - testcode/ldns-testpkts.c const fixups. + - fixed rcode stat printout. + - munin plugin in contrib. + - stats always printout uptime, because stats plugins need it. + +16 September 2008: Wouter + - extended-statistics: yesno config option. + - unwanted replies spoof nearmiss detector. + - iana portlist updated. + +15 September 2008: Wouter + - working start, stop, reload commands for unbound-control. + - test for unbound-control working; better exit value for control. + - verbosity control via unbound-control. + - unbound-control stats. + +12 September 2008: Wouter + - removed browser control mentions. Proto speccy. + +11 September 2008: Wouter + - set nonblocking on new TCP streams, because linux does not inherit + the socket options to the accepted socket. + - fix TCP timeouts. + - SSL protected connection between server and unbound-control. + +10 September 2008: Wouter + - remove memleak in privacy addresses on reloads and quits. + - remote control work. + +9 September 2008: Wouter + - smallapp/unbound-control-setup.sh script to set up certificates. + +4 September 2008: Wouter + - scrubber scrubs away private addresses. + - test for private addresses. man page entry. + - code refactored for name and address tree lookups. + +3 September 2008: Wouter + - options for 'DNS Rebinding' protection: private-address and + private-domain. + - dnstree for reuse of routines that help with domain, addr lookups. + - private-address and private-domain config option read, stored. + +2 September 2008: Wouter + - DoS protection features. Queries are jostled out to make room. + - testbound can pass time, increasing the internal timer. + - do not mark unsigned additionals bogus, leave unchecked, which + is removed too. + +1 September 2008: Wouter + - disallow nonrecursive queries for cache snooping by default. + You can allow is using access-control: <subnet> allow_snoop. + The defaults do allow access no authoritative data without RD bit. + - two tests for it and fixups of tests for nonrec refused. + +29 August 2008: Wouter + - version 1.1 number in trunk. + - harden-referral-path option for query for NS records. + Default turns off expensive, experimental option. + +28 August 2008: Wouter + - fixup logfile handling; it is created with correct permissions + again. (from bugfix#199). + Some errors are not written to logfile (pidfile writing, forking), + and these are only visible by using the -d commandline flag. + +27 August 2008: Wouter + - daemon(3) is causing problems for people. Reverting the patch. + bug#200, and 199 and 203 contain sideline discussion on it. + - bug#199 fixed: pidfile can be outside chroot. openlog is done before + chroot and drop permissions. + - config option to set size of aggressive negative cache, + neg-cache-size. + - bug#203 fixed: dlv has been implemented. + +26 August 2008: Wouter + - test for insecure zone when DLV is in use, also does negative cache. + - test for trustanchor when DLV is in use (the anchor works). + - test for DLV used for a zone below a trustanchor. + - added scrub filter for overreaching NSEC records and unit test. + - iana portlist update + - use of setresuid or setreuid when available. + - use daemon(3) if available. + +25 August 2008: Wouter + - realclean patch from Robert Edmonds. + +22 August 2008: Wouter + - nicer debuglogging of DLV. + - test with secure delegation inside the DLV repository. + +21 August 2008: Wouter + - negative cache code linked into validator, for DLV use. + negative cache works for DLV. + - iana portlist update. + - dlv-anchor option for unit tests. + - fixup NSEC_AT_APEX classification for short typemaps. + - ldns-testns has subdomain checks, for unit tests. + +20 August 2008: Wouter + - negative cache code, reviewed. + +18 August 2008: Wouter + - changes info: in logfile to notice: info: or debug: depending on + the verbosity of the statements. Better logfile message + classification. + - bug #208: extra rc.d unbound flexibility for freebsd/nanobsd. + +15 August 2008: Wouter + - DLV nsec code fixed for better detection of closest existing + enclosers from NSEC responses. + - DLV works, straight to the dlv repository, so not for production. + - Iana port update. + +14 August 2008: Wouter + - synthesize DLV messages from the rrset cache, like done for DS. + +13 August 2008: Wouter + - bug #203: nicer do-auto log message when user sets incompatible + options. + - bug #204: variable name ameliorated in log.c. + - bug #206: in iana_update, no egrep, but awk use. + - ldns snapshot r2699 taken (includes DLV type). + - DLV work, config file element, trust anchor read in. + +12 August 2008: Wouter + - finished adjusting testset to provide qtype NS answers. + +11 August 2008: Wouter + - Fixup rrset security updates overwriting 2181 trust status. + This makes validated to be insecure data just as worthless as + nonvalidated data, and 2181 rules prevent cache overwrites to them. + - Fix assertion fail on bogus key handling. + - dnssec lameness detection works on first query at trust apex. + - NS queries get proper cache and dnssec lameness treatment. + - fixup compilation without pthreads on linux. + +8 August 2008: Wouter + - NS queries are done after every referral. + validator is used on those NS records (if anchors enabled). + +7 August 2008: Wouter + - Scrubber more strict. CNAME chains, DNAMEs from cache, other + irrelevant rrsets removed. + - 1.0.2 released from 1.0 support branch. + - fixup update-anchor.sh to work both in BSD shell and bash. + +5 August 2008: Wouter + - fixup DS test so apex nodata works again. + +4 August 2008: Wouter + - iana port update. + - TODO update. + - fix bug 201: null ptr deref on cleanup while udp pkts wait for port. + - added explanatory text for outgoing-port-permit in manpage. + +30 July 2008: Wouter + - fixup bug qtype DS for unsigned zone and signed parent validation. + +25 July 2008: Wouter + - added original copyright statement of OpenBSD arc4random code. + - created tube signaling solution on windows, as a pipe replacement. + this makes background asynchronous resolution work on windows. + - removed very insecure socketpair compat code. It also did not + work with event_waiting. Solved by pipe replacement. + - unbound -h prints openssl version number as well. + +22 July 2008: Wouter + - moved pipe actions to util/tube.c. easier porting and shared code. + - check _raw() commpoint callbacks with fptr_wlist. + - iana port update. + +21 July 2008: Wouter + - #198: nicer entropy warning message. manpage OS hints. + +19 July 2008: Wouter + - #198: fixup man page to suggest chroot entropy fix. + +18 July 2008: Wouter + - branch for 1.0 support. + - trunk work on tube.c. + +17 July 2008: Wouter + - fix bug #196, compile outside source tree. + - fix bug #195, add --with-username=user configure option. + - print error and exit if started with config that requires more + fds than the builtin minievent can handle. + +16 July 2008: Wouter + - made svn tag 1.0.1, trunk now 1.0.2 + - sha256 checksums enabled in makedist.sh + +15 July 2008: Wouter + - Follow draft-ietf-dnsop-default-local-zones-06 added reverse + IPv6 example prefix to AS112 default blocklist. + - fixup lookup of DS records by client with trustanchor for same. + - libunbound ub_resolve, fix handling of error condition during setup. + - lowered log_hex blocksize to fit through BSD syslog linesize. + - no useless initialisation if getpwnam not available. + - iana, ldns snapshot updated. + +3 July 2008: Wouter + - Matthijs fixed memory leaks in root hints file reading. + +26 June 2008: Wouter + - fixup streamtcp bounds setting for udp mode, in the test framework. + - contrib item for updating trust anchors. + +25 June 2008: Wouter + - fixup fwd_ancil test typos. + - Fix for newegg lameness : ok for qtype=A, but lame for others. + - fixup unit test for infra cache, test lame merging. + - porting to mingw, bind, listen, getsockopt and setsockopt error + handling. + +24 June 2008: Wouter + - removed testcode/checklocks from production code compilation path. + - streamtcp can use UDP mode (connected UDP socket), for testing IPv6 + on windows. + - fwd_ancil test fails if platform support is lacking. + +23 June 2008: Wouter + - fixup minitpkg to cleanup on windows with its file locking troubles. + - minitpkg shows skipped tests in report. + - skip ipv6 tests on ipv4 only hosts (requires only ipv6 localhost not + ipv6 connectivity). + - winsock event handler keeps track of sticky TCP events, that have + not been fully handled yet. when interest in the event(s) resumes, + they are sent again. When WOULDBLOCK is returned events are cleared. + - skip tests that need signals when testing on mingw. + +18 June 2008: Wouter + - open testbound replay files in binary mode, because fseek/ftell + do not work in ascii-mode on windows. The b does nothing on unix. + unittest and testbound tests work on windows (xp too). + - ioctlsocket prints nicer error message. + - fixed up some TCP porting for winsock. + - lack of IPv6 gives a warning, no fatal error. + - use WSAGetLastError() on windows instead of errno for some errors. + +17 June 2008: Wouter + - outgoing num fds 32 by default on windows ; it supports less + fds for waiting on than unixes. + - winsock_event minievent handler for windows. (you could also + attempt to link with libevent/libev ports for windows). + - neater crypto check and gdi32 detection. + - unbound.exe works to resolve and validate www.nlnetlabs.nl on vista. + +16 June 2008: Wouter + - on windows, use windows threads, mutex and thread-local-storage(Tls). + - detect if openssl needs gdi32. + - if no threading, THREADS_DISABLED is defined for use in the code. + - sets USE_WINSOCK if using ws2_32 on windows. + - wsa_strerror() function for more readable errors. + - WSA Startup and Cleanup called in unbound.exe. + +13 June 2008: Wouter + - port mingw32, more signal ifdefs, detect sleep, usleep, + random, srandom (used inside the tests). + - signed or unsigned FD_SET is cast. + +10 June 2008: Wouter + - fixup warnings compiling on eeepc xandros linux. + +9 June 2008: Wouter + - in iteration response type code + * first check for SOA record (negative answer) before NS record + and lameness. + * check if no AA bit for non-forwarder, and thus lame zone. + In response to error report by Richard Doty for mail.opusnet.com. + - fixup unput warning from lexer on freeBSD. + - bug#183. pidfile, rundir, and chroot configure options. Also the + example.conf and manual pages get the configured defaults. + You can use: (or accept the defaults to /usr/local/etc/unbound/) + --with-conf-file=filename + --with-pidfile=filename + --with-run-dir=path + --with-chroot-dir=path + +8 June 2008: Wouter + - if multiple CNAMEs, use the first one. Fixup akamai CNAME bug. + Reported by Robert Edmonds. + - iana port updated. + +4 June 2008: Wouter + - updated libtool files with newer version. + - iana portlist updated. + +3 June 2008: Wouter + - fixup local-zone: "30.172.in-addr.arpa." nodefault, so that the + trailing dot is not used during comparison. + +2 June 2008: Wouter + - Jelte fixed bugs in my absence + - bug 178: fixed unportable shell usage in configure (relied on + bash shell). + - bug 180: fixed buffer overflow in unbound-checkconf use of strncat. + - bug 181: fixed buffer overflow in ldns (called by unbound to parse + config file parts). + - fixes by Wouter + - bug 177: fixed compilation failure on opensuse, the + --disable-static configure flag caused problems. (Patch from + Klaus Singvogel) + - bug 179: same fix as 177. + - bug 185: --disable-shared not passed along to ldns included with + unbound. Fixed so that configure parameters are passed to the + subdir configure script. + fixed that ./libtool is used always, you can still override + manually with ./configure libtool=mylibtool or set $libtool in + the environment. + - update of the ldns tarball to current ldns svn version (fix 181). + - bug 184: -r option for unbound-host, read resolv.conf for + forwarder. (Note that forwarder must support DNSSEC for validation + to succeed). + +23 May 2008: Wouter + - mingw32 porting. + - test for sys/wait.h + - WSAEWOULDBLOCK test after nonblocking TCP connect. + - write_iov_buffer removed: unused and no struct iov on windows. + - signed/unsigned warning fixup mini_event. + - use ioctlsocket to set nonblocking I/O if fnctl is unavailable. + - skip signals that are not defined + - detect pwd.h. + - detect getpwnam, getrlimit, setsid, sbrk, chroot. + - default config has no chroot if chroot() unavailable. + - if no kill() then no pidfile is read or written. + - gmtime_r is replaced by nonthreadsafe alternative if unavail. + used in rrsig time validation errors. + +22 May 2008: Wouter + - contrib unbound.spec from Patrick Vande Walle. + - fixup bug#175: call tzset before chroot to have correct timestamps + in system log. + - do not generate lex input and lex unput functions. + - mingw port. replacement functions labelled _unbound. + - fix bug 174 - check for tcp_sigpipe that ldns-testns is installed. + +19 May 2008: Wouter + - fedora 9, check in6_pktinfo define in configure. + - CREDITS fixup of history. + - ignore ldns-1.2.2 if installed, use builtin 1.3.0-pre alternative. + +16 May 2008: Wouter + - fixup for MacOSX hosts file reading (reported by John Dickinson). + - created 1.0.0 svn tag. + - trunk version 1.0.1. + +14 May 2008: Wouter + - accepted patch from Ondrej Sury for library version libtool option. + - configure --disable-rpath fixes up libtool for rpath trouble. + Adapted from debian package patch file. + +13 May 2008: Wouter + - Added root ipv6 addresses to builtin root hints. + - TODO modified for post 1.0 plans. + - trunk version set to 1.0.0. + - no unnecessary linking with librt (only when libevent/libev used). + +7 May 2008: Wouter + - fixup no-ip4 problem with error callback in outside network. + +25 April 2008: Wouter + - DESTDIR is honored by the Makefile for rpms. + - contrib files unbound.spec and unbound.init, builds working RPM + on FC7 Linux, a chrooted caching resolver, and libunbound. + - iana ports update. + +24 April 2008: Wouter + - chroot checks improved. working directory relative to chroot. + checks if config file path is inside chroot. Documentation on it. + - nicer example.conf text. + - created 0.11 tag. + +23 April 2008: Wouter + - parseunbound.pl contrib update from Kai Storbeck for threads. + - iana ports update + +22 April 2008: Wouter + - ignore SIGPIPE. + - unit test for SIGPIPE ignore. + +21 April 2008: Wouter + - FEATURES document. + - fixup reread of config file if it was given as a full path + and chroot was used. + +16 April 2008: Wouter + - requirements doc, updated clean query returns. + - parseunbound.pl update from Kai Storbeck. + - sunos4 porting changes. + +15 April 2008: Wouter + - fixup default rc.d pidfile location to /usr/local/etc. + - iana ports updated. + - copyright updated in ldns-testpkts to keep same as in ldns. + - fixup checkconf chroot tests a bit more, chdir must be inside + chroot dir. + - documented 'gcc: unrecognized -KPIC option' errors on Solaris. + - example.conf values changed to /usr/local/etc/unbound + - DSA test work. + - DSA signatures: unbound is compatible with both encodings found. + It will detect and convert when necessary. + +14 April 2008: Wouter + - got update for parseunbound.pl statistics script from Kai Storbeck. + - tpkg tests for udp wait list. + - documented 0x20 status. + - fixup chroot and checkconf, it is much smarter now. + - fixup DSA EVP signature decoding. Solution that Jelte found copied. + - and check first sig byte for the encoding type. + +11 April 2008: Wouter + - random port selection out of the configged ports. + - fixup threadsafety for libevent-1.4.3+ (event_base_get_method). + - removed base_port. + - created 256-port ephemeral space for the OS, 59802 available. + - fixup consistency of port_if out array during heavy use. + +10 April 2008: Wouter + - --with-libevent works with latest libevent 1.4.99-trunk. + - added log file statistics perl script to contrib. + - automatic iana ports update from makefile. 60058 available. + +9 April 2008: Wouter + - configure can detect libev(from its build directory) when passed + --with-libevent=/home/wouter/libev-3.2 + libev-3.2 is a little faster than libevent-1.4.3-stable (about 5%). + - unused commpoints not listed in epoll list. + - statistics-cumulative option so that the values are not reset. + - config creates array of available ports, 61841 available, + it excludes <1024 and iana assigned numbers. + config statements to modify the available port numbers. + +8 April 2008: Wouter + - unbound tries to set the ulimit fds when started as server. + if that does not work, it will scale back its requirements. + +27 March 2008: Wouter + - documented /dev/random symlink from chrootdir as FAQ entry. + +26 March 2008: Wouter + - implemented AD bit signaling. If a query sets AD bit (but not DO) + then the AD bit is set in the reply if the answer validated. + Without including DNSSEC signatures. Useful if you have a trusted + path from the client to the resolver. Follows dnssec-updates draft. + +25 March 2008: Wouter + - implemented check that for NXDOMAIN and NOERROR answers a query + section must be present in the reply (by the scrubber). And it must + be equal to the question sent, at least lowercase folded. + Previously this feature happened because the cache code refused + to store such messages. However blocking by the scrubber makes + sure nothing gets into the RRset cache. Also, this looks like a + timeout (instead of an allocation failure) and this retries are + done (which is useful in a spoofing situation). + - RTT banding. Band size 400 msec, this makes band around zero (fast) + include unknown servers. This makes unbound explore unknown servers. + +7 March 2008: Wouter + - -C config feature for harvest program. + - harvest handles CNAMEs too. + +5 March 2008: Wouter + - patch from Hugo Koji Kobayashi for iterator logs spelling. + +4 March 2008: Wouter + - From report by Jinmei Tatuya, rfc2181 trust value for remainder + of a cname trust chain is lower; not full answer_AA. + - test for this fix. + - default config file location is /usr/local/etc/unbound. + Thus prefix is used to determine the location. This is also the + chroot and pidfile default location. + +3 March 2008: Wouter + - Create 0.10 svn tag. + - 0.11 version in trunk. + - indentation nicer. + +29 February 2008: Wouter + - documentation update. + - fixup port to Solaris of perf test tool. + - updated ldns-tarball with decl-after-statement fixes. + +28 February 2008: Wouter + - fixed memory leaks in libunbound (during cancellation and wait). + - libunbound returns the answer packet in full. + - snprintf compat update. + - harvest performs lookup. + - ldns-tarball update with fix for ldns_dname_label. + - installs to sbin by default. + - install all manual pages (unbound-host and libunbound too). + +27 February 2008: Wouter + - option to use caps for id randomness. + - config file option use-caps-for-id: yes + - harvest debug tool + +26 February 2008: Wouter + - delay utility delays TCP as well. If the server that is forwarded + to has a TCP error, the delay utility closes the connection. + - delay does REUSE_ADDR, and can handle a server that closes its end. + - answers use casing from query. + +25 February 2008: Wouter + - delay utility works. Gets decent thoughput too (>20000). + +22 February 2008: Wouter + - +2% for recursions, if identical queries (except for destination + and query ID) in the reply list, avoid re-encoding the answer. + - removed TODO items for optimizations that do not show up in + profile reports. + - default is now minievent - not libevent. As its faster and + not needed for regular installs, only for very large port ranges. + - loop check different speedup pkt-dname-reading, 1% faster for + nocache-recursion check. + - less hashing during msg parse, 4% for recursion. + - small speed fix for dname_count_size_labels, +1 or +2% recursion. + - some speed results noted: + optimization resulted in +40% for recursion (cache miss) and + +70 to +80 for cache hits, and +96% for version.bind. + zone nsec3 example, 100 NXDOMAIN queries, NSD 35182.8 Ub 36048.4 + www.nlnetlabs.nl from cache: BIND 8987.99 Ub 31218.3 + www with DO bit set : BIND 8269.31 Ub 28735.6 qps. + So, unbound can be about equal qps to NSD in cache hits. + And about 3.4x faster than BIND in cache performance. + - delay utility for testing. + +21 February 2008: Wouter + - speedup of root-delegation message encoding by 15%. + - minor speedup of compress tree_lookup, maybe 1%. + - speedup of dname_lab_cmp and memlowercmp - the top functions in + profiler output, maybe a couple percent when it matters. + +20 February 2008: Wouter + - setup speec_cache for need-ldns-testns in dotests. + - check number of queued replies on incoming queries to avoid overload + on that account. + - fptr whitelist checks are not disabled in optimize mode. + - do-daemonize config file option. + - minievent time share initializes time at start. + - updated testdata for nsec3 new algorithm numbers (6, 7). + - small performance test of packet encoding (root delegation). + +19 February 2008: Wouter + - applied patch to unbound-host man page from Jan-Piet Mens. + - fix donotquery-localhost: yes default (it erroneously was switched + to default 'no'). + - time is only gotten once and the value is shared across unbound. + - unittest cleans up crypto, so that it has no memory leaks. + - mini_event shares the time value with unbound this results in + +3% speed for cache responses and +9% for recursions. + - ldns tarball update with new NSEC3 sign code numbers. + - perform several reads per UDP operation. This improves performance + in DoS conditions, and costs very little in normal conditions. + improves cache response +50%, and recursions +10%. + - modified asynclook test. because the callback from async is not + in any sort of lock (and thus can use all library functions freely), + this causes a tiny race condition window when the last lock is + released for a callback and a new cancel() for that callback. + The only way to remove this is by putting callbacks into some + lock window. I'd rather have the small possibility of a callback + for a cancelled function then no use of library functions in + callbacks. Could be possible to only outlaw process(), wait(), + cancel() from callbacks, by adding another lock, but I'd rather not. + +18 February 2008: Wouter + - patch to unbound-host from Jan-Piet Mens. + - unbound host prints errors if fails to configure context. + - fixup perf to resend faster, so that long waiting requests do + not hold up the queue, they become lost packets or SERVFAILs, + or can be sent a little while later (i.e. processing time may + take long, but throughput has to be high). + - fixup iterator operating in no cache conditions (RD flag unset + after a CNAME). + - streamlined code for RD flag setting. + - profiled code and changed dname compares to be faster. + The speedup is about +3% to +8% (depending on the test). + - minievent tests for eintr and eagain. + +15 February 2008: Wouter + - added FreeBSD rc.d script to contrib. + - --prefix option for configure also changes directory: pidfile: + and chroot: defaults in config file. + - added cache speed test, for cache size OK and cache too small. + +14 February 2008: Wouter + - start without a config file (will complain, but start with + defaults). + - perf test program works. + +13 February 2008: Wouter + - 0.9 released. + - 1.0 development. Printout ldns version on unbound -h. + - start of perf tool. + - bugfix to read empty lines from /etc/hosts. + +12 February 2008: Wouter + - fixup problem with configure calling itself if ldns-src tarball + is not present. + +11 February 2008: Wouter + - changed library to use ub_ instead of ub_val_ as prefix. + - statistics output text nice. + - etc/hosts handling. + - library function to put logging to a stream. + - set any option interface. + +8 February 2008: Wouter + - test program for multiple queries over a TCP channel. + - tpkg test for stream tcp queries. + - unbound replies to multiple TCP queries on a TCP channel. + - fixup misclassification of root referral with NS in answer + when validating a nonrec query. + - tag 0.9 + - layout of manpages, spelling fix in header, manpages process by + makedist, list asynclook and tcpstream tests as ldns-testns + required. + +7 February 2008: Wouter + - moved up all current level 2 to be level 3. And 3 to 4. + to make room for new debug level 2 for detailed information + for operators. + - verbosity level 2. Describes recursion and validation. + - cleaner configure script and fixes for libevent solaris. + - signedness for log output memory sizes in high verbosity. + +6 February 2008: Wouter + - clearer explanation of threading configure options. + - fixup asynclook test for nothreading (it creates only one process + to do the extended test). + - changed name of ub_val_result_free to ub_val_resolve_free. + - removes warning message during library linking, renamed + libunbound/unbound.c -> libunbound.c and worker to libworker. + - fallback without EDNS if result is NOTIMPL as well as on FORMERR. + +5 February 2008: Wouter + - statistics-interval: seconds option added. + - test for statistics option + - ignore errors making directories, these can occur in parallel builds + - fixup Makefile strip command and libunbound docs typo. + +31 January 2008: Wouter + - bg thread/process reads and writes the pipe nonblocking all the time + so that even if the pipe is buffered or so, the bg thread does not + block, and services both pipes and queries. + +30 January 2008: Wouter + - check trailing / on chrootdir in checkconf. + - check if root hints and anchor files are in chrootdir. + - no route to host tcp error is verbosity level 2. + - removed unused send_reply_iov. and its configure check. + - added prints of 'remote address is 1.2.3.4 port 53' to errors + from netevent; the basic socket errors. + +28 January 2008: Wouter + - fixup uninit use of buffer by libunbound (query id, flags) for + local_zone answers. + - fixup uninit warning from random.c; also seems to fix sporadic + sigFPE coming out of openssl. + - made openssl entropy warning more silent for library use. Needs + verbosity 1 now. + - fixup forgotten locks for rbtree_searches on ctx->query tree. + - random generator cleanup - RND_STATE_SIZE removed, and instead + a super-rnd can be passed at init to chain init random states. + - test also does lock checks if available. + - protect config access in libworker_setup(). + - libevent doesn't like comm_base_exit outside of runloop. + - close fds after removing commpoints only (for epoll, kqueue). + +25 January 2008: Wouter + - added tpkg for asynclook and library use. + - allows localhost to be queried when as a library. + - fixup race condition between cancel and answer (in case of + really fast answers that beat the cancel). + - please doxygen, put doxygen comment in one place. + - asynclook -b blocking mode and test. + - refactor asynclook, nicer code. + - fixup race problems from opensll in rand init from library, with + a mutex around the rand init. + - fix pass async_id=NULL to _async resolve(). + - rewrote _wait() routine, so that it is threadsafe. + - cancelation is threadsafe. + - asynclook extended test in tpkg. + - fixed two races where forked bg process waits for (somehow shared?) + locks, so does not service the query pipe on the bg side. + Now those locks are only held for fg_threads and for bg_as_a_thread. + +24 January 2008: Wouter + - tested the cancel() function. + - asynclook -c (cancel) feature. + - fix fail to allocate context actions. + - make pipe nonblocking at start. + - update plane for retry mode with caution to limit bandwidth. + - fix Makefile for concurrent make of unbound-host. + - renamed ub_val_ctx_wait/poll/process/fd to ub_val*. + - new calls to set forwarding added to header and docs. + +23 January 2008: Wouter + - removed debug prints from if-auto, verb-algo enables some. + - libunbound QUIT setup, remove memory leaks, when using threads + will share memory for passing results instead of writing it over + the pipe, only writes ID number over the pipe (towards the handler + thread that does process() ). + +22 January 2008: Wouter + - library code for async in libunbound/unbound.c. + - fix link testbound. + - fixup exit bug in mini_event. + - background worker query enter and result functions. + - bg query test application asynclook, it looks up multiple + hostaddresses (A records) at the same time. + +21 January 2008: Wouter + - libworker work, netevent raw commpoints, write_msg, serialize. + +18 January 2008: Wouter + - touch up of manpage for libunbound. + - support for IP_RECVDSTADDR (for *BSD ip4). + - fix for BSD, do not use ip4to6 mapping, make two sockets, once + ip6 and once ip4, uses socket options. + - goodbye ip4to6 mapping. + - update ldns-testpkts with latest version from ldns-trunk. + - updated makedist for relative ldns pathnames. + - library API with more information inside the result structure. + - work on background resolves. + +17 January 2008: Wouter + - fixup configure in case -lldns is installed. + - fixup a couple of doxygen warnings, about enum variables. + - interface-automatic now copies the interface address from the + PKT_INFO structure as well. + - manual page with library API, all on one page 'man libunbound'. + - rewrite of PKTINFO structure, it also captures IP4 PKTINFO. + +16 January 2008: Wouter + - incoming queries to the server with TC bit on are replied FORMERR. + - interface-automatic replied the wrong source address on localhost + queries. Seems to be due to ifnum=0 in recvmsg PKTINFO. Trying + to use ifnum=-1 to mean 'no interface, use kernel route'. + +15 January 2008: Wouter + - interface-automatic feature. experimental. Nice for anycast. + - tpkg test for ip6 ancillary data. + - removed debug prints. + - porting experience, define for Solaris, test refined for BSD + compatibility. The feature probably will not work on OpenBSD. + - makedist fixup for ldns-src in build-dir. + +14 January 2008: Wouter + - in no debug sets NDEBUG to remove asserts. + - configure --enable-debug is needed for dependency generation + for assertions and for compiler warnings. + - ldns.tgz updated with ldns-trunk (where buffer.h is updated). + - fix lint, unit test in optimize mode. + - default access control allows ::ffff:127.0.0.1 v6mapped localhost. + +11 January 2008: Wouter + - man page, warning removed. + - added text describing the use of stub zones for private zones. + - checkconf tests for bad hostnames (IP address), and for doubled + interface lines. + - memory sizes can be given with 'k', 'Kb', or M or G appended. + +10 January 2008: Wouter + - typo in example.conf. + - made using ldns-src that is included the package more portable + by linking with .lo instead of .o files in the ldns package. + - nicer do-ip6: yes/no documentation. + - nicer linking of libevent .o files. + - man pages render correctly on solaris. + +9 January 2008: Wouter + - fixup openssl RAND problem, when the system is not configured to + give entropy, and the rng needs to be seeded. + +8 January 2008: Wouter + - print median and quartiles with extensive logging. + +4 January 2008: Wouter + - document misconfiguration in private network. + +2 January 2008: Wouter + - fixup typo in requirements. + - document that 'refused' is a better choice than 'drop' for + the access control list, as refused will stop retries. + +7 December 2007: Wouter + - unbound-host has a -d option to show what happens. This can help + with debugging (why do I get this answer). + - fixup CNAME handling, on nodata, sets and display canonname. + - dot removed from CNAME display. + - respect -v for NXDOMAINs. + - updated ldns-src.tar.gz with ldns-trunk today (1.2.2 fixes). + - size_t to int for portability of the header file. + - fixup bogus handling. + - dependencies and lint for unbound-host. + +6 December 2007: Wouter + - library resolution works in foreground mode, unbound-host app + receives data. + - unbound-host prints rdata using ldns. + - unbound-host accepts trust anchors, and prints validation + information when you give -v. + +5 December 2007: Wouter + - locking in context_new() inside the function. + - setup of libworker. + +4 December 2007: Wouter + - minor Makefile fixup. + - moved module-stack code out of daemon/daemon into services/modstack, + preparing for code-reuse. + - move context into own header file. + - context query structure. + - removed unused variable pwd from checkconf. + - removed unused assignment from outside netw. + - check timeval length of string. + - fixup error in val_utils getsigner. + - fixup same (*var) error in netblocktostr. + - fixup memleak on parse error in localzone. + - fixup memleak on packet parse error. + - put ; after union in parser.y. + - small hardening in iter_operate against iq==NULL. + - hardening, if error reply with rcode=0 (noerror) send servfail. + - fixup same (*var) error in find_rrset in msgparse, was harmless. + - check return value of evtimer_add(). + - fixup lockorder in lruhash_reclaim(), building up a list of locked + entries one at a time. Instead they are removed and unlocked. + - fptr_wlist for markdelfunc. + - removed is_locked param from lruhash delkeyfunc. + - moved bin_unlock during bin_split purely to please. + +3 December 2007: Wouter + - changed checkconf/ to smallapp/ to make room for more support tools. + (such as unbound-host). + - install dirs created with -m 755 because they need to be accessible. + - library extensive featurelist added to TODO. + - please doxygen, lint. + - library test application, with basic functionality. + - fix for building in a subdirectory. + - link lib fix for Leopard. + +30 November 2007: Wouter + - makefile that creates libunbound.la, basic file or libunbound.a + when creating static executables (no libtool). + - more API setup. + +29 November 2007: Wouter + - 0.9 public API start. + +28 November 2007: Wouter + - Changeup plan for 0.8 - no complication needed, a simple solution + has been chosen for authoritative features. + - you can use single quotes in the config file, so it is possible + to specify TXT records in local data. + - fixup small memory problem in implicit transparent zone creation. + - test for implicit zone creation and multiple RR RRsets local data. + - local-zone nodefault test. + - show testbound testlist on commit. + - iterator normalizer changes CNAME chains ending in NXDOMAIN where + the packet got rcode NXDOMAIN into rcode NOERROR. (since the initial + domain exists). + - nicer verbosity: 0 and 1 levels. + - lower nonRDquery chance of eliciting wrongly typed validation + requiring message from the cache. + - fix for nonRDquery validation typing; nodata is detected when + SOA record in auth section (all validation-requiring nodata messages + have a SOA record in authority, so this is OK for the validator), + and NS record is needed to be a referral. + - duplicate checking when adding NSECs for a CNAME, and test. + - created svn tag 0.8, after completing testbed tests. + +27 November 2007: Wouter + - per suggestion in rfc2308, replaced default max-ttl value with 1 day. + - set size of msgparse lookup table to 32, from 1024, so that its size + is below the 2048 regional large size threshold, and does not cause + a call to malloc when a message is parsed. + - update of memstats tool to print number of allocation calls. + This is what is taking time (not space) and indicates the avg size + of the allocations as well. region_alloc stat is removed. + +22 November 2007: Wouter + - noted EDNS in-the-middle dropping trouble as a TODO. + At this point theoretical, no user trouble has been reported. + - added all default AS112 zones. + - answers from local zone content. + * positive answer, the rrset in question + * nodata answer (exist, but not that type). + * nxdomain answer (domain does not exist). + * empty-nonterminal answer. + * But not: wildcard, nsec, referral, rrsig, cname/dname, + or additional section processing, NS put in auth. + - test for correct working of static and transparent and couple + of important defaults (localhost, as112, reverses). + Also checks deny and refuse settings. + - fixup implicit zone generation and AA bit for NXDOMAIN on localdata. + +21 November 2007: Wouter + - local zone internal data setup. + +20 November 2007: Wouter + - 0.8 - str2list config support for double string config options. + - local-zone and local-data options, config storage and documentation. + +19 November 2007: Wouter + - do not downcase NSEC and RRSIG for verification. Follows + draft-ietf-dnsext-dnssec-bis-updates-06.txt. + - fixup leaking unbound daemons at end of tests. + - README file updated. + - nice libevent not found error. + - README talks about gnu make. + - 0.8: unit test for addr_mask and fixups for it. + and unit test for addr_in_common(). + - 0.8: access-control config file element. + and unit test rpl replay file. + - 0.8: fixup address reporting from netevent. + +16 November 2007: Wouter + - privilege separation is not needed in unbound at this time. + TODO item marked as such. + - created beta-0.7 branch for support. + - tagged 0.7 for beta release. + - moved trunk to 0.8 for 0.8(auth features) development. + - 0.8: access control list setup. + +15 November 2007: Wouter + - review fixups from Jelte. + +14 November 2007: Wouter + - testbed script does not recreate configure, since its in svn now. + - fixup checkconf test so that it does not test + /etc/unbound/unbound.conf. + - tag 0.6. + +13 November 2007: Wouter + - remove debug print. + - fixup testbound exit when LIBEVENT_SIGNAL_PROBLEM exists. + +12 November 2007: Wouter + - fixup signal handling where SIGTERM could be ignored if a SIGHUP + arrives later on. + - bugreports to unbound-bugs@nlnetlabs.nl + - fixup testbound so it exits cleanly. + - cleanup the caches on a reload, so that rrsetID numbers won't clash. + +9 November 2007: Wouter + - took ldns snapshot in repo. + - default config file is /etc/unbound/unbound.conf. + If it doesn't exist, it is installed with the doc/example.conf file. + The file is not deleted on uninstall. + - default listening is not all, but localhost interfaces. + +8 November 2007: Wouter + - Fixup chroot and drop user privileges. + - new L root ip address in default hints. + +1 November 2007: Wouter + - Fixup of crash on reload, due to anchors in env not NULLed after + dealloc during deinit. + - Fixup of chroot call. Happens after privileges are dropped, so + that checking the passwd entry still works. + - minor touch up of clear() hashtable function. + - VERB_DETAIL prints out what chdir, username, chroot is being done. + - when id numbers run out, caches are cleared, as in design notes. + Tested with a mock setup with very few bits in id, it worked. + - harden-dnssec-stripped: yes is now default. It insists on dnssec + data for trust anchors. Included tests for the feature. + +31 October 2007: Wouter + - cache-max-ttl config option. + - building outside sourcedir works again. + - defaults more secure: + username: "unbound" + chroot: "/etc/unbound" + The operator can override them to be less secure ("") if necessary. + - fix horrible oversight in sorting rrset references in a message, + sort per reference key pointer, not on referencepointer itself. + - pidfile: "/etc/unbound/unbound.pid" is now the default. + - tests changed to reflect the updated default. + - created hashtable clear() function that respects locks. + +30 October 2007: Wouter + - fixup assertion failure that relied on compressed names to be + smaller than uncompressed names. A packet from comrite.com was seen + to be compressed to a larger size. Added it as unit test. + - quieter logging at low verbosity level for common tcp messages. + - no greedy TTL update. + +23 October 2007: Wouter + - fixup (grand-)parent problem for dnssec-lameness detection. + - fixup tests to do additional section processing for lame replies, + since the detection needs that. + - no longer trust in query section in reply during dnssec lame detect. + - dnssec lameness does not make the server never ever queried, but + non-preferred. If no other servers exist or answer, the dnssec lame + server is used; the fastest dnssec lame server is chosen. + - added test then when trust anchor cannot be primed (nodata), the + insecure mode from unbound works. + - Fixup max queries per thread, any more are dropped. + +22 October 2007: Wouter + - added donotquerylocalhost config option. Can be turned off for + out test cases. + - ISO C compat changes. + - detect RA-no-AA lameness, as LAME. + - DNSSEC-lameness detection, as LAME. + See notes in requirements.txt for choices made. + - tests for lameness detection. + - added all to make test target; need unbound for fwd tests. + - testbound does not pollute /etc/unbound. + +19 October 2007: Wouter + - added configure (and its files) to svn, so that the trunk is easier + to use. ./configure, config.guess, config.sub, ltmain.sh, + and config.h.in. + - added yacc/lex generated files, util/configlexer.c, + util/configparser.c util/configparser.h, to svn. + - without lex no attempt to use it. + - unsecure response validation collated into one block. + - remove warning about const cast of cfgfile name. + - outgoing-interfaces can be different from service interfaces. + - ldns-src configure is done during unbound configure and + ldns-src make is done during unbound make, and so inherits the + make arguments from the unbound make invocation. + - nicer error when libevent problem causes instant exit on signal. + - read root hints from a root hint file (like BIND does). + +18 October 2007: Wouter + - addresses are logged with errors. + - fixup testcode fake event to remove pending before callback + since the callback may create new pending items. + - tests updated because retries are now in iterator module. + - ldns-testpkts code is checked for differences between unbound + and ldns by makedist.sh. + - ldns trunk from today added in svn repo for fallback in case + no ldns is installed on the system. + make download_ldns refreshes the tarball with ldns svn trunk. + - ldns-src.tar.gz is used if no ldns is found on the system, and + statically linked into unbound. + - start of regional allocator code. + - regional uses less memory and variables, simplified code. + - remove of region-allocator. + - alloc cache keeps a cache of recently released regional blocks, + up to a maximum. + - make unit test cleanly free memory. + +17 October 2007: Wouter + - fixup another cycle detect and ns-addr timeout resolution bug. + This time by refusing delegations from the cache without addresses + when resolving a mandatory-glue nameserver-address for that zone. + We're going to have to ask a TLD server anyway; might as well be + the TLD server for this name. And this resolves a lot of cases where + the other nameserver names lead to cycles or are not available. + - changed random generator from random(3) clone to arc4random wrapped + for thread safety. The random generator is initialised with + entropy from the system. + - fix crash where failure to prime DNSKEY tried to print null pointer + in the log message. + - removed some debug prints, only verb_algo (4) enables them. + - fixup test; new random generator took new paths; such as one + where no scripted answer was available. + - mark insecure RRs as insecure. + - fixup removal of nonsecure items from the additional. + - reduced timeout values to more realistic, 376 msec (262 msec has + 90% of roundtrip times, 512 msec has 99% of roundtrip times.) + - server selection failover to next server after timeout (376 msec). + +16 October 2007: Wouter + - no malloc in log_hex. + - assertions around system calls. + - protect against gethostname without ending zero. + - ntop output is null terminated by unbound. + - pidfile content null termination + - various snprintf use sizeof(stringbuf) instead of fixed constant. + - changed loopdetect % 8 with & 0x7 since % can become negative for + weird negative input and particular interpretation of integer math. + - dname_pkt_copy checks length of result, to protect result buffers. + prints an error, this should not happen. Bad strings should have + been rejected earlier in the program. + - remove a size_t underflow from msgreply size func. + +15 October 2007: Wouter + - nicer warning. + - fix IP6 TCP, wrong definition check. With test package. + - fixup the fact that the query section was not compressed to, + the code was there but was called by value instead of by reference. + And test for the case, uses xxd and nc. + - more portable ip6 check for sockaddr types. + +8 October 2007: Wouter + - --disable-rpath option in configure for 64bit systems with + several dynamic lib dirs. + +7 October 2007: Wouter + - fixup tests for no AD bit in non-DO queries. + - test that makes sure AD bit is not set on non-DO query. + +6 October 2007: Wouter + - removed logfile open early. It did not have the proper permissions; + it was opened as root instead of the user. And we cannot change user + id yet, since chroot and bind ports need to be done. + - callback checks for event callbacks done from mini_event. Because + of deletions cannot do this from netevent. This means when using + libevent the protection does not work on event-callbacks. + - fixup too small reply (did not zero counts). + - fixup reply no longer AD bit when query without DO bit. + +5 October 2007: Wouter + - function pointer whitelist. + +4 October 2007: Wouter + - overwrite sensitive random seed value after use. + - switch to logfile very soon if not -d (console attached). + - error messages do not reveal the trustanchor contents. + - start work on function pointer whitelists. + +3 October 2007: Wouter + - fix for multiple empty nonterminals, after multiple DSes in the + chain of trust. + - mesh checks if modules are looping, and stops them. + - refetch with CNAMEd nameserver address regression test added. + - fixup line count bug in testcode, so testbound prints correct line + number with parse errors. + - unit test for multiple ENT case. + - fix for cname out of validated unsec zone. + - fixup nasty id=0 reuse. Also added assertions to detect its + return (the assertion catches in the existing test cases). + +1 October 2007: Wouter + - skip F77, CXX, objC tests in configure step. + - fixup crash in refetch glue after a CNAME. + and protection against similar failures (with error print). + +28 September 2007: Wouter + - test case for unbound-checkconf, fixed so it also checks the + interface: statements. + +26 September 2007: Wouter + - SIGHUP will reopen the log file. + - Option to log to syslog. + - please lint, fixup tests (that went to syslog on open, oops). + - config check program. + +25 September 2007: Wouter + - tests for NSEC3. Fixup bitmap checks for NSEC3. + - positive ANY response needs to check if wildcard expansion, and + check that original data did not exist. + - tests for NSEC3 that wrong use of OPTOUT is bad. For insecure + delegation, for abuse of child zone apex nsec3. + - create 0.5 release tag. + +24 September 2007: Wouter + - do not make test programs by default. + - But 'make test' will perform all of the tests. + - Advertise builtin select libevent alternative when no libevent + is found. + - signit can generate NSEC3 hashes, for generating tests. + - multiple nsec3 paramaters in message test. + - too high nsec3 iterations becomes insecure test. + +21 September 2007: Wouter + - fixup empty_DS_name allocated in wrong region (port DEC Alpha). + - fixup testcode lock safety (port FreeBSD). + - removes subscript has type char warnings (port Solaris 9). + - fixup of field with format type to int (port MacOS/X intel). + - added test for infinite loop case in nonRD answer validation. + It was a more general problem, but hard to reproduce. When an + unsigned rrset is being validated and the key fetched, the DS + sequence is followed, but if the final name has no DS, then no + proof is possible - the signature has been stripped off. + +20 September 2007: Wouter + - fixup and test for NSEC wildcard with empty nonterminals. + - makedist.sh fixup for svn info. + - acl features request in plan. + - improved DS empty nonterminal handling. + - compat with ANS nxdomain for empty nonterminals. Attempts the nodata + proof anyway, which succeeds in ANS failure case. + - striplab protection in case it becomes -1. + - plans for static and blacklist config. + +19 September 2007: Wouter + - comments about non-packed usage. + - plan for overload support in 0.6. + - added testbound tests for a failed resolution from the logs + and for failed prime when missing glue. + - fixup so useless delegation points are not returned from the + cache. Also the safety belt is used if priming fails to complete. + - fixup NSEC rdata not to be lowercased, bind compat. + +18 September 2007: Wouter + - wildcard nsec3 testcases, and fixup to get correct wildcard name. + - validator prints subtype classification for debug. + +17 September 2007: Wouter + - NSEC3 hash cache unit test. + - validator nsec3 nameerror test. + +14 September 2007: Wouter + - nsec3 nodata proof, nods proof, wildcard proof. + - nsec3 support for cname chain ending in noerror or nodata. + - validator calls nsec3 proof routines if no NSECs prove anything. + - fixup iterator bug where it stored the answer to a cname under + the wrong qname into the cache. When prepending the cnames, the + qname has to be reset to the original qname. + +13 September 2007: Wouter + - nsec3 find matching and covering, ce proof, prove namerror msg. + +12 September 2007: Wouter + - fixup of manual page warnings, like for NSD bugreport. + - nsec3 work, config, max iterations, filter, and hash cache. + +6 September 2007: Wouter + - fixup to find libevent on mac port install. + - fixup size_t vs unsigned portability in validator/sigcrypt. + - please compiler on different platforms, for unreachable code. + - val_nsec3 file. + - pthread_rwlock type is optional, in case of old pthread libs. + +5 September 2007: Wouter + - cname, name error validator tests. + - logging of qtype ANY works. + - ANY type answers get RRSIG in answer section of replies (but not + in other sections, unless DO bit is on). + - testbound can replay a TCP query (set MATCH TCP in the QUERY). + - DS and noDS referral validation test. + - if you configure many trust anchors, parent trust anchors can + securely deny existance of child trust anchors, if validated. + - not all *.name NSECs are present because a wildcard was matched, + and *.name NSECs can prove nodata for empty nonterminals. + Also, for wildcard name NSECs, check they are not from the parent + zone (for wildcarded zone cuts), and check absence of CNAME bit, + for a nodata proof. + - configure option for memory allocation debugging. + - port configure option for memory allocation to solaris10. + +4 September 2007: Wouter + - fixup of Leakage warning when serviced queries processed multiple + callbacks for the same query from the same server. + - testbound removes config file from /tmp on failed exit. + - fixup for referral cleanup of the additional section. + - tests for cname, referral validation. + - neater testbound tpkg output. + - DNAMEs no longer match their apex when synthesized from the cache. + - find correct signer name for DNAME responses. + - wildcarded DNAME test and fixup code to detect. + - prepend NSEC and NSEC3 rrsets in the iterator while chasing CNAMEs. + So that wildcarded CNAMEs get their NSEC with them to the answer. + - test for a CNAME to a DNAME to a CNAME to an answer, all from + different domains, for key fetching and signature checking of + CNAME'd messages. + +3 September 2007: Wouter + - Fixed error in iterator that would cause assertion failure in + validator. CNAME to a NXDOMAIN response was collated into a response + with both a CNAME and the NXDOMAIN rcode. Added a test that the + rcode is changed to NOERROR (because of the CNAME). + - timeout on tcp does not lead to spurious leakage detect. + - account memory for name of lame zones, so that memory leakages does + not show lame cache growth as a leakage growth. + - config setting for lameness cache expressed in bytes, instead of + number of entries. + - tool too summarize allocations per code line. + +31 August 2007: Wouter + - can read bind trusted-keys { ... }; files, in a compatibility mode. + - iterator should not detach target queries that it still could need. + the protection against multiple outstanding queries is moved to a + current_query num check. + - validator nodata, positive, referral tests. + - dname print can print '*' wildcard. + +30 August 2007: Wouter + - fixup override date config option. + - config options to control memory usage. + - caught bad free of un-alloced data in worker_send error case. + - memory accounting for key cache (trust anchors and temporary cache). + - memory accounting fixup for outside network tcp pending waits. + - memory accounting fixup for outside network tcp callbacks. + - memory accounting for iterator fixed storage. + - key cache size and slabs config options. + - lib crypto cleanups at exit. + +29 August 2007: Wouter + - test tool to sign rrsets for testing validator with. + - added RSA and DSA test keys, public and private pairs, 512 bits. + - default configuration is with validation enabled. + Only a trust-anchor needs to be configured for DNSSEC to work. + - do not convert to DER for DSA signature verification. + - validator replay test file, for a DS to DNSKEY DSA key prime and + positive response. + +28 August 2007: Wouter + - removed double use for udp buffers, that could fail, + instead performs a malloc to do the backup. + - validator validates referral messages, by validating all the rrsets + and stores the rrsets in the cache. Further referral (nonRD queries) + replies are made from the rrset cache directly. Unless unchecked + rrsets are encountered, there are then validated. + - enforce that signing is done by a parent domain (or same domain). + - adjust TTL downwards if rrset TTL bigger than signature allows. + - permissive mode feature, sets AD bit for secure, but bogus does + not give servfail (bogus is changed into indeterminate). + - optimization of rrset verification. rr canonical sorting is reused, + for the same rrset. canonical rrset image in buffer is reused for + the same signature. + - if the rrset is too big (64k exactly + large owner name) the + canonicalization routine will fail if it does not fit in buffer. + - faster verification for large sigsets. + - verb_detail mode reports validation failures, but not the entire + algorithm for validation. Key prime failures are reported as + verb_ops level. + +27 August 2007: Wouter + - do not garble the edns if a cache answer fails. + - answer norecursive from cache if possible. + - honor clean_additional setting when returning secure non-recursive + referrals. + - do not store referral in msg cache for nonRD queries. + - store verification status in the rrset cache to speed up future + verification. + - mark rrsets indeterminate and insecure if they are found to be so. + and store this in the cache. + +24 August 2007: Wouter + - message is bogus if unsecure authority rrsets are present. + - val-clean-additional option, so you can turn it off. + - move rrset verification out of the specific proof types into one + routine. This makes the proof routines prettier. + - fixup cname handling in validator, cname-to-positive and cname-to- + nodata work. + - Do not synthesize DNSKEY and DS responses from the rrset cache if + the rrset is from the additional section. Signatures may have + fallen off the packet, and cause validation failure. + - more verbose signature date errors (with the date attached). + - increased default infrastructure cache size. It is important for + performance, and 1000 entries are only 212k (or a 400 k total cache + size). To 10000 entries (for 2M entries, 4M cache size). + +23 August 2007: Wouter + - CNAME handling - move needs_validation to before val_new(). + val_new() setups the chase-reply to be an edited copy of the msg. + new classification, and find signer can find for it. + removal of unsigned crap from additional, and query restart for + cname. + - refuse to follow wildcarded DNAMEs when validating. + But you can query for qtype ANY, or qtype DNAME and validate that. + +22 August 2007: Wouter + - bogus TTL. + - review - use val_error(). + +21 August 2007: Wouter + - ANY response validation. + - store security status in cache. + - check cache security status and either send the query to be + validated, return the query to client, or send servfail to client. + Sets AD bit on validated replies. + - do not examine security status on an error reply in mesh_done. + - construct DS, DNSKEY messages from rrset cache. + - manual page entry for override-date. + +20 August 2007: Wouter + - validate and positive validation, positive wildcard NSEC validation. + - nodata validation, nxdomain validation. + +18 August 2007: Wouter + - process DNSKEY response in FINDKEY state. + +17 August 2007: Wouter + - work on DS2KE routine. + - val_nsec.c for validator NSEC proofs. + - unit test for NSEC bitmap reading. + - dname iswild and canonical_compare with unit tests. + +16 August 2007: Wouter + - DS sig unit test. + - latest release libevent 1.3c and 1.3d have threading fixed. + - key entry fixup data pointer and ttl absolute. + - This makes a key-prime succeed in validator, with DS or DNSKEY as + trust-anchor. + - fixup canonical compare byfield routine, fix bug and also neater. + - fixed iterator response type classification for queries of type + ANY and NS. + dig ANY gives sometimes NS rrset in AN and NS section, and parser + removes the NS section duplicate. dig NS gives sometimes the NS + in the answer section, as referral. + - validator FINDKEY state. + +15 August 2007: Wouter + - crypto calls to verify signatures. + - unit test for rrsig verification. + +14 August 2007: Wouter + - default outgoing ports changed to avoid port 2049 by default. + This port is widely blocked by firewalls. + - count infra lameness cache in memory size. + - accounting of memory improved + - outbound entries are allocated in the query region they are for. + - extensive debugging for memory allocations. + - --enable-lock-checks can be used to enable lock checking. + - protect undefs in config.h from autoheaders ministrations. + - print all received udp packets. log hex will print on multiple + lines if needed. + - fixed error in parser with backwards rrsig references. + - mark cycle targets for iterator did not have CD flag so failed + its task. + +13 August 2007: Wouter + - fixup makefile, if lexer is missing give nice error and do not + mess up the dependencies. + - canonical compare routine updated. + - canonical hinfo compare. + - printout list of the queries that the mesh is working on. + +10 August 2007: Wouter + - malloc and free overrides that track total allocation and frees. + for memory debugging. + - work on canonical sort. + +9 August 2007: Wouter + - canonicalization, signature checks + - dname signature label count and unit test. + - added debug heap size print to memory printout. + - typo fixup in worker.c + - -R needed on solaris. + - validator override option for date check testing. + +8 August 2007: Wouter + - ldns _raw routines created (in ldns trunk). + - sigcrypt DS digest routines + - val_utils uses sigcrypt to perform signature cryptography. + - sigcrypt keyset processing + +7 August 2007: Wouter + - security status type. + - security status is copied when rdata is equal for rrsets. + - rrset id is updated to invalidate all the message cache entries + that refer to NSEC, NSEC3, DNAME rrsets that have changed. + - val_util work + - val_sigcrypt file for validator signature checks. + +6 August 2007: Wouter + - key cache for validator. + - moved isroot and dellabel to own dname routines, with unit test. + +3 August 2007: Wouter + - replanning. + - scrubber check section of lame NS set. + - trust anchors can be in config file or read from zone file, + DS and DNSKEY entries. + - unit test trust anchor storage. + - trust anchors converted to packed rrsets. + - key entry definition. + +2 August 2007: Wouter + - configure change for latest libevent trunk version (needs -lrt). + - query_done and walk_supers are moved out of module interface. + - fixup delegation point duplicates. + - fixup iterator scrubber; lame NS set is let through the scrubber + so that the classification is lame. + - validator module exists, and does nothing but pass through, + with calling of next module and return. + - validator work. + +1 August 2007: Wouter + - set version to 0.5 + - module work for module to module interconnections. + - config of modules. + - detect cycle takes flags. + +31 July 2007: Wouter + - updated plan + - release 0.4 tag. + +30 July 2007: Wouter + - changed random state init, so that sequential process IDs are not + cancelled out by sequential thread-ids in the random number seed. + - the fwd_three test, which sends three queries to unbound, and + unbound is kept waiting by ldns-testns for 3 seconds, failed + because the retry timeout for default by unbound is 3 seconds too, + it would hit that timeout and fail the test. Changed so that unbound + is kept waiting for 2 seconds instead. + +27 July 2007: Wouter + - removed useless -C debug option. It did not work. + - text edit of documentation. + - added doc/CREDITS file, referred to by the manpages. + - updated planning. + +26 July 2007: Wouter + - cycle detection, for query state dependencies. Will attempt to + circumvent the cycle, but if no other targets available fails. + - unit test for AXFR, IXFR response. + - test for cycle detection. + +25 July 2007: Wouter + - testbound read ADDRESS and check it. + - test for version.bind and friends. + - test for iterator chaining through several referrals. + - test and fixup for refetch for glue. Refetch fails if glue + is still not provided. + +24 July 2007: Wouter + - Example section in config manual. + - Addr stored for range and moment in replay. + +20 July 2007: Wouter + - Check CNAME chain before returning cache entry with CNAMEs. + - Option harden-glue, default is on. It will discard out of zone + data. If disabled, performance is faster, but spoofing attempts + become a possibility. Note that still normalize scrubbing is done, + and that the potentially spoofed data is used for infrastructure + and not returned to the client. + - if glue times out, refetch by asking parent of delegation again. + Much like asking for DS at the parent side. + - TODO items from forgery-resilience draft. + and on memory handling improvements. + - renamed module_event_timeout to module_event_noreply. + - memory reporting code; reports on memory usage after handling + a network packet (not on cache replies). + +19 July 2007: Wouter + - shuffle NS selection when getting nameserver target addresses. + - fixup of deadlock warnings, yield cpu in checklock code so that + freebsd scheduler selects correct process to run. + - added identity and version config options and replies. + - store cname messages complete answers. + +18 July 2007: Wouter + - do not query addresses, 127.0.0.1, and ::1 by default. + +17 July 2007: Wouter + - forward zone options in config file. + - forward per zone in iterator. takes precendence over stubs. + - fixup commithooks. + - removed forward-to and forward-to-port features, subsumed by + new forward zones. + - fix parser to handle absent server: clause. + - change untrusted rrset test to account for scrubber that is now + applied during the test (which removes the poison, by the way). + - feature, addresses can be specified with @portnumber, like nsd.conf. + - test config files changed over to new forwarder syntax. + +27 June 2007: Wouter + - delete of mesh does a postorder traverse of the tree. + - found and fixed a memory leak. For TTL=0 messages, that would + not be cached, instead the msg-replyinfo structure was leaked. + - changed server selection so it will filter out hosts that are + unresponsive. This is defined as a host with the maximum rto value. + This means that unbound tried the host for retries up to 120 secs. + The rto value will time out after host-ttl seconds from the cache. + This keeps such unresolvable queries from taking up resources. + - utility for keeping histogram. + +26 June 2007: Wouter + - mesh is called by worker, and iterator uses it. + This removes the hierarchical code. + QueryTargets state and Finished state are merged for iterator. + - forwarder mode no longer sets AA bit on first reply. + - rcode in walk_supers is not needed. + +25 June 2007: Wouter + - more mesh work. + - error encode routine for ease. + +22 June 2007: Wouter + - removed unused _node iterator value from rbtree_t. Takes up space. + - iterator can handle querytargets state without a delegation point + set, so that a priming(stub) subquery error can be handled. + - iterator stores if it is priming or not. + - log_query_info() neater logging. + - changed iterator so that it does not alter module_qstate.qinfo + but keeps a chase query info. Also query_flags are not altered, + the iterator uses chase_flags. + - fixup crash in case no ports for the family exist. + +21 June 2007: Wouter + - Fixup secondary buffer in case of error callback. + - cleanup slumber list of runnable states. + - module_subreq_depth fails to work in slumber list. + - fixup query release for cached results to sub targets. + - neater error for tcp connection failure, shows addr in verbose. + - rbtree_init so that it can be used with preallocated memory. + +20 June 2007: Wouter + - new -C option to enable coredumps after forking away. + - doc update. + - fixup CNAME generation by scrubber, and memory allocation of it. + - fixup deletion of serviced queries when all callbacks delete too. + - set num target queries to 0 when you move them to slumber list. + - typo in check caused subquery errors to be ignored, fixed. + - make lint happy about rlim_t. + - freeup of modules after freeup of module-states. + - duplicate replies work, this uses secondary udp buffer in outnet. + +19 June 2007: Wouter + - nicer layout in stats.c, review 0.3 change. + - spelling improvement, review 0.3 change. + - uncapped timeout for server selection, so that very fast or slow + servers will stand out from the rest. + - target-fetch-policy: "3 2 1 0 0" config setting. + - fixup queries answered without RD bit (for root prime results). + - refuse AXFR and IXFR requests. + - fixup RD flag in error reply from iterator. fixup RA flag from + worker error reply. + - fixup encoding of very short edns buffer sizes, now sets TC bit. + - config options harden-short-bufsize and harden-large-queries. + +18 June 2007: Wouter + - same, move subqueries to slumber list when first has resolved. + - fixup last fix for duplicate callbacks. + - another offbyone in targetcounter. Also in Java prototype by the way. + +15 June 2007: Wouter + - if a query asks to be notified of the same serviced query result + multiple times, this will succeed. Only one callback will happen; + multiple outbound-list entries result (but the double cleanup of it + will not matter). + - when iterator moves on due to CNAME or referral, it will remove + the subqueries (for other targets). These are put on the slumber + list. + - state module wait subq is OK with no new subqs, an old one may have + stopped, with an error, and it is still waiting for other ones. + - if a query loops, halt entire query (easy way to clean up properly). + +14 June 2007: Wouter + - num query targets was > 0 , not >= 0 compared, so that fetch + policy of 0 did nothing. + +13 June 2007: Wouter + - debug option: configure --enable-static-exe for compile where + ldns and libevent are linked statically. Default is off. + - make install and make uninstall. Works with static-exe and without. + installation of unbound binary and manual pages. + - alignement problem fix on solaris 64. + - fixup address in case of TCP error. + +12 June 2007: Wouter + - num target queries was set to 0 at a bad time. Default it to 0 and + increase as target queries are done. + - synthesize CNAME and DNAME responses from the cache. + - Updated doxygen config for doxygen 1.5. + - aclocal newer version. + - doxygen 1.5 fixes for comments (for the strict check on docs). + +11 June 2007: Wouter + - replies on TCP queries have the address field set in replyinfo, + for serviced queries, because the initiator does not know that + a TCP fallback has occured. + - omit DNSSEC types from nonDO replies, except if qtype is ANY or + if qtype directly queries for the type (and then only show that + 'unknown type' in the answer section). + - fixed message parsing where rrsigs on their own would be put + in the signature list over the rrsig type. + +7 June 2007: Wouter + - fixup error in double linked list insertion for subqueries and + for outbound list of serviced queries for iterator module. + - nicer printout of outgoing port selection. + - fixup cname target readout. + - nicer debug output. + - fixup rrset counts when prepending CNAMEs to the answer. + - fixup rrset TTL for prepended CNAMEs. + - process better check for looping modules, and which submodule to + run next. + - subreq insertion code fixup for slumber list. + - VERB_DETAIL, verbosity: 2 level gives short but readable output. + VERB_ALGO, verbosity: 3 gives extensive output. + - fixup RA bit in cached replies. + - fixup CNAME responses from the cache no longer partial response. + - error in network send handled without leakage. + - enable ip6 from config, and try ip6 addresses if available, + if ip6 is not connected, skips to next server. + +5 June 2007: Wouter + - iterator state finished. + - subrequests without parent store in cache and stop. + - worker slumber list for ongoing promiscuous queries. + - subrequest error handling. + - priming failure returns SERVFAIL. + - priming gives LAME result, returns SERVFAIL. + - debug routine to print dns_msg as handled by iterator. + - memleak in config file stubs fixup. + - more small bugs, in scrubber, query compare no ID for lookup, + in dname validation for NS targets. + - sets entry.key for new special allocs. + - lognametypeclass can display unknown types and classes. + +4 June 2007: Wouter + - random selection of equally preferred nameserver targets. + - reply info copy routine. Reuses existing code. + - cache lameness in response handling. + - do not touch qstate after worker_process_query because it may have + been deleted by that routine. + - Prime response state. + - Process target response state. + - some memcmp changed to dname_compare for case preservation. + +1 June 2007: Wouter + - normalize incoming messages. Like unbound-java, with CNAME chain + checked, DNAME checked, CNAME's synthesized, glue checked. + - sanitize incoming messages. + - split msgreply encode functions into own file msgencode.c. + - msg_parse to queryinfo/replyinfo conversion more versatile. + - process_response, classify response, delegpt_from_message. + +31 May 2007: Wouter + - querytargets state. + - dname_subdomain_c() routine. + - server selection, based on RTT. ip6 is filtered out if not available, + and lameness is checked too. + - delegation point copy routine. + +30 May 2007: Wouter + - removed FLAG_CD from message and rrset caches. This was useful for + an agnostic forwarder, but not for a sophisticated (trust value per + rrset enabled) cache. + - iterator reponse typing. + - iterator cname handle. + - iterator prime start. + - subquery work. + - processInitRequest and processInitRequest2. + - cache synthesizes referral messages, with DS and NSEC. + - processInitRequest3. + - if a request creates multiple subrequests these are all activated. + +29 May 2007: Wouter + - routines to lock and unlock array of rrsets moved to cache/rrset. + - lookup message from msg cache (and copy to region). + - fixed cast error in dns msg lookup. + - message with duplicate rrset does not increase its TTLs twice. + - 'qnamesize' changed to 'qname_len' for similar naming scheme. + +25 May 2007: Wouter + - Acknowledge use of unbound-java code in iterator. Nicer readme. + - services/cache/dns.c DNS Cache. Hybrid cache uses msgcache and + rrset cache from module environment. + - packed rrset key has type and class as easily accessable struct + members. They are still kept in network format for fast msg encode. + - dns cache find_delegation routine. + - iterator main functions setup. + - dns cache lookup setup. + +24 May 2007: Wouter + - small changes to prepare for subqueries. + - iterator forwarder feature separated out. + - iterator hints stub code, config file stub code, so that first + testing can proceed locally. + - replay tests now have config option to enable forwarding mode. + +23 May 2007: Wouter + - outside network does precise timers for roundtrip estimates for rtt + and for setting timeout for UDP. Pending_udp takes milliseconds. + - cleaner iterator sockaddr conversion of forwarder address. + - iterator/iter_utils and iter_delegpt setup. + - root hints. + +22 May 2007: Wouter + - outbound query list for modules and support to callback with the + outbound entry to the module. + - testbound support for new serviced queries. + - test for retry to TCP cannot use testbound any longer. + - testns test for EDNS fallback, test for TCP fallback already exists. + - fixes for no-locking compile. + - mini_event timer precision and fix for change in timeouts during + timeout callback. Fix for fwd_three tests, performed nonexit query. + +21 May 2007: Wouter + - small comment on hash table locking. + - outside network serviced queries, contain edns and tcp fallback, + and udp retries and rtt timing. + +16 May 2007: Wouter + - lruhash_touch() would cause locking order problems. Fixup in + lock-verify in case locking cycle is found. + - services/cache/rrset.c for rrset cache code. + - special rrset_cache LRU updating function that uses the rrset id. + - no dependencies calculation when make clean is called. + - config settings for infra cache. + - daemon code slightly cleaner, only creates caches once. + +15 May 2007: Wouter + - host cache code. + - unit test for host cache. + +14 May 2007: Wouter + - Port to OS/X and Dec Alpha. Printf format and alignment fixes. + - extensive lock debug report on join timeout. + - proper RTT calculation, in utility code. + - setup of services/cache/infra, host cache. + +11 May 2007: Wouter + - iterator/iterator.c module. + - fixup to pass reply_info in testcode and in netevent. + +10 May 2007: Wouter + - created release-0.3 svn tag. + - util/module.h + - fixed compression - no longer compresses root name. + +9 May 2007: Wouter + - outside network cleans up waiting tcp queries on exit. + - fallback to TCP. + - testbound replay with retry in TCP mode. + - tpkg test for retry in TCP mode, against ldns-testns server. + - daemon checks max number of open files and complains if not enough. + - test where data expires in the cache. + - compiletests: fixed empty body ifstatements in alloc.c, in case + locks are disabled. + +8 May 2007: Wouter + - outgoing network keeps list of available tcp buffers for outgoing + tcp queries. + - outgoing-num-tcp config option. + - outgoing network keeps waiting list of queries waiting for buffer. + - netevent supports outgoing tcp commpoints, nonblocking connects. + +7 May 2007: Wouter + - EDNS read from query, used to make reply smaller. + - advertised edns value constants. + - EDNS BADVERS response, if asked for too high edns version. + - EDNS extended error reponses once the EDNS record from the query + has successfully been parsed. + +4 May 2007: Wouter + - msgreply sizefunc is more accurate. + - config settings for rrset cache size and slabs. + - hashtable insert takes argument so that a thread can use its own + alloc cache to store released keys. + - alloc cache special_release() locks if necessary. + - rrset trustworthiness type added. + - thread keeps a scratchpad region for handling messages. + - writev used in netevent to write tcp length and data after another. + This saves a roundtrip on tcp replies. + - test for one rrset updated in the cache. + - test for one rrset which is not updated, as it is not deemed + trustworthy enough. + - test for TTL refreshed in rrset. + +3 May 2007: Wouter + - fill refs. Use new parse and encode to answer queries. + - stores rrsets in cache. + - uses new msgreply format in cache. + +2 May 2007: Wouter + - dname unit tests in own file and spread out neatly in functions. + - more dname unit tests. + - message encoding creates truncated TC flagged messages if they do + not fit, and will leave out (whole)rrsets from additional if needed. + +1 May 2007: Wouter + - decompress query section, extremely lenient acceptance. + But only for answers from other servers, not for plain queries. + - compression and decompression test cases. + - some stats added. + - example.conf interface: line is changed from 127.0.0.1 which leads + to problems if used (restricting communication to the localhost), + to a documentation and test address. + +27 April 2007: Wouter + - removed iov usage, it is not good for dns message encoding. + - owner name compression more optimal. + - rrsig owner name compression. + - rdata domain name compression. + +26 April 2007: Wouter + - floating point exception fix in lock-verify. + - lint uses make dependency + - fixup lint in dname owner domain name compression code. + - define for offset range that can be compressed to. + +25 April 2007: Wouter + - prettier code; parse_rrset->type kept in host byte order. + - datatype used for hashvalue of converted rrsig structure. + - unit test compares edns section data too. + +24 April 2007: Wouter + - ttl per RR, for RRSIG rrsets and others. + - dname_print debug function. + - if type is not known, size calc will skip DNAME decompression. + - RRSIG parsing and storing and putting in messages. + - dnssec enabled unit tests (from nlnetlabs.nl and se queries). + - EDNS extraction routine. + +20 April 2007: Wouter + - code comes through all of the unit tests now. + - disabled warning about spurious extra data. + - documented the RRSIG parse plan in msgparse.h. + - rrsig reading and outputting. + +19 April 2007: Wouter + - fix unit test to actually to tests. + - fix write iov helper, and fakevent code. + - extra builtin testcase (small packet). + - ttl converted to network format in packets. + - flags converted correctly + - rdatalen off by 2 error fixup. + - uses less iov space for header. + +18 April 2007: Wouter + - review of msgparse code. + - smaller test cases. + +17 April 2007: Wouter + - copy and decompress dnames. + - store calculated hash value too. + - routine to create message out of stored information. + - util/data/msgparse.c for message parsing code. + - unit test, and first fixes because of test. + * forgot rrset_count addition. + * did & of ptr on stack for memory position calculation. + * dname_pkt_copy forgot to read next label length. + - test from file and fixes + * double frees fixed in error conditions. + * types with less than full rdata allowed by parser. + Some dynamic update packets seem to use it. + +16 April 2007: Wouter + - following a small change in LDNS, parsing code calculates the + memory size to allocate for rrs. + - code to handle ID creation. + +13 April 2007: Wouter + - parse routines. Code that parses rrsets, rrs. + +12 April 2007: Wouter + - dname compare routine that preserves case, with unit tests. + +11 April 2007: Wouter + - parse work - dname packet parse, msgparse, querysection parse, + start of sectionparse. + +10 April 2007: Wouter + - Improved alignment of reply_info packet, nice for 32 and 64 bit. + - Put RRset counts in reply_info, because the number of RRs can change + due to RRset updates. + - import of region-allocator code from nsd. + - set alloc special type to ub_packed_rrset_key. + Uses lruhash entry overflow chain next pointer in alloc cache. + - doxygen documentation for region-allocator. + - setup for parse scratch data. + +5 April 2007: Wouter + - discussed packed rrset with Jelte. + +4 April 2007: Wouter + - moved to version 0.3. + - added util/data/dname.c + - layout of memory for rrsets. + +3 April 2007: Wouter + - detect sign of msghdr.msg_iovlen so that the cast to that type + in netevent (which is there to please lint) can be correct. + The type on several OSes ranges from int, int32, uint32, size_t. + Detects unsigned or signed using math trick. + - constants for DNS flags. + - compilation without locks fixup. + - removed include of unportable header from lookup3.c. + - more portable use of struct msghdr. + - casts for printf warning portability. + - tweaks to tests to port them to the testbed. + - 0.2 tag created. + +2 April 2007: Wouter + - check sizes of udp received messages, not too short. + - review changes. Some memmoves can be memcpys: 4byte aligned. + set id correctly on cached answers. + - review changes msgreply.c, memleak on error condition. AA flag + clear on cached reply. Lowercase queries on hashing. + unit test on lowercasing. Test AA bit not set on cached reply. + Note that no TTLs are managed. + +29 March 2007: Wouter + - writev or sendmsg used when answering from cache. + This avoids a copy of the data. + - do not do useless byteswap on query id. Store reply flags in uint16 + for easier access (and no repeated byteswapping). + - reviewed code. + - configure detects and config.h includes sys/uio.h for writev decl. + +28 March 2007: Wouter + - new config option: num-queries-per-thread. + - added tpkg test for answering three queries at the same time + using one thread (from the query service list). + +27 March 2007: Wouter + - added test for cache and not cached answers, in testbound replays. + - testbound can give config file and commandline options from the + replay file to unbound. + - created test that checks if items drop out of the cache. + - added word 'partitioned hash table' to documentation on slab hash. + A slab hash is a partitioned hash table. + - worker can handle multiple queries at a time. + +26 March 2007: Wouter + - config settings for slab hash message cache. + - test for cached answer. + - Fixup deleting fake answer from testbound list. + +23 March 2007: Wouter + - review of yesterday's commits. + - covered up memory leak of the entry locks. + - answers from the cache correctly. Copies flags correctly. + - sanity check for incoming query replies. + - slabbed hash table. Much nicer contention, need dual cpu to see. + +22 March 2007: Wouter + - AIX configure check. + - lock-verify can handle references to locks that are created + in files it has not yet read in. + - threaded hash table test. + - unit test runs lock-verify afterwards and checks result. + - need writelock to update data on hash_insert. + - message cache code, msgreply code. + +21 March 2007: Wouter + - unit test of hash table, fixup locking problem in table_grow(). + - fixup accounting of sizes for removing items from hashtable. + - unit test for hash table, single threaded test of integrity. + - lock-verify reports errors nicely. More quiet in operation. + +16 March 2007: Wouter + - lock-verifier, checks consistent order of locking. + +14 March 2007: Wouter + - hash table insert (and subroutines) and lookup implemented. + - hash table remove. + - unit tests for hash internal bin, lru functions. + +13 March 2007: Wouter + - lock_unprotect in checklocks. + - util/storage/lruhash.h for LRU hash table structure. + +12 March 2007: Wouter + - configure.ac moved to 0.2. + - query_info and replymsg util/data structure. + +9 March 2007: Wouter + - added rwlock writelock checking. + So it will keep track of the writelock, and readlocks are enforced + to not change protected memory areas. + - log_hex function to dump hex strings to the logfile. + - checklocks zeroes its destroyed lock after checking memory areas. + - unit test for alloc. + - identifier for union in checklocks to please older compilers. + - created 0.1 tag. + +8 March 2007: Wouter + - Reviewed checklock code. + +7 March 2007: Wouter + - created a wrapper around thread calls that performs some basic + checking for data race and deadlock, and basic performance + contention measurement. + +6 March 2007: Wouter + - Testbed works with threading (different machines, different options). + - alloc work, does the special type. + +2 March 2007: Wouter + - do not compile fork funcs unless needed. Otherwise will give + type errors as their typedefs have not been enabled. + - log shows thread numbers much more nicely (and portably). + - even on systems with nonthreadsafe libevent signal handling, + unbound will exit if given a signal. + Reloads will not work, and exit is not graceful. + - start of alloc framework layout. + +1 March 2007: Wouter + - Signals, libevent and threads work well, with libevent patch and + changes to code (close after event_del). + - set ipc pipes nonblocking. + +27 February 2007: Wouter + - ub_thread_join portable definition. + - forking is used if no threading is available. + Tested, it works, since pipes work across processes as well. + Thread_join is replaced with waitpid. + - During reloads the daemon will temporarily handle signals, + so that they do not result in problems. + - Also randomize the outgoing port range for tests. + - If query list is full, will stop selecting listening ports for read. + This makes all threads service incoming requests, instead of one. + No memory is leaking during reloads, service of queries, etc. + - test that uses ldns-testns -f to test threading. Have to answer + three queries at the same time. + - with verbose=0 operates quietly. + +26 February 2007: Wouter + - ub_random code used to select ID and port. + - log code prints thread id. + - unbound can thread itself, with reload(HUP) and quit working + correctly. + - don't open pipes for #0, doesn't need it. + - listens to SIGTERM, SIGQUIT, SIGINT (all quit) and SIGHUP (reload). + +23 February 2007: Wouter + - Can do reloads on sigHUP. Everything is stopped, and freed, + except the listening ports. Then the config file is reread. + And everything is started again (and listening ports if needed). + - Ports for queries are shared. + - config file added interface:, chroot: and username:. + - config file: directory, logfile, pidfile. And they work too. + - will daemonize by default now. Use -d to stay in the foreground. + - got BSD random[256 state] code, made it threadsafe. util/random. + +22 February 2007: Wouter + - Have a config file. Removed commandline options, moved to config. + - tests use config file. + +21 February 2007: Wouter + - put -c option in man page. + - minievent fd array capped by FD_SETSIZE. + +20 February 2007: Wouter + - Added locks code and pthread spinlock detection. + - can use no locks, or solaris native thread library. + - added yacc and lex configure, and config file parsing code. + also makedist.sh, and manpage. + - put include errno.h in config.h + +19 February 2007: Wouter + - Created 0.0 svn tag. + - added acx_pthread.m4 autoconf check for pthreads from + the autoconf archive. It is GPL-with-autoconf-exception Licensed. + You can specify --with-pthreads, or --without-pthreads to configure. + +16 February 2007: Wouter + - Updated testbed script, works better by using make on remote end. + - removed check decls, we can compile without them. + - makefile supports LIBOBJ replacements. + - docs checks ignore compat code. + - added util/mini-event.c and .h, a select based alternative used with + ./configure --with-libevent=no + It is limited to 1024 file descriptors, and has less features. + - will not create ip6 sockets if ip6 not on the machine. + +15 February 2007: Wouter + - port to FreeBSD 4.11 Dec Alpha. Also works on Solaris 10 sparc64, + Solaris 9, FreeBSD 6, Linux i386 and OSX powerpc. + - malloc rndstate, so that it is aligned for access. + - fixed rbtree cleanup with postorder traverse. + - fixed pending messages are deleted when handled. + - You can control verbosity; default is not verbose, every -v + adds more verbosity. + +14 February 2007: Wouter + - Included configure.ac changes from ldns. + - detect (some) headers before the standards check. + - do not use isblank to test c99, since its not available on solaris9. + - review of testcode. + * entries in a RANGE are no longer reversed. + * print name of file with replay entry parse errors. + - port to OSX: cast to int for some prints of sizet. + - Makefile copies ldnstestpkts.c before doing dependencies on it. + +13 February 2007: Wouter + - work on fake events, first fwd replay works. + - events can do timeouts and errors on queries to servers. + - test package that runs replay scenarios. + +12 February 2007: Wouter + - work on fake events. + +9 February 2007: Wouter + - replay file reading. + - fake event setup, it creates fake structures, and teardowns, + added signal callbacks to reply to be able to fake those, + and main structure of event replay routines. + +8 February 2007: Wouter + - added tcp test. + - replay storage. + - testcode/fake_event work. + +7 February 2007: Wouter + - return answer with the same ID as query was sent with. + - created udp forwarder test. I've done some effort to make it perform + quickly. After servers are created, no big sleep statements but + it checks the logfiles to see if servers have come up. Takes 0.14s. + - set addrlen value when calling recvfrom. + - comparison of addrs more portable. + - LIBEVENT option for testbed to set libevent directory. + - work on tcp input. + +6 February 2007: Wouter + - reviewed code and improved in places. + +5 February 2007: Wouter + - Picked up stdc99 and other define tests from ldns. Improved + POSIX define test to include getaddrinfo. + - defined constants for netevent callback error code. + - unit test for strisip6. + +2 February 2007: Wouter + - Created udp4 and udp6 port arrays to provide service for both + address families. + - uses IPV6_USE_MIN_MTU for udp6 ,IPV6_V6ONLY to make ip6 sockets. + - listens on both ip4 and ip6 ports to provide correct return address. + - worker fwder address filled correctly. + - fixup timer code. + - forwards udp queries and sends answer. + +1 February 2007: Wouter + - outside network more UDP work. + - moved * closer to type. + - comm_timer object and events. + +31 January 2007: Wouter + - Added makedist.sh script to make release tarball. + - Removed listen callback layer, did not add anything. + - Added UDP recv to netevent, worker callback for udp. + - netevent communication reply storage structure. + - minimal query header sanity checking for worker. + - copied over rbtree implementation from NSD (BSD licensed too). + - outgoing network query service work. + +30 January 2007: Wouter + - links in example/ldns-testpkts.c and .h for premade packet support. + - added callback argument to listen_dnsport and daemon/worker. + +29 January 2007: Wouter + - unbound.8 a short manpage. + +26 January 2007: Wouter + - fixed memleak. + - make lint works on BSD and Linux (openssl defines). + - make tags works. + - testbound program start. + +25 January 2007: Wouter + - fixed lint so it may work on BSD. + - put license into header of every file. + - created verbosity flag. + - fixed libevent configure flag. + - detects event_base_free() in new libevent 1.2 version. + - getopt in daemon. fatal_exit() and verbose() logging funcs. + - created log_assert, that throws assertions to the logfile. + - listen_dnsport service. Binds ports. + +24 January 2007: Wouter + - cleaned up configure.ac. + +23 January 2007: Wouter + - added libevent to configure to link with. + - util/netevent setup work. + - configure searches for libevent. + - search for libs at end of configure (when other headers and types + have been found). + - doxygen works with ATTR_UNUSED(). + - util/netevent implementation. + +22 January 2007: Wouter + - Designed header file for network communication. + +16 January 2007: Wouter + - added readme.svn and readme.tests. + +4 January 2007: Wouter + - Testbed script (run on multiple platforms the test set). + Works on Sunos9, Sunos10, FreeBSD 6.1, Fedora core 5. + - added unit test tpkg. + +3 January 2007: Wouter + - committed first set of files into subversion repository. + svn co svn+ssh://unbound.net/svn/unbound + You need a ssh login. There is no https access yet. + - Added LICENSE, the BSD license. + - Added doc/README with compile help. + - main program stub and quiet makefile. + - minimal logging service (to stderr). + - added postcommit hook that serves emails. + - added first test 00-lint. postcommit also checks if build succeeds. + - 01-doc: doxygen doc target added for html docs. And stringent test + on documented files, functions and parameters. + +15 December 2006: Wouter + - Created Makefile.in and configure.ac. diff --git a/contrib/unbound/doc/FEATURES b/contrib/unbound/doc/FEATURES new file mode 100644 index 0000000..b695eeb --- /dev/null +++ b/contrib/unbound/doc/FEATURES @@ -0,0 +1,100 @@ +Unbound Features + +(C) Copyright 2008, Wouter Wijngaards, NLnet Labs. + + +This document describes the features and RFCs that unbound +adheres to, and which ones are decided to be out of scope. + + +Big Features +------------ +Recursive service. +Caching service. +Forwarding and stub zones. +Very limited authoritative service. +DNSSEC Validation options. +EDNS0, NSEC3, IPv6, DNAME, Unknown-RR-types. +RSASHA256, GOST, ECDSA, SHA384 DNSSEC algorithms. + +Details +------- +Processing support +RFC 1034-1035: as a recursive, caching server. Not authoritative. + including CNAMEs, referrals, wildcards, classes, ... + AAAA type, and IP6 dual stack support. + type ANY queries are supported, class ANY queries are supported. +RFC 4033-4035: as a validating caching server (unbound daemon). + as a validating stub (libunbound). +RFC 1918. +RFC 1995, 1996, 2136: not authoritative, so no AXFR, IXFR, NOTIFY or + dynamic update services are appropriate. +RFC 2181: completely, including the trust model, keeping rrsets together. +RFC 2308: TTL directive, and the rest of the RFC too. +RFC 2671: EDNS0 support, default advertisement 4Kb size. +RFC 2672: DNAME support. +RFC 3597: Unknown RR type support. +RFC 4343: case insensitive handling of domain names. +RFC 4509: SHA256 DS hash. +RFC 4592: wildcards. +RFC 4697: No DNS Resolution Misbehavior. +RFC 5011: update of trust anchors with timers. +RFC 5155: NSEC3, NSEC3PARAM types +RFC 5358: reflectors-are-evil: access control list for recursive + service. In fact for all DNS service so cache snooping is halted. +RFC 5452: forgery resilience. all recommendations followed. +RFC 5702: RSASHA256 signature algorithm. +RFC 5933: GOST signature algorithm. +RFC 6303: default local zones. + It is possible to block zones or return an address for localhost. + This is a very limited authoritative service. Defaults as in draft. +RFC 6604: xNAME RCODE and status bits. +RFC 6605: ECDSA signature algorithm, SHA384 DS hash. + +chroot and drop-root-privileges support, default enabled in config file. + +AD bit in query can be used to request AD bit in response (w/o using DO bit). +CD bit in query can be used to request bogus data. +UDP and TCP service is provided downstream. +UDP and TCP are used to request from upstream servers. +SSL wrapped TCP service can be used upstream and provided downstream. +Multiple queries can be made over a TCP stream. + +No TSIG support at this time. +No SIG0 support at this time. +No dTLS support at this time. +This is not a DNS statistics package, but some operationally useful +values are provided via unbound-control stats. +TXT RRs from the Chaos class (id.server, hostname.bind, ...) are supported. + +draft-0x20: implemented, use caps-for-id option to enable use. + Also implements bitwise echo of the query to support downstream 0x20. +draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to + a safety belt list. +draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured + as trust anchors. Also DNSKEYs are allowed, by the way. +draft-ietf-dnsext-dnssec-bis-updates: supported. + +Record type syntax support, extensive, from lib ldns. +For these types only syntax and parsing support is needed. +RFC 1034-1035: basic RR types. +RFC 1183: RP, AFSDB, X25, ISDN, RT +RFC 1706: NSAP +RFC 2535: KEY, SIG, NXT: treated as unknown data, syntax is parsed (obsolete). +2163: PX +AAAA type +1876: LOC type +2782: SRV type +2915: NAPTR type. +2230: KX type. +2538: CERT type. +2672: DNAME type. +OPT type +3123: APL +SSHFP type +4025: IPSECKEY +4033-4035: DS, RRSIG, NSEC, DNSKEY +4701: DHCID +5155: NSEC3, NSEC3PARAM +4408: SPF + diff --git a/contrib/unbound/doc/LICENSE b/contrib/unbound/doc/LICENSE new file mode 100644 index 0000000..c248049 --- /dev/null +++ b/contrib/unbound/doc/LICENSE @@ -0,0 +1,30 @@ +Copyright (c) 2007, NLnet Labs. All rights reserved. + +This software is open source. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +Neither the name of the NLNET LABS nor the names of its contributors may +be used to endorse or promote products derived from this software without +specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README new file mode 100644 index 0000000..c150f7b --- /dev/null +++ b/contrib/unbound/doc/README @@ -0,0 +1,150 @@ +README for Unbound 1.4.17 +Copyright 2007 NLnet Labs +http://unbound.net + +This software is under BSD license, see LICENSE for details. + +* Download the latest release version of this software from + http://unbound.net + or get a beta version from the svn repository at + http://unbound.net/svn/ + +* Uses the following libraries; + * ldns http://www.nlnetlabs.nl/ldns/ (BSD license) + (required) can use ldns build directory directly with --with-ldns=path. + * libevent http://www.monkey.org/~provos/libevent/ (BSD license) + (optional) can use builtin alternative instead. + +* Make and install: ./configure; make; make install + * --with-ldns=/path/to/ldns + It will dynamically link against it. + * --with-libevent=/path/to/libevent + Can be set to either the system install or the build directory. + --with-libevent=no (default) gives a builtin alternative + implementation. libevent is useful when having many (thousands) + of outgoing ports. This improves randomization and spoof + resistance. For the default of 16 ports the builtin alternative + works well and is a little faster. + * --with-libexpat=/path/to/libexpat + Can be set to the install directory of libexpat. + * --without-pthreads + This disables pthreads. Without this option the pthreads library + is detected automatically. Use this option to disable threading + altogether, or, on Solaris, also use --with(out)-solaris-threads. + * --enable-checking + This enables assertions in the code that guard against a variety of + programming errors, among which buffer overflows. The program exits + with an error if an assertion fails (but the buffer did not overflow). + * --enable-static-exe + This enables a debug option to statically link, against ldns and + libevent libraries. + * --enable-lock-checks + This enables a debug option to check lock and unlock calls. It needs + a recent pthreads library to work. + * --enable-alloc-checks + This enables a debug option to check malloc (calloc, realloc, free). + The server periodically checks if the amount of memory used fits with + the amount of memory it thinks it should be using, and reports + memory usage in detail. + * --with-conf-file=filename + Set default location of config file, + the default is /usr/local/etc/unbound/unbound.conf. + * --with-pidfile=filename + Set default location of pidfile, + the default is /usr/local/etc/unbound/unbound.pid. + * --with-run-dir=path + Set default working directory, + the default is /usr/local/etc/unbound. + * --with-chroot-dir=path + Set default chroot directory, + the default is /usr/local/etc/unbound. + * --with-rootkey-file=path + Set the default root.key path. This file is read and written. + the default is /usr/local/etc/unbound/root.key + * --with-rootcert-file=path + Set the default root update certificate path. A builtin certificate + is used if this file is empty or does not exist. + the default is /usr/local/etc/unbound/icannbundle.pem + * --with-username=user + Set default user name to change to, + the default is the "unbound" user. + * --with-pyunbound + Create libunbound wrapper usable from python. + Needs python-devel and swig development tools. + * --with-pythonmodule + Compile the python module that processes responses in the server. + * --disable-sha2 + Disable support for RSASHA256 and RSASHA512 crypto. + * --disable-gost + Disable support for GOST crypto, RFC 5933. + +* 'make test' runs a series of self checks. + +Known issues +------------ +o If there are no replies for a forward or stub zone, for a reverse zone, + you may need to add a local-zone: name transparent or nodefault to the + server: section of the config file to unblock the reverse zone. + Only happens for (sub)zones that are blocked by default; e.g. 10.in-addr.arpa +o If libevent is older (before 1.3c), unbound will exit instead of reload + on sighup. On a restart 'did not exit gracefully last time' warning is + printed. Perform ./configure --with-libevent=no or update libevent, rerun + configure and recompile unbound to make sighup work correctly. + It is strongly suggested to use a recent version of libevent. +o If you are not receiving the correct source IP address on replies (e.g. + you are running a multihomed, anycast server), the interface-automatic + option can be enabled to set socket options to achieve the correct + source IP address on UDP replies. Listing all IP addresses explicitly in + the config file is an alternative. The interface-automatic option uses + non portable socket options, Linux and FreeBSD should work fine. +o The warning 'openssl has no entropy, seeding with time', with chroot + enabled, may be solved with a symbolic link to /dev/random from <chrootdir>. +o On Solaris 5.10 some libtool packages from repositories do not work with + gcc, showing errors gcc: unrecognized option `-KPIC' + To solve this do ./configure libtool=./libtool [your options...]. + On Solaris you may pass CFLAGS="-xO4 -xtarget=generic" if you use sun-cc. +o If unbound-control (or munin graphs) do not work, this can often be because + the unbound-control-setup script creates the keys with restricted + permissions, and the files need to be made readable or ownered by both the + unbound daemon and unbound-control. +o Crosscompile seems to hang. You tried to install unbound under wine. + wine regedit and remove all the unbound entries from the registry or + delete .wine/drive_c. + +Acknowledgements +---------------- +o Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). +o Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java + prototype. Design and code from that prototype has been used to create + this program. Such as the iterator state machine and the cache design. +o Other code origins are from the NSD (NLnet Labs) and LDNS (NLnet Labs) + projects. Such as buffer, region-allocator and red-black tree code. +o See Credits file for contributors. + + +Your Support +------------ +NLnet Labs offers all of its software products as open source, most are +published under a BSD license. You can download them, not only from the +NLnet Labs website but also through the various OS distributions for +which NSD, ldns, and Unbound are packaged. We therefore have little idea +who uses our software in production environments and have no direct ties +with 'our customers'. + +Therefore, we ask you to contact us at users@NLnetLabs.nl and tell us +whether you use one of our products in your production environment, +what that environment looks like, and maybe even share some praise. +We would like to refer to the fact that your organization is using our +products. We will only do that if you explicitly allow us. In all other +cases we will keep the information you share with us to ourselves. + +In addition to the moral support you can also support us +financially. NLnet Labs is a recognized not-for-profit charity foundation +that is chartered to develop open-source software and open-standards +for the Internet. If you use our software to satisfaction please express +that by giving us a donation. For small donations PayPal can be used. For +larger and regular donations please contact us at users@NLnetLabs.nl. Also +see http://www.nlnetlabs.nl/labs/contributors/. + + +* mailto:unbound-bugs@nlnetlabs.nl diff --git a/contrib/unbound/doc/README.svn b/contrib/unbound/doc/README.svn new file mode 100644 index 0000000..7f18898 --- /dev/null +++ b/contrib/unbound/doc/README.svn @@ -0,0 +1,17 @@ +README.svn + +For a svn checkout +* configure script, aclocal.m4, as well as yacc/lex output files are + committed to the repository. +* use --enable-debug flag for configure to enable dependency tracking and + assertions, otherwise, use make clean; make after svn update. + +* Note changes in the Changelog. +* Every check-in a postcommit hook is run + (the postcommit hook is in the svn/unbound/hooks directory). + * generates commit email with your changes and comment. + * compiles and runs the tests (with testcode/do-tests.sh). + * If build errors or test errors happen + * Please fix your errors and commit again. + +* Use gnu make to compile, make or 'gmake'. diff --git a/contrib/unbound/doc/README.tests b/contrib/unbound/doc/README.tests new file mode 100644 index 0000000..5385e2b --- /dev/null +++ b/contrib/unbound/doc/README.tests @@ -0,0 +1,24 @@ +README unbound tests + +For a quick test that runs unit tests and state machine tests, use + make test + +There is a long test setup for unbound that needs tools installed. Use + make longtest +To make and run the long tests. The results are summarized at the end. + +You need to have the following programs installed and in your PATH. +* dig - from the bind-tools package. Used to send DNS queries. +* splint (optional) - for lint test +* doxygen (optional) - for doc completeness test +* ldns-testns - from ldns examples. Used as DNS auth server. +* xxd and nc (optional) - for (malformed) packet transmission. +The optional programs are detected and can be omitted. + +testdata/ contains the data for tests. +testcode/ contains scripts and c code for the tests. + +do-tests.sh : runs all the tests in the testdata directory. +testbed.sh : compiles on a set of (user specific) hosts and runs do-tests. + +Tests are run using testcode/mini_tpkg.sh. diff --git a/contrib/unbound/doc/TODO b/contrib/unbound/doc/TODO new file mode 100644 index 0000000..bfeef4a --- /dev/null +++ b/contrib/unbound/doc/TODO @@ -0,0 +1,76 @@ +TODO items. These are interesting todo items. +o understand synthesized DNAMEs, so those TTL=0 packets are cached properly. +o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 + will result in proper negative responses. +o (option) where port 53 is used for send and receive, no other ports are used. +o (option) to not send replies to clients after a timeout of (say 5 secs) has + passed, but keep task active for later retries by client. +o (option) private TTL feature (always report TTL x in answers). +o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. +o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. +o (option) reprime and refresh oft used data before timeout. +o (option) retain prime results in a overlaid roothints file. +o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). +o windows version, auto update feature, a query to check for the version. +o command the server with TSIG inband. get-config, clearcache, + get stats, get memstats, get ..., reload, clear one zone from cache +o NSID rfc 5001 support. +o timers rfc 5011 support. +o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. +o make timeout backoffs randomized (a couple percent random) to spread traffic. +o inspect date on executable, then warn user in log if its more than 1 year. +o (option) proactively prime root, stubs and trust anchors, feature. + early failure, faster on first query, but more traffic. +o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. +o library add function to validate input from app that is signed. +o add dynamic-update requests (making a dynupd request) to libunbound api. +o SIG(0) and TSIG. +o support OPT record placement on recv anywhere in the additional section. +o add local-file: config with authority features. +o (option) to make local-data answers be secure for libunbound (default=no) +o (option) to make chroot: copy all needed files into jail (or make jail) + perhaps also print reminder to link /dev/random and sysloghack. +o overhaul outside-network servicedquery to merge with udpwait and tcpwait, + to make timers in servicedquery independent of udpwait queues. +o check into rebinding ports for efficiency, configure time test. +o EVP hardware crypto support. +o option to ignore all inception and expiration dates for rrsigs. +o cleaner code; return and func statements on newline. +o memcached module that sits before validator module; checks for memcached + data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. +o no openssl_add_all_algorithms, but only the ones necessary, less space. +o listen to NOTIFY messages for zones and flush the cache for that zone + if received. Useful when also having a stub to that auth server. + Needs proper protection, TSIG, in place. +o winevent - do not go more than 64 fds (by polling with select one by + one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. + +*** Features features, for later +* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. +* aggressive negative caching for NSEC, NSEC3. +* multiple queries per question, server exploration, server selection. +* support TSIG on queries, for validating resolver deployment. +* retry-mode, where a bogus result triggers a retry-mode query, where a list + of responses over a time interval is collected, and each is validated. + or try in TCP mode. Do not 'try all servers several times', since we must + not create packet storms with operator errors. +o on windows version, implement that OS ancillary data capabilities for + interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. +o local-zone directive with authority service, full authority server + is a non-goal. +o infra and lame cache: easier size config (in Mb), show usage in graphs. +- store time of dump in cachedumps, so that on a load the ttls can be + compared to the absolute time, and now-expired items can be dealt with. + +later +- selective verbosity; ubcontrol trace example.com +- cache fork-dump, pre-load +- for fwds, send queries to N servers in fwd-list, use first reply. + document high scalable, high available unbound setup onepager. +- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). +- use libevent if available on system by default(?), default outgoing 256to1024 + +[1] BIND-like query logging to see who's looking up what and when +[2] more logging about stuff like SERVFAIL and REFUSED responses +[3] a Makefile that works without gnumake + diff --git a/contrib/unbound/doc/control_proto_spec.txt b/contrib/unbound/doc/control_proto_spec.txt new file mode 100644 index 0000000..d26258f --- /dev/null +++ b/contrib/unbound/doc/control_proto_spec.txt @@ -0,0 +1,70 @@ + +Specification for the unbound-control protocol. + +Server listens on 8953 TCP (localhost by default). Client connects, +SSLv3 or TLSv1 connection setup (server selfsigned certificate, +client has cert signed by server certificate). + +Port 8953 is registered with IANA as: +ub-dns-control 8953/tcp unbound dns nameserver control +# Wouter Wijngaards <wouter&nlnetlabs.nl> 10 May 2011 +On may 11 2011, ticket [IANA #442315]. + +Query and Response +------------------ +Client sends + UBCT[version] [commandline] \n + fixed string UBCT1 (for version 1), then an ascii text line, + with a command, some whitespace allowed. Line ends with '\n'. + +Server executes command. And sends reply in ascii text over channel, +closes the channel when done. + in case of error the first line of the response is: + error <descriptive text possible> \n + or the remainder is data of the response, for many commands the + response is 'ok\n'. + +Queries and responses +--------------------- +stop + stops the server. +reload + reloads the config file, and flushes the cache. +verbosity <new value> + Change logging verbosity to new value. +stats + output is a list of [name]=[value] lines. + clears the counters. +dump_cache + output is a text representation of the cache contents. + data ends with a line 'EOF' before connection close. +load_cache + client sends cache contents (like from dump_cache), which is stored + in the cache. end of data indicated with a line with 'EOF' on it. + The data is sent after the query line. +flush <name> + flushes some information regarding the name from the cache. + removes the A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR types. + Does not remove other types. +flush_type <name> <RR type> + removes rrtype entry from the cache. +flush_zone <name> + removes name and everything below that name from the cache. + has to search through the cache item by item, so this is slow. +lookup <name> + see what servers would be queried for a lookup of the given name. +local_zone_remove <name of local-zone entry> + the local-zone entry is removed. + All data from the local zone is also deleted. + If it did not exist, nothing happens. +local_zone <name of local zone> <type> + As the config file entry. Adds new local zone or updates + existing zone type. +local_data_remove <name> + Removes local-data (all types) name. +local_data <resource record string> + Add new local data record (on the rest of the line). + local_data_add www.example.com. IN A 192.0.2.2 + if no local_zone exists for it; a transparent zone with the same + name as the data is created. +Other commands in the unbound-control manual page. diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in new file mode 100644 index 0000000..0378d04 --- /dev/null +++ b/contrib/unbound/doc/example.conf.in @@ -0,0 +1,536 @@ +# +# Example configuration file. +# +# See unbound.conf(5) man page, version 1.4.17. +# +# this is a comment. + +#Use this to include other text into the file. +#include: "otherfile.conf" + +# The server clause sets the main parameters. +server: + # whitespace is not necessary, but looks cleaner. + + # verbosity number, 0 is least verbose. 1 is default. + verbosity: 1 + + # print statistics to the log (for every thread) every N seconds. + # Set to "" or 0 to disable. Default is disabled. + # statistics-interval: 0 + + # enable cumulative statistics, without clearing them after printing. + # statistics-cumulative: no + + # enable extended statistics (query types, answer codes, status) + # printed from unbound-control. default off, because of speed. + # extended-statistics: no + + # number of threads to create. 1 disables threading. + # num-threads: 1 + + # specify the interfaces to answer queries from by ip-address. + # The default is to listen to localhost (127.0.0.1 and ::1). + # specify 0.0.0.0 and ::0 to bind to all available interfaces. + # specify every interface[@port] on a new 'interface:' labelled line. + # The listen interfaces are not changed on reload, only on restart. + # interface: 192.0.2.153 + # interface: 192.0.2.154 + # interface: 192.0.2.154@5003 + # interface: 2001:DB8::5 + + # enable this feature to copy the source address of queries to reply. + # Socket options are not supported on all platforms. experimental. + # interface-automatic: no + + # port to answer queries from + # port: 53 + + # specify the interfaces to send outgoing queries to authoritative + # server from by ip-address. If none, the default (all) interface + # is used. Specify every interface on a 'outgoing-interface:' line. + # outgoing-interface: 192.0.2.153 + # outgoing-interface: 2001:DB8::5 + # outgoing-interface: 2001:DB8::6 + + # number of ports to allocate per thread, determines the size of the + # port range that can be open simultaneously. About double the + # num-queries-per-thread, or, use as many as the OS will allow you. + # outgoing-range: 4096 + + # permit unbound to use this port number or port range for + # making outgoing queries, using an outgoing interface. + # outgoing-port-permit: 32768 + + # deny unbound the use this of port number or port range for + # making outgoing queries, using an outgoing interface. + # Use this to make sure unbound does not grab a UDP port that some + # other server on this computer needs. The default is to avoid + # IANA-assigned port numbers. + # outgoing-port-avoid: "3200-3208" + + # number of outgoing simultaneous tcp buffers to hold per thread. + # outgoing-num-tcp: 10 + + # number of incoming simultaneous tcp buffers to hold per thread. + # incoming-num-tcp: 10 + + # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). + # 0 is system default. Use 4m to catch query spikes for busy servers. + # so-rcvbuf: 0 + + # buffer size for UDP port 53 outgoing (SO_SNDBUF socket option). + # 0 is system default. Use 4m to handle spikes on very busy servers. + # so-sndbuf: 0 + + # EDNS reassembly buffer to advertise to UDP peers (the actual buffer + # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). + # edns-buffer-size: 4096 + + # buffer size for handling DNS data. No messages larger than this + # size can be sent or received, by UDP or TCP. In bytes. + # msg-buffer-size: 65552 + + # the amount of memory to use for the message cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # msg-cache-size: 4m + + # the number of slabs to use for the message cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # msg-cache-slabs: 4 + + # the number of queries that a thread gets to service. + # num-queries-per-thread: 1024 + + # if very busy, 50% queries run to completion, 50% get timeout in msec + # jostle-timeout: 200 + + # the amount of memory to use for the RRset cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # rrset-cache-size: 4m + + # the number of slabs to use for the RRset cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # rrset-cache-slabs: 4 + + # the time to live (TTL) value lower bound, in seconds. Default 0. + # If more than an hour could easily give trouble due to stale data. + # cache-min-ttl: 0 + + # the time to live (TTL) value cap for RRsets and messages in the + # cache. Items are not cached for longer. In seconds. + # cache-max-ttl: 86400 + + # the time to live (TTL) value for cached roundtrip times, lameness and + # EDNS version information for hosts. In seconds. + # infra-host-ttl: 900 + + # the number of slabs to use for the Infrastructure cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # infra-cache-slabs: 4 + + # the maximum number of hosts that are cached (roundtrip, EDNS, lame). + # infra-cache-numhosts: 10000 + + # Enable IPv4, "yes" or "no". + # do-ip4: yes + + # Enable IPv6, "yes" or "no". + # do-ip6: yes + + # Enable UDP, "yes" or "no". + # do-udp: yes + + # Enable TCP, "yes" or "no". + # do-tcp: yes + + # upstream connections use TCP only (and no UDP), "yes" or "no" + # useful for tunneling scenarios, default no. + # tcp-upstream: no + + # Detach from the terminal, run in background, "yes" or "no". + # do-daemonize: yes + + # control which clients are allowed to make (recursive) queries + # to this server. Specify classless netblocks with /size and action. + # By default everything is refused, except for localhost. + # Choose deny (drop message), refuse (polite error reply), + # allow (recursive ok), allow_snoop (recursive and nonrecursive ok) + # access-control: 0.0.0.0/0 refuse + # access-control: 127.0.0.0/8 allow + # access-control: ::0/0 refuse + # access-control: ::1 allow + # access-control: ::ffff:127.0.0.1 allow + + # if given, a chroot(2) is done to the given directory. + # i.e. you can chroot to the working directory, for example, + # for extra security, but make sure all files are in that directory. + # + # If chroot is enabled, you should pass the configfile (from the + # commandline) as a full path from the original root. After the + # chroot has been performed the now defunct portion of the config + # file path is removed to be able to reread the config after a reload. + # + # All other file paths (working dir, logfile, roothints, and + # key files) can be specified in several ways: + # o as an absolute path relative to the new root. + # o as a relative path to the working directory. + # o as an absolute path relative to the original root. + # In the last case the path is adjusted to remove the unused portion. + # + # The pid file can be absolute and outside of the chroot, it is + # written just prior to performing the chroot and dropping permissions. + # + # Additionally, unbound may need to access /dev/random (for entropy). + # How to do this is specific to your OS. + # + # If you give "" no chroot is performed. The path must not end in a /. + # chroot: "@UNBOUND_CHROOT_DIR@" + + # if given, user privileges are dropped (after binding port), + # and the given username is assumed. Default is user "unbound". + # If you give "" no privileges are dropped. + # username: "@UNBOUND_USERNAME@" + + # the working directory. The relative files in this config are + # relative to this directory. If you give "" the working directory + # is not changed. + # directory: "@UNBOUND_RUN_DIR@" + + # the log file, "" means log to stderr. + # Use of this option sets use-syslog to "no". + # logfile: "" + + # Log to syslog(3) if yes. The log facility LOG_DAEMON is used to + # log to, with identity "unbound". If yes, it overrides the logfile. + # use-syslog: yes + + # print UTC timestamp in ascii to logfile, default is epoch in seconds. + # log-time-ascii: no + + # print one line with time, IP, name, type, class for every query. + # log-queries: no + + # the pid file. Can be an absolute path outside of chroot/work dir. + # pidfile: "@UNBOUND_PIDFILE@" + + # file to read root hints from. + # get one from ftp://FTP.INTERNIC.NET/domain/named.cache + # root-hints: "" + + # enable to not answer id.server and hostname.bind queries. + # hide-identity: no + + # enable to not answer version.server and version.bind queries. + # hide-version: no + + # the identity to report. Leave "" or default to return hostname. + # identity: "" + + # the version to report. Leave "" or default to return package version. + # version: "" + + # the target fetch policy. + # series of integers describing the policy per dependency depth. + # The number of values in the list determines the maximum dependency + # depth the recursor will pursue before giving up. Each integer means: + # -1 : fetch all targets opportunistically, + # 0: fetch on demand, + # positive value: fetch that many targets opportunistically. + # Enclose the list of numbers between quotes (""). + # target-fetch-policy: "3 2 1 0 0" + + # Harden against very small EDNS buffer sizes. + # harden-short-bufsize: no + + # Harden against unseemly large queries. + # harden-large-queries: no + + # Harden against out of zone rrsets, to avoid spoofing attempts. + # harden-glue: yes + + # Harden against receiving dnssec-stripped data. If you turn it + # off, failing to validate dnskey data for a trustanchor will + # trigger insecure mode for that zone (like without a trustanchor). + # Default on, which insists on dnssec data for trust-anchored zones. + # harden-dnssec-stripped: yes + + # Harden against queries that fall under dnssec-signed nxdomain names. + # harden-below-nxdomain: no + + # Harden the referral path by performing additional queries for + # infrastructure data. Validates the replies (if possible). + # Default off, because the lookups burden the server. Experimental + # implementation of draft-wijngaards-dnsext-resolver-side-mitigation. + # harden-referral-path: no + + # Use 0x20-encoded random bits in the query to foil spoof attempts. + # This feature is an experimental implementation of draft dns-0x20. + # use-caps-for-id: no + + # Enforce privacy of these addresses. Strips them away from answers. + # It may cause DNSSEC validation to additionally mark it as bogus. + # Protects against 'DNS Rebinding' (uses browser as network proxy). + # Only 'private-domain' and 'local-data' names are allowed to have + # these private addresses. No default. + # private-address: 10.0.0.0/8 + # private-address: 172.16.0.0/12 + # private-address: 192.168.0.0/16 + # private-address: 169.254.0.0/16 + # private-address: fd00::/8 + # private-address: fe80::/10 + + # Allow the domain (and its subdomains) to contain private addresses. + # local-data statements are allowed to contain private addresses too. + # private-domain: "example.com" + + # If nonzero, unwanted replies are not only reported in statistics, + # but also a running total is kept per thread. If it reaches the + # threshold, a warning is printed and a defensive action is taken, + # the cache is cleared to flush potential poison out of it. + # A suggested value is 10000000, the default is 0 (turned off). + # unwanted-reply-threshold: 0 + + # Do not query the following addresses. No DNS queries are sent there. + # List one address per entry. List classless netblocks with /size, + # do-not-query-address: 127.0.0.1/8 + # do-not-query-address: ::1 + + # if yes, the above default do-not-query-address entries are present. + # if no, localhost can be queried (for testing and debugging). + # do-not-query-localhost: yes + + # if yes, perform prefetching of almost expired message cache entries. + # prefetch: no + + # if yes, perform key lookups adjacent to normal lookups. + # prefetch-key: no + + # if yes, Unbound rotates RRSet order in response. + # rrset-roundrobin: no + + # if yes, Unbound doesn't insert authority/additional sections + # into response messages when those sections are not required. + # minimal-responses: no + + # module configuration of the server. A string with identifiers + # separated by spaces. "iterator" or "validator iterator" + # module-config: "validator iterator" + + # File with trusted keys, kept uptodate using RFC5011 probes, + # initial file like trust-anchor-file, then it stores metadata. + # Use several entries, one per domain name, to track multiple zones. + # + # If you want to perform DNSSEC validation, run unbound-anchor before + # you start unbound (i.e. in the system boot scripts). And enable: + # Please note usage of unbound-anchor root anchor is at your own risk + # and under the terms of our LICENSE (see that file in the source). + # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + + # File with DLV trusted keys. Same format as trust-anchor-file. + # There can be only one DLV configured, it is trusted from root down. + # Download http://ftp.isc.org/www/dlv/dlv.isc.org.key + # dlv-anchor-file: "dlv.isc.org.key" + + # File with trusted keys for validation. Specify more than one file + # with several entries, one file per entry. + # Zone file format, with DS and DNSKEY entries. + # Note this gets out of date, use auto-trust-anchor-file please. + # trust-anchor-file: "" + + # Trusted key for validation. DS or DNSKEY. specify the RR on a + # single line, surrounded by "". TTL is ignored. class is IN default. + # Note this gets out of date, use auto-trust-anchor-file please. + # (These examples are from August 2007 and may not be valid anymore). + # trust-anchor: "nlnetlabs.nl. DNSKEY 257 3 5 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9N Lby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW 6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1U BYtEIQ==" + # trust-anchor: "jelte.nlnetlabs.nl. DS 42860 5 1 14D739EB566D2B1A5E216A0BA4D17FA9B038BE4A" + + # File with trusted keys for validation. Specify more than one file + # with several entries, one file per entry. Like trust-anchor-file + # but has a different file format. Format is BIND-9 style format, + # the trusted-keys { name flag proto algo "key"; }; clauses are read. + # you need external update procedures to track changes in keys. + # trusted-keys-file: "" + + # Ignore chain of trust. Domain is treated as insecure. + # domain-insecure: "example.com" + + # Override the date for validation with a specific fixed date. + # Do not set this unless you are debugging signature inception + # and expiration. "" or "0" turns the feature off. -1 ignores date. + # val-override-date: "" + + # The time to live for bogus data, rrsets and messages. This avoids + # some of the revalidation, until the time interval expires. in secs. + # val-bogus-ttl: 60 + + # The signature inception and expiration dates are allowed to be off + # by 10% of the signature lifetime (expir-incep) from our local clock. + # This leeway is capped with a minimum and a maximum. In seconds. + # val-sig-skew-min: 3600 + # val-sig-skew-max: 86400 + + # Should additional section of secure message also be kept clean of + # unsecure data. Useful to shield the users of this validator from + # potential bogus data in the additional section. All unsigned data + # in the additional section is removed from secure messages. + # val-clean-additional: yes + + # Turn permissive mode on to permit bogus messages. Thus, messages + # for which security checks failed will be returned to clients, + # instead of SERVFAIL. It still performs the security checks, which + # result in interesting log files and possibly the AD bit in + # replies if the message is found secure. The default is off. + # val-permissive-mode: no + + # Ignore the CD flag in incoming queries and refuse them bogus data. + # Enable it if the only clients of unbound are legacy servers (w2008) + # that set CD but cannot validate themselves. + # ignore-cd-flag: no + + # Have the validator log failed validations for your diagnosis. + # 0: off. 1: A line per failed user query. 2: With reason and bad IP. + # val-log-level: 0 + + # It is possible to configure NSEC3 maximum iteration counts per + # keysize. Keep this table very short, as linear search is done. + # A message with an NSEC3 with larger count is marked insecure. + # List in ascending order the keysize and count values. + # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" + + # instruct the auto-trust-anchor-file probing to add anchors after ttl. + # add-holddown: 2592000 # 30 days + + # instruct the auto-trust-anchor-file probing to del anchors after ttl. + # del-holddown: 2592000 # 30 days + + # auto-trust-anchor-file probing removes missing anchors after ttl. + # If the value 0 is given, missing anchors are not removed. + # keep-missing: 31622400 # 366 days + + # the amount of memory to use for the key cache. + # plain value in bytes or you can append k, m or G. default is "4Mb". + # key-cache-size: 4m + + # the number of slabs to use for the key cache. + # the number of slabs must be a power of 2. + # more slabs reduce lock contention, but fragment memory usage. + # key-cache-slabs: 4 + + # the amount of memory to use for the negative cache (used for DLV). + # plain value in bytes or you can append k, m or G. default is "1Mb". + # neg-cache-size: 1m + + # a number of locally served zones can be configured. + # local-zone: <zone> <type> + # local-data: "<resource record string>" + # o deny serves local data (if any), else, drops queries. + # o refuse serves local data (if any), else, replies with error. + # o static serves local data, else, nxdomain or nodata answer. + # o transparent gives local data, but resolves normally for other names + # o redirect serves the zone data for any subdomain in the zone. + # o nodefault can be used to normally resolve AS112 zones. + # o typetransparent resolves normally for other types and other names + # + # defaults are localhost address, reverse for 127.0.0.1 and ::1 + # and nxdomain for AS112 zones. If you configure one of these zones + # the default content is omitted, or you can omit it with 'nodefault'. + # + # If you configure local-data without specifying local-zone, by + # default a transparent local-zone is created for the data. + # + # You can add locally served data with + # local-zone: "local." static + # local-data: "mycomputer.local. IN A 192.0.2.51" + # local-data: 'mytext.local TXT "content of text record"' + # + # You can override certain queries with + # local-data: "adserver.example.com A 127.0.0.1" + # + # You can redirect a domain to a fixed address with + # (this makes example.com, www.example.com, etc, all go to 192.0.2.3) + # local-zone: "example.com" redirect + # local-data: "example.com A 192.0.2.3" + # + # Shorthand to make PTR records, "IPv4 name" or "IPv6 name". + # You can also add PTR records using local-data directly, but then + # you need to do the reverse notation yourself. + # local-data-ptr: "192.0.2.3 www.example.com" + + # service clients over SSL (on the TCP sockets), with plain DNS inside + # the SSL stream. Give the certificate to use and private key. + # default is "" (disabled). requires restart to take effect. + # ssl-service-key: "path/to/privatekeyfile.key" + # ssl-service-pem: "path/to/publiccertfile.pem" + # ssl-port: 443 + + # request upstream over SSL (with plain DNS inside the SSL stream). + # Default is no. Can be turned on and off with unbound-control. + # ssl-upstream: no + +# Python config section. To enable: +# o use --with-pythonmodule to configure before compiling. +# o list python in the module-config string (above) to enable. +# o and give a python-script to run. +python: + # Script file to load + # python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py" + +# Remote control config section. +remote-control: + # Enable remote control with unbound-control(8) here. + # set up the keys and certificates with unbound-control-setup. + # control-enable: no + + # what interfaces are listened to for remote control. + # give 0.0.0.0 and ::0 to listen to all interfaces. + # control-interface: 127.0.0.1 + # control-interface: ::1 + + # port number for remote control operations. + # control-port: 8953 + + # unbound server key file. + # server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key" + + # unbound server certificate file. + # server-cert-file: "@UNBOUND_RUN_DIR@/unbound_server.pem" + + # unbound-control key file. + # control-key-file: "@UNBOUND_RUN_DIR@/unbound_control.key" + + # unbound-control certificate file. + # control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem" + +# Stub zones. +# Create entries like below, to make all queries for 'example.com' and +# 'example.org' go to the given list of nameservers. list zero or more +# nameservers by hostname or by ipaddress. If you set stub-prime to yes, +# the list is treated as priming hints (default is no). +# With stub-first yes, it attempts without the stub if it fails. +# stub-zone: +# name: "example.com" +# stub-addr: 192.0.2.68 +# stub-prime: no +# stub-first: no +# stub-zone: +# name: "example.org" +# stub-host: ns.example.com. + +# Forward zones +# Create entries like below, to make all queries for 'example.com' and +# 'example.org' go to the given list of servers. These servers have to handle +# recursion to other nameservers. List zero or more nameservers by hostname +# or by ipaddress. Use an entry with name "." to forward all queries. +# If you enable forward-first, it attempts without the forward if it fails. +# forward-zone: +# name: "example.com" +# forward-addr: 192.0.2.68 +# forward-addr: 192.0.2.73@5355 # forward to port 5355. +# forward-first: no +# forward-zone: +# name: "example.org" +# forward-host: fwd.example.com diff --git a/contrib/unbound/doc/ietf67-design-02.odp b/contrib/unbound/doc/ietf67-design-02.odp Binary files differnew file mode 100644 index 0000000..4be2c7d --- /dev/null +++ b/contrib/unbound/doc/ietf67-design-02.odp diff --git a/contrib/unbound/doc/ietf67-design-02.pdf b/contrib/unbound/doc/ietf67-design-02.pdf Binary files differnew file mode 100644 index 0000000..1ebdaf9 --- /dev/null +++ b/contrib/unbound/doc/ietf67-design-02.pdf diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in new file mode 100644 index 0000000..8dacacd --- /dev/null +++ b/contrib/unbound/doc/libunbound.3.in @@ -0,0 +1,383 @@ +.TH "libunbound" "3" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" libunbound.3 -- unbound library functions manual +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B libunbound, +.B unbound.h, +.B ub_ctx, +.B ub_result, +.B ub_callback_t, +.B ub_ctx_create, +.B ub_ctx_delete, +.B ub_ctx_set_option, +.B ub_ctx_get_option, +.B ub_ctx_config, +.B ub_ctx_set_fwd, +.B ub_ctx_resolvconf, +.B ub_ctx_hosts, +.B ub_ctx_add_ta, +.B ub_ctx_add_ta_file, +.B ub_ctx_trustedkeys, +.B ub_ctx_debugout, +.B ub_ctx_debuglevel, +.B ub_ctx_async, +.B ub_poll, +.B ub_wait, +.B ub_fd, +.B ub_process, +.B ub_resolve, +.B ub_resolve_async, +.B ub_cancel, +.B ub_resolve_free, +.B ub_strerror, +.B ub_ctx_print_local_zones, +.B ub_ctx_zone_add, +.B ub_ctx_zone_remove, +.B ub_ctx_data_add, +.B ub_ctx_data_remove +\- Unbound DNS validating resolver 1.4.17 functions. +.SH "SYNOPSIS" +.LP +.B #include <unbound.h> +.LP +\fIstruct ub_ctx *\fR +\fBub_ctx_create\fR(\fIvoid\fR); +.LP +\fIvoid\fR +\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val); +.LP +\fIint\fR +\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val); +.LP +\fIint\fR +\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr); +.LP +\fIint\fR +\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta); +.LP +\fIint\fR +\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname); +.LP +\fIint\fR +\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out); +.LP +\fIint\fR +\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d); +.LP +\fIint\fR +\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread); +.LP +\fIint\fR +\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_process\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, +.br + \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result); +.LP +\fIint\fR +\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, +.br + \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, +.br + \fIub_callback_t\fR callback, \fIint*\fR async_id); +.LP +\fIint\fR +\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id); +.LP +\fIvoid\fR +\fBub_resolve_free\fR(\fIstruct ub_result*\fR result); +.LP +\fIconst char *\fR +\fBub_strerror\fR(\fIint\fR err); +.LP +\fIint\fR +\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx); +.LP +\fIint\fR +\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type); +.LP +\fIint\fR +\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name); +.LP +\fIint\fR +\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); +.LP +\fIint\fR +\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data); +.SH "DESCRIPTION" +.LP +.B Unbound +is an implementation of a DNS resolver, that does caching and +DNSSEC validation. This is the library API, for using the \-lunbound library. +The server daemon is described in \fIunbound\fR(8). +The library can be used to convert hostnames to ip addresses, and back, +and obtain other information from the DNS. The library performs public\-key +validation of results with DNSSEC. +.P +The library uses a variable of type \fIstruct ub_ctx\fR to keep context +between calls. The user must maintain it, creating it with +.B ub_ctx_create +and deleting it with +.B ub_ctx_delete\fR. +It can be created and deleted at any time. Creating it anew removes any +previous configuration (such as trusted keys) and clears any cached results. +.P +The functions are thread\-safe, and a context an be used in a threaded (as +well as in a non\-threaded) environment. Also resolution (and validation) +can be performed blocking and non\-blocking (also called asynchronous). +The async method returns from the call immediately, so that processing +can go on, while the results become available later. +.P +The functions are discussed in turn below. +.SH "FUNCTIONS" +.TP +.B ub_ctx_create +Create a new context, initialised with defaults. +The information from /etc/resolv.conf and /etc/hosts is not utilised +by default. Use +.B ub_ctx_resolvconf +and +.B ub_ctx_hosts +to read them. +.TP +.B ub_ctx_delete +Delete validation context and free associated resources. +Outstanding async queries are killed and callbacks are not called for them. +.TP +.B ub_ctx_set_option +A power\-user interface that lets you specify one of the options from the +config file format, see \fIunbound.conf\fR(5). Not all options are +relevant. For some specific options, such as adding trust anchors, special +routines exist. Pass the option name with the trailing ':'. +.TP +.B ub_ctx_get_option +A power\-user interface that gets an option value. Some options cannot be +gotten, and others return a newline separated list. Pass the option name +without trailing ':'. The returned value must be free(2)d by the caller. +.TP +.B ub_ctx_config +A power\-user interface that lets you specify an unbound config file, see +\fIunbound.conf\fR(5), which is read for configuration. Not all options are +relevant. For some specific options, such as adding trust anchors, special +routines exist. +.TP +.B ub_ctx_set_fwd +Set machine to forward DNS queries to, the caching resolver to use. +IP4 or IP6 address. Forwards all DNS requests to that machine, which +is expected to run a recursive resolver. If the proxy is not +DNSSEC capable, validation may fail. Can be called several times, in +that case the addresses are used as backup servers. +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B ub_ctx_resolvconf +Read list of nameservers to use from the filename given. +Usually "/etc/resolv.conf". Uses those nameservers as caching proxies. +If they do not support DNSSEC, validation may fail. +Only nameservers are picked up, the searchdomain, ndots and other +settings from \fIresolv.conf\fR(5) are ignored. +If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, +the system\-wide configured nameserver is picked instead). +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B ub_ctx_hosts +Read list of hosts from the filename given. +Usually "/etc/hosts". When queried for, these addresses are not marked +DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used +(if on Windows, etc/hosts from WINDIR is picked instead). +At this time it is only possible to set configuration before the +first resolve is done. +.TP +.B +ub_ctx_add_ta +Add a trust anchor to the given context. +At this time it is only possible to add trusted keys before the +first resolve is done. +The format is a string, similar to the zone\-file format, +[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted. +.TP +.B ub_ctx_add_ta_file +Add trust anchors to the given context. +Pass name of a file with DS and DNSKEY records in zone file format. +At this time it is only possible to add trusted keys before the +first resolve is done. +.TP +.B ub_ctx_trustedkeys +Add trust anchors to the given context. +Pass the name of a bind\-style config file with trusted\-keys{}. +At this time it is only possible to add trusted keys before the +first resolve is done. +.TP +.B ub_ctx_debugout +Set debug and error log output to the given stream. Pass NULL to disable +output. Default is stderr. File\-names or using syslog can be enabled +using config options, this routine is for using your own stream. +.TP +.B ub_ctx_debuglevel +Set debug verbosity for the context. Output is directed to stderr. +Higher debug level gives more output. +.TP +.B ub_ctx_async +Set a context behaviour for asynchronous action. +if set to true, enables threading and a call to +.B ub_resolve_async +creates a thread to handle work in the background. +If false, a process is forked to handle work in the background. +Changes to this setting after +.B ub_resolve_async +calls have been made have no effect (delete and re\-create the context +to change). +.TP +.B ub_poll +Poll a context to see if it has any new results. +Do not poll in a loop, instead extract the fd below to poll for readiness, +and then check, or wait using the wait routine. +Returns 0 if nothing to read, or nonzero if a result is available. +If nonzero, call +.B ub_process +to do callbacks. +.TP +.B ub_wait +Wait for a context to finish with results. Calls +.B ub_process +after the wait for you. After the wait, there are no more outstanding +asynchronous queries. +.TP +.B ub_fd +Get file descriptor. Wait for it to become readable, at this point +answers are returned from the asynchronous validating resolver. +Then call the \fBub_process\fR to continue processing. +.TP +.B ub_process +Call this routine to continue processing results from the validating +resolver (when the fd becomes readable). +Will perform necessary callbacks. +.TP +.B ub_resolve +Perform resolution and validation of the target name. +The name is a domain name in a zero terminated text string. +The rrtype and rrclass are DNS type and class codes. +The result structure is newly allocated with the resulting data. +.TP +.B ub_resolve_async +Perform asynchronous resolution and validation of the target name. +Arguments mean the same as for \fBub_resolve\fR except no +data is returned immediately, instead a callback is called later. +The callback receives a copy of the mydata pointer, that you can use to pass +information to the callback. The callback type is a function pointer to +a function declared as +.IP +void my_callback_function(void* my_arg, int err, +.br + struct ub_result* result); +.IP +The async_id is returned so you can (at your option) decide to track it +and cancel the request if needed. If you pass a NULL pointer the async_id +is not returned. +.TP +.B ub_cancel +Cancel an async query in progress. This may return an error if the query +does not exist, or the query is already being delivered, in that case you +may still get a callback for the query. +.TP +.B ub_resolve_free +Free struct ub_result contents after use. +.TP +.B ub_strerror +Convert error value from one of the unbound library functions +to a human readable string. +.TP +.B ub_ctx_print_local_zones +Debug printout the local authority information to debug output. +.TP +.B ub_ctx_zone_add +Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) +statement. +.TP +.B ub_ctx_zone_remove +Delete zone from local authority info. +.TP +.B ub_ctx_data_add +Add resource record data to local authority info, like local\-data +\fIunbound.conf\fR(5) statement. +.TP +.B ub_ctx_data_remove +Delete local authority data from the name given. +.SH "RESULT DATA STRUCTURE" +.LP +The result of the DNS resolution and validation is returned as +\fIstruct ub_result\fR. The result structure contains the following entries. +.P +.nf + struct ub_result { + char* qname; /* text string, original question */ + int qtype; /* type code asked for */ + int qclass; /* class code asked for */ + char** data; /* array of rdata items, NULL terminated*/ + int* len; /* array with lengths of rdata items */ + char* canonname; /* canonical name of result */ + int rcode; /* additional error code in case of no data */ + void* answer_packet; /* full network format answer packet */ + int answer_len; /* length of packet in octets */ + int havedata; /* true if there is data */ + int nxdomain; /* true if nodata because name does not exist */ + int secure; /* true if result is secure */ + int bogus; /* true if a security failure happened */ + char* why_bogus; /* string with error if bogus */ + }; +.fi +.P +If both secure and bogus are false, security was not enabled for the +domain of the query. +.SH "RETURN VALUES" +Many routines return an error code. The value 0 (zero) denotes no error +happened. Other values can be passed to +.B ub_strerror +to obtain a readable error string. +.B ub_strerror +returns a zero terminated string. +.B ub_ctx_create +returns NULL on an error (a malloc failure). +.B ub_poll +returns true if some information may be available, false otherwise. +.B ub_fd +returns a file descriptor or \-1 on error. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). +.SH "AUTHORS" +.B Unbound +developers are mentioned in the CREDITS file in the distribution. diff --git a/contrib/unbound/doc/requirements.txt b/contrib/unbound/doc/requirements.txt new file mode 100644 index 0000000..a66962d --- /dev/null +++ b/contrib/unbound/doc/requirements.txt @@ -0,0 +1,294 @@ +Requirements for Recursive Caching Resolver + (a.k.a. Treeshrew, Unbound-C) +By W.C.A. Wijngaards, NLnet Labs, October 2006. + +Contents +1. Introduction +2. History +3. Goals +4. Non-Goals + + +1. Introduction +--------------- +This is the requirements document for a DNS name server and aims to +document the goals and non-goals of the project. The DNS (the Domain +Name System) is a global, replicated database that uses a hierarchical +structure for queries. + +Data in the DNS is stored in Resource Record sets (RR sets), and has a +time to live (TTL). During this time the data can be cached. It is +thus useful to cache data to speed up future lookups. A server that +looks up data in the DNS for clients and caches previous answers to +speed up processing is called a caching, recursive nameserver. + +This project aims to develop such a nameserver in modular components, so +that also DNSSEC (secure DNS) validation and stub-resolvers (that do not +run as a server, but a linked into an application) are easily possible. + +The main components are the Validator that validates the security +fingerprints on data sets, the Iterator that sends queries to the +hierarchical DNS servers that own the data and the Cache that stores +data from previous queries. The networking and query management code +then interface with the modules to perform the necessary processing. + +In Section 2 the origins of the Unbound project are documented. Section +3 lists the goals, while Section 4 lists the explicit non-goals of the +project. Section 5 discusses choices made during development. + + +2. History +---------- +The unbound resolver project started by Bill Manning, David Blacka, and +Matt Larson (from the University of California and from Verisign), that +created a Java based prototype resolver called Unbound. The basic +design decisions of clean modules was executed. + +The Java prototype worked very well, with contributions from Geoff +Sisson and Roy Arends from Nominet. Around 2006 the idea came to create +a full-fledged C implementation ready for deployed use. NLnet Labs +volunteered to write this implementation. + + +3. Goals +-------- +o A validating recursive DNS resolver. +o Code diversity in the DNS resolver monoculture. +o Drop-in replacement for BIND apart from config. +o DNSSEC support. +o Fully RFC compliant. +o High performance + * even with validation. +o Used as + * stub resolver. + * full caching name server. + * resolver library. +o Elegant design of validator, resolver, cache modules. + * provide the ability to pick and choose modules. +o Robust. +o In C, open source: The BSD license. +o Highly portable, targets include modern Unix systems, such as *BSD, +solaris, linux, and maybe also the windows platform. +o Smallest as possible component that does the job. +o Stub-zones can be configured (local data or AS112 zones). + + +4. Non-Goals +------------ +o An authoritative name server. +o Too many Features. + + +5. Choices +---------- +o rfc2181 decourages duplicates RRs in RRsets. unbound does not create + duplicates, but when presented with duplicates on the wire from the + authoritative servers, does not perform duplicate removal. + It does do some rrsig duplicate removal, in the msgparser, for dnssec qtype + rrsig and any, because of special rrsig processing in the msgparser. +o The harden-glue feature, when yes all out of zone glue is deleted, when + no out of zone glue is used for further resolving, is more complicated + than that, see below. + Main points: + * rfc2182 trust handling is used. + * data is let through only in very specific cases + * spoofability remains possible. + Not all glue is let through (despite the name of the option). Only glue + which is present in a delegation, of type A and AAAA, where the name is + present in the NS record in the authority section is let through. + The glue that is let through is stored in the cache (marked as 'from the + additional section'). And will then be used for sending queries to. It + will not be present in the reply to the client (if RD is off). + A direct query for that name will attempt to get a msg into the message + cache. Since A and AAAA queries are not synthesized by the unbound cache, + this query will be (eventually) sent to the authoritative server and its + answer will be put in the cache, marked as 'from the answer section' and + thus remove the 'from the additional section' data, and this record is + returned to the client. + The message has a TTL smaller or equal to the TTL of the answer RR. + If the cache memory is low; the answer RR may be dropped, and a glue + RR may be inserted, within the message TTL time, and thus return the + spoofed glue to a client. When the message expires, it is refetched and + the cached RR is updated with the correct content. + The server can be spoofed by getting it to visit a especially prepared + domain. This domain then inserts an address for another authoritative + server into the cache, when visiting that other domain, this address may + then be used to send queries to. And fake answers may be returned. + If the other domain is signed by DNSSEC, the fakes will be detected. + + In summary, the harden glue feature presents a security risk if + disabled. Disabling the feature leads to possible better performance + as more glue is present for the recursive service to use. The feature + is implemented so as to minimise the security risk, while trying to + keep this performance gain. +o The method by which dnssec-lameness is detected is not secure. DNSSEC lame + is when a server has the zone in question, but lacks dnssec data, such as + signatures. The method to detect dnssec lameness looks at nonvalidated + data from the parent of a zone. This can be used, by spoofing the parent, + to create a false sense of dnssec-lameness in the child, or a false sense + or dnssec-non-lameness in the child. The first results in the server marked + lame, and not used for 900 seconds, and the second will result in a + validator failure (SERVFAIL again), when the query is validated later on. + + Concluding, a spoof of the parent delegation can be used for many cases + of denial of service. I.e. a completely different NS set could be returned, + or the information withheld. All of these alterations can be caught by + the validator if the parent is signed, and result in 900 seconds bogus. + The dnssec-lameness detection is used to detect operator failures, + before the validator will properly verify the messages. + + Also for zones for which no chain of trust exists, but a DS is given by the + parent, dnssec-lameness detection enables. This delivers dnssec to our + clients when possible (for client validators). + + The following issue needs to be resolved: + a server that serves both a parent and child zone, where + parent is signed, but child is not. The server must not be marked + lame for the parent zone, because the child answer is not signed. + Instead of a false positive, we want false negatives; failure to + detect dnssec-lameness is less of a problem than marking honest + servers lame. dnssec-lameness is a config error and deserves the trouble. + So, only messages that identify the zone are used to mark the zone + lame. The zone is identified by SOA or NS RRsets in the answer/auth. + That includes almost all negative responses and also A, AAAA qtypes. + That would be most responses from servers. + For referrals, delegations that add a single label can be checked to be + from their zone, this covers most delegation-centric zones. + + So possibly, for complicated setups, with multiple (parent-child) zones + on a server, dnssec-lameness detection does not work - no dnssec-lameness + is detected. Instead the zone that is dnssec-lame becomes bogus. + +o authority features. + This is a recursive server, and authority features are out of scope. + However, some authority features are expected in a recursor. Things like + localhost, reverse lookup for 127.0.0.1, or blocking AS112 traffic. + Also redirection of domain names with fixed data is needed by service + providers. Limited support is added specifically to address this. + + Adding full authority support, requires much more code, and more complex + maintenance. + + The limited support allows adding some static data (for localhost and so), + and to respond with a fixed rcode (NXDOMAIN) for domains (such as AS112). + + You can put authority data on a separate server, and set the server in + unbound.conf as stub for those zones, this allows clients to access data + from the server without making unbound authoritative for the zones. + +o the access control denies queries before any other processing. + This denies queries that are not authoritative, or version.bind, or any. + And thus prevents cache-snooping (denied hosts cannot make non-recursive + queries and get answers from the cache). + +o If a client makes a query without RD bit, in the case of a returned + message from cache which is: + answer section: empty + auth section: NS record present, no SOA record, no DS record, + maybe NSEC or NSEC3 records present. + additional: A records or other relevant records. + A SOA record would indicate that this was a NODATA answer. + A DS records would indicate a referral. + Absence of NS record would indicate a NODATA answer as well. + + Then the receiver does not know whether this was a referral + with attempt at no-DS proof) or a nodata answer with attempt + at no-data proof. It could be determined by attempting to prove + either condition; and looking if only one is valid, but both + proofs could be valid, or neither could be valid, which creates + doubt. This case is validated by unbound as a 'referral' which + ascertains that RRSIGs are OK (and not omitted), but does not + check NSEC/NSEC3. + +o Case preservation + Unbound preserves the casing received from authority servers as best + as possible. It compresses without case, so case can get lost there. + The casing from the query name is used in preference to the casing + of the authority server. This is the same as BIND. RFC4343 allows either + behaviour. + +o Denial of service protection + If many queries are made, and they are made to names for which the + authority servers do not respond, then the requestlist for unbound + fills up fast. This results in denial of service for new queries. + To combat this the first 50% of the requestlist can run to completion. + The last 50% of the requestlist get (200 msec) at least and are replaced + by newer queries when older (LIFO). + When a new query comes in, and a place in the first 50% is available, this + is preferred. Otherwise, it can replace older queries out of the last 50%. + Thus, even long queries get a 50% chance to be resolved. And many 'short' + one or two round-trip resolves can be done in the last 50% of the list. + The timeout can be configured. + +o EDNS fallback. Is done according to the EDNS RFC (and update draft-00). + Unbound assumes EDNS 0 support for the first query. Then it can detect + support (if the servers replies) or non-support (on a NOTIMPL or FORMERR). + Some middleboxes drop EDNS 0 queries, mainly when forwarding, not when + routing packets. To detect this, when timeouts keep happening, as the + timeout approached 5-10 seconds, and EDNS status has not been detected yet, + a single probe query is sent. This probe has a sub-second timeout, and + if the server responds (quickly) without EDNS, this is cached for 15 min. + This works very well when detecting an address that you use much - like + a forwarder address - which is where the middleboxes need to be detected. + Otherwise, it results in a 5 second wait time before EDNS timeout is + detected, which is slow but it works at least. + It minimizes the chances of a dropped query making a (DNSSEC) EDNS server + falsely EDNS-nonsupporting, and thus DNSSEC-bogus, works well with + middleboxes, and can detect the occasional authority that drops EDNS. + For some boxes it is necessary to probe for every failing query, a + reassurance that the DNS server does EDNS does not mean that path can + take large DNS answers. + +o 0x20 backoff. + The draft describes to back off to the next server, and go through all + servers several times. Unbound goes on get the full list of nameserver + addresses, and then makes 3 * number of addresses queries. + They are sent to a random server, but no one address more than 4 times. + It succeeds if one has 0x20 intact, or else all are equal. + Otherwise, servfail is returned to the client. + +o NXDOMAIN and SOA serial numbers. + Unbound keeps TTL values for message formats, and thus rcodes, such + as NXDOMAIN. Also it keeps the latest rrsets in the rrset cache. + So it will faithfully negative cache for the exact TTL as originally + specified for an NXDOMAIN message, but send a newer SOA record if + this has been found in the mean time. In point, this could lead to a + negative cached NXDOMAIN reply with a SOA RR where the serial number + indicates a zone version where this domain is not any longer NXDOMAIN. + These situations become consistent once the original TTL expires. + If the domain is DNSSEC signed, by the way, then NSEC records are + updated more carefully. If one of the NSEC records in an NXDOMAIN is + updated from another query, the NXDOMAIN is dropped from the cache, + and queried for again, so that its proof can be checked again. + +o SOA records in negative cached answers for DS queries. + The current unbound code uses a negative cache for queries for type DS. + This speeds up building chains of trust, and uses NSEC and NSEC3 + (optout) information to speed up lookups. When used internally, + the bare NSEC(3) information is sufficient, probably picked up from + a referral. When answering to clients, a SOA record is needed for + the correct message format, a SOA record is picked from the cache + (and may not actually match the serial number of the SOA for which the + NSEC and NSEC3 records were obtained) if available otherwise network + queries are performed to get the data. + +o Parent and child with different nameserver information. + A misconfiguration that sometimes happens is where the parent and child + have different NS, glue information. The child is authoritative, and + unbound will not trust information from the parent nameservers as the + final answer. To help lookups, unbound will however use the parent-side + version of the glue as a last resort lookup. This resolves lookups for + those misconfigured domains where the servers reported by the parent + are the only ones working, and servers reported by the child do not. + +o Failure of validation and probing. + Retries on a validation failure are now 5x to a different nameserver IP + (if possible), and then it gives up, for one name, type, class entry in + the message cache. If a DNSKEY or DS fails in the chain of trust in the + key cache additionally, after the probing, a bad key entry is created that + makes the entire zone bogus for 900 seconds. This is a fixed value at + this time and is conservative in sending probes. It makes the compound + effect of many resolvers less and easier to handle, but penalizes + individual resolvers by having less probes and a longer time before fixes + are picked up. + diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in new file mode 100644 index 0000000..b7f0bda --- /dev/null +++ b/contrib/unbound/doc/unbound-anchor.8.in @@ -0,0 +1,174 @@ +.TH "unbound-anchor" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound-anchor.8 -- unbound anchor maintenance utility manual +.\" +.\" Copyright (c) 2008, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B unbound\-anchor +\- Unbound anchor utility. +.SH "SYNOPSIS" +.B unbound\-anchor +.RB [ opts ] +.SH "DESCRIPTION" +.B Unbound\-anchor +performs setup or update of the root trust anchor for DNSSEC validation. +It can be run (as root) from the commandline, or run as part of startup +scripts. Before you start the \fIunbound\fR(8) DNS server. +.P +Suggested usage: +.P +.nf + # in the init scripts. + # provide or update the root anchor (if necessary) + unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@" + # Please note usage of this root anchor is at your own risk + # and under the terms of our LICENSE (see source). + # + # start validating resolver + # the unbound.conf contains: + # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@" + unbound -c unbound.conf +.fi +.P +This tool provides builtin default contents for the root anchor and root +update certificate files. +.P +It tests if the root anchor file works, and if not, and an update is possible, +attempts to update the root anchor using the root update certificate. +It performs a https fetch of root-anchors.xml and checks the results, if +all checks are successful, it updates the root anchor file. Otherwise +the root anchor file is unchanged. It performs RFC5011 tracking if the +DNSSEC information available via the DNS makes that possible. +.P +If does not perform an update if the certificate is expired, if the network +is down or other errors occur. +.P +The available options are: +.TP +.B \-a \fIfile +The root anchor key file, that is read in and written out. +Default is @UNBOUND_ROOTKEY_FILE@. +If the file does not exist, or is empty, a builtin root key is written to it. +.TP +.B \-c \fIfile +The root update certificate file, that is read in. +Default is @UNBOUND_ROOTCERT_FILE@. +If the file does not exist, or is empty, a builtin certificate is used. +.TP +.B \-l +List the builtin root key and builtin root update certificate on stdout. +.TP +.B \-u \fIname +The server name, it connects to https://name. Specify without https:// prefix. +The default is "data.iana.org". It connects to the port specified with \-P. +You can pass an IPv4 addres or IPv6 address (no brackets) if you want. +.TP +.B \-x \fIpath +The pathname to the root\-anchors.xml file on the server. (forms URL with \-u). +The default is /root\-anchors/root\-anchors.xml. +.TP +.B \-s \fIpath +The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u). +The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7 +signature over the xml file, using the pem file (\-c) as trust anchor. +.TP +.B \-4 +Use IPv4 for domain resolution and contacting the server on https. Default is +to use IPv4 and IPv6 where appropriate. +.TP +.B \-6 +Use IPv6 for domain resolution and contacting the server on https. Default is +to use IPv4 and IPv6 where appropriate. +.TP +.B \-f \fIresolv.conf +Use the given resolv.conf file. Not enabled by default, but you could try to +pass /etc/resolv.conf on some systems. It contains the IP addresses of the +recursive nameservers to use. However, since this tool could be used to +bootstrap that very recursive nameserver, it would not be useful (since +that server is not up yet, since we are bootstrapping it). It could be +useful in a situation where you know an upstream cache is deployed (and +running) and in captive portal situations. +.TP +.B \-r \fIroot.hints +Use the given root.hints file (same syntax as the BIND and Unbound root hints +file) to bootstrap domain resolution. By default a list of builtin root +hints is used. Unbound\-anchor goes to the network itself for these roots, +to resolve the server (\-u option) and to check the root DNSKEY records. +It does so, because the tool when used for bootstrapping the recursive +resolver, cannot use that recursive resolver itself because it is bootstrapping +that server. +.TP +.B \-v +More verbose. Once prints informational messages, multiple times may enable +large debug amounts (such as full certificates or byte\-dumps of downloaded +files). By default it prints almost nothing. It also prints nothing on +errors by default; in that case the original root anchor file is simply +left undisturbed, so that a recursive server can start right after it. +.TP +.B \-C \fIunbound.conf +Debug option to read unbound.conf into the resolver process used. +.TP +.B \-P \fIport +Set the port number to use for the https connection. The default is 443. +.TP +.B \-F +Debug option to force update of the root anchor through downloading the xml +file and verifying it with the certificate. By default it first tries to +update by contacting the DNS, which uses much less bandwidth, is much +faster (200 msec not 2 sec), and is nicer to the deployed infrastructure. +With this option, it still attempts to do so (and may verbosely tell you), +but then ignores the result and goes on to use the xml fallback method. +.TP +.B \-h +Show the version and commandline option help. +.TP +.B \-v +More verbose. Prints output detailing what happens. +.SH "EXIT CODE" +This tool exits with value 1 if the root anchor was updated using the +certificate or if the builtin root-anchor was used. It exits with code +0 if no update was necessary, if the update was possible with RFC5011 +tracking, or if an error occurred. +.P +You can check the exit value in this manner: +.nf + unbound-anchor -a "root.key" || logger "Please check root.key" +.fi +Or something more suitable for your operational environment. +.SH "TRUST" +The root keys and update certificate included in this tool +are provided for convenience and under the terms of our +license (see the LICENSE file in the source distribution or +http://unbound.nlnetlabs.nl/svn/trunk/LICENSE) and might be stale or +not suitable to your purpose. +.P +By running "unbound\-anchor \-l" the keys and certificate that are +configured in the code are printed for your convenience. +.P +The build\-in configuration can be overridden by providing a root\-cert +file and a rootkey file. +.SH "FILES" +.TP +.I @UNBOUND_ROOTKEY_FILE@ +The root anchor file, updated with 5011 tracking, and read and written to. +The file is created if it does not exist. +.TP +.I @UNBOUND_ROOTCERT_FILE@ +The trusted self\-signed certificate that is used to verify the downloaded +DNSSEC root trust anchor. You can update it by fetching it from +https://data.iana.org/root\-anchors/icannbundle.pem (and validate it). +If the file does not exist or is empty, a builtin version is used. +.TP +.I https://data.iana.org/root\-anchors/root\-anchors.xml +Source for the root key information. +.TP +.I https://data.iana.org/root\-anchors/root\-anchors.p7s +Signature on the root key information. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in new file mode 100644 index 0000000..fdd7528 --- /dev/null +++ b/contrib/unbound/doc/unbound-checkconf.8.in @@ -0,0 +1,49 @@ +.TH "unbound-checkconf" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound-checkconf.8 -- unbound configuration checker manual +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +unbound\-checkconf +\- Check unbound configuration file for errors. +.SH "SYNOPSIS" +.B unbound\-checkconf +.RB [ \-h ] +.RB [ \-o +.IR option ] +.RI [ cfgfile ] +.SH "DESCRIPTION" +.B Unbound\-checkconf +checks the configuration file for the +\fIunbound\fR(8) +DNS resolver for syntax and other errors. +The config file syntax is described in +\fIunbound.conf\fR(5). +.P +The available options are: +.TP +.B \-h +Show the version and commandline option help. +.TP +.B \-o\fI option +If given, after checking the config file the value of this option is +printed to stdout. For "" (disabled) options an empty line is printed. +.TP +.I cfgfile +The config file to read with settings for unbound. It is checked. +If omitted, the config file at the default location is checked. +.SH "EXIT CODE" +The unbound\-checkconf program exits with status code 1 on error, +0 for a correct config file. +.SH "FILES" +.TP +.I @ub_conf_file@ +unbound configuration file. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in new file mode 100644 index 0000000..575f897 --- /dev/null +++ b/contrib/unbound/doc/unbound-control.8.in @@ -0,0 +1,450 @@ +.TH "unbound-control" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound-control.8 -- unbound remote control manual +.\" +.\" Copyright (c) 2008, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B unbound\-control, +.B unbound\-control\-setup +\- Unbound remote server control utility. +.SH "SYNOPSIS" +.B unbound\-control +.RB [ \-h ] +.RB [ \-c +.IR cfgfile ] +.RB [ \-s +.IR server ] +.IR command +.SH "DESCRIPTION" +.B Unbound\-control +performs remote administration on the \fIunbound\fR(8) DNS server. +It reads the configuration file, contacts the unbound server over SSL +sends the command and displays the result. +.P +The available options are: +.TP +.B \-h +Show the version and commandline option help. +.TP +.B \-c \fIcfgfile +The config file to read with settings. If not given the default +config file @ub_conf_file@ is used. +.TP +.B \-s \fIserver[@port] +IPv4 or IPv6 address of the server to contact. If not given, the +address is read from the config file. +.SH "COMMANDS" +There are several commands that the server understands. +.TP +.B start +Start the server. Simply execs \fIunbound\fR(8). The unbound executable +is searched for in the \fBPATH\fR set in the environment. It is started +with the config file specified using \fI\-c\fR or the default config file. +.TP +.B stop +Stop the server. The server daemon exits. +.TP +.B reload +Reload the server. This flushes the cache and reads the config file fresh. +.TP +.B verbosity \fInumber +Change verbosity value for logging. Same values as \fBverbosity\fR keyword in +\fIunbound.conf\fR(5). This new setting lasts until the server is issued +a reload (taken from config file again), or the next verbosity control command. +.TP +.B log_reopen +Reopen the logfile, close and open it. Useful for logrotation to make the +daemon release the file it is logging to. If you are using syslog it will +attempt to close and open the syslog (which may not work if chrooted). +.TP +.B stats +Print statistics. Resets the internal counters to zero, this can be +controlled using the \fBstatistics\-cumulative\fR config statement. +Statistics are printed with one [name]: [value] per line. +.TP +.B stats_noreset +Peek at statistics. Prints them like the \fBstats\fR command does, but does not +reset the internal counters to zero. +.TP +.B status +Display server status. Exit code 3 if not running (the connection to the +port is refused), 1 on error, 0 if running. +.TP +.B local_zone \fIname\fR \fItype +Add new local zone with name and type. Like \fBlocal\-zone\fR config statement. +If the zone already exists, the type is changed to the given argument. +.TP +.B local_zone_remove \fIname +Remove the local zone with the given name. Removes all local data inside +it. If the zone does not exist, the command succeeds. +.TP +.B local_data \fIRR data... +Add new local data, the given resource record. Like \fBlocal\-data\fR +config statement, except for when no covering zone exists. In that case +this remote control command creates a transparent zone with the same +name as this record. This command is not good at returning detailed syntax +errors. +.TP +.B local_data_remove \fIname +Remove all RR data from local name. If the name already has no items, +nothing happens. Often results in NXDOMAIN for the name (in a static zone), +but if the name has become an empty nonterminal (there is still data in +domain names below the removed name), NOERROR nodata answers are the +result for that name. +.TP +.B dump_cache +The contents of the cache is printed in a text format to stdout. You can +redirect it to a file to store the cache in a file. +.TP +.B load_cache +The contents of the cache is loaded from stdin. Uses the same format as +dump_cache uses. Loading the cache with old, or wrong data can result +in old or wrong data returned to clients. Loading data into the cache +in this way is supported in order to aid with debugging. +.TP +.B lookup \fIname +Print to stdout the name servers that would be used to look up the +name specified. +.TP +.B flush \fIname +Remove the name from the cache. Removes the types +A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR. +Because that is fast to do. Other record types can be removed using +.B flush_type +or +.B flush_zone\fR. +.TP +.B flush_type \fIname\fR \fItype +Remove the name, type information from the cache. +.TP +.B flush_zone \fIname +Remove all information at or below the name from the cache. +The rrsets and key entries are removed so that new lookups will be performed. +This needs to walk and inspect the entire cache, and is a slow operation. +.TP +.B flush_stats +Reset statistics to zero. +.TP +.B flush_requestlist +Drop the queries that are worked on. Stops working on the queries that the +server is working on now. The cache is unaffected. No reply is sent for +those queries, probably making those users request again later. +Useful to make the server restart working on queries with new settings, +such as a higher verbosity level. +.TP +.B dump_requestlist +Show what is worked on. Prints all queries that the server is currently +working on. Prints the time that users have been waiting. For internal +requests, no time is printed. And then prints out the module status. +.TP +.B flush_infra \fIall|IP +If all then entire infra cache is emptied. If a specific IP address, the +entry for that address is removed from the cache. It contains EDNS, ping +and lameness data. +.TP +.B dump_infra +Show the contents of the infra cache. +.TP +.B set_option \fIopt: val +Set the option to the given value without a reload. The cache is +therefore not flushed. The option must end with a ':' and whitespace +must be between the option and the value. Some values may not have an +effect if set this way, the new values are not written to the config file, +not all options are supported. This is different from the set_option call +in libunbound, where all values work because unbound has not been inited. +.IP +The values that work are: statistics\-interval, statistics\-cumulative, +do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries, +harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain, +harden\-referral\-path, prefetch, prefetch\-key, log\-queries, +hide\-identity, hide\-version, identity, version, val\-log\-level, +val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown, +keep\-missing, tcp\-upstream, ssl\-upstream. +.TP +.B get_option \fIopt +Get the value of the option. Give the option name without a trailing ':'. +The value is printed. If the value is "", nothing is printed +and the connection closes. On error 'error ...' is printed (it gives +a syntax error on unknown option). For some options a list of values, +one on each line, is printed. The options are shown from the config file +as modified with set_option. For some options an override may have been +taken that does not show up with this command, not results from e.g. the +verbosity and forward control commands. Not all options work, see list_stubs, +list_forwards, list_local_zones and list_local_data for those. +.TP +.B list_stubs +List the stub zones in use. These are printed one by one to the output. +This includes the root hints in use. +.TP +.B list_forwards +List the forward zones in use. These are printed zone by zone to the output. +.TP +.B list_local_zones +List the local zones in use. These are printed one per line with zone type. +.TP +.B list_local_data +List the local data RRs in use. The resource records are printed. +.TP +.B forward_add \fR[\fI+i\fR] \fIzone addr ... +Add a new forward zone to running unbound. With +i option also adds a +\fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have +a DNSSEC root trust anchor configured for other names). +The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config +in unbound.conf. +.TP +.B forward_remove \fR[\fI+i\fR] \fIzone +Remove a forward zone from running unbound. The +i also removes a +\fIdomain\-insecure\fR for the zone. +.TP +.B stub_add \fR[\fI+ip\fR] \fIzone addr ... +Add a new stub zone to running unbound. With +i option also adds a +\fIdomain\-insecure\fR for the zone. With +p the stub zone is set to prime, +without it it is set to notprime. The addr can be IP4, IP6 or nameserver +names, like the \fIstub-zone\fR config in unbound.conf. +.TP +.B stub_remove \fR[\fI+i\fR] \fIzone +Remove a stub zone from running unbound. The +i also removes a +\fIdomain\-insecure\fR for the zone. +.TP +.B forward \fR[\fIoff\fR | \fIaddr ...\fR ] +Setup forwarding mode. Configures if the server should ask other upstream +nameservers, should go to the internet root nameservers itself, or show +the current config. You could pass the nameservers after a DHCP update. +.IP +Without arguments the current list of addresses used to forward all queries +to is printed. On startup this is from the forward\-zone "." configuration. +Afterwards it shows the status. It prints off when no forwarding is used. +.IP +If \fIoff\fR is passed, forwarding is disabled and the root nameservers +are used. This can be used to avoid to avoid buggy or non\-DNSSEC supporting +nameservers returned from DHCP. But may not work in hotels or hotspots. +.IP +If one or more IPv4 or IPv6 addresses are given, those are then used to forward +queries to. The addresses must be separated with spaces. With '@port' the +port number can be set explicitly (default port is 53 (DNS)). +.IP +By default the forwarder information from the config file for the root "." is +used. The config file is not changed, so after a reload these changes are +gone. Other forward zones from the config file are not affected by this command. +.SH "EXIT CODE" +The unbound\-control program exits with status code 1 on error, 0 on success. +.SH "SET UP" +The setup requires a self\-signed certificate and private keys for both +the server and client. The script \fIunbound\-control\-setup\fR generates +these in the default run directory, or with \-d in another directory. +If you change the access control permissions on the key files you can decide +who can use unbound\-control, by default owner and group but not all users. +Run the script under the same username as you have configured in unbound.conf +or as root, so that the daemon is permitted to read the files, for example with: +.nf + sudo \-u unbound unbound\-control\-setup +.fi +If you have not configured +a username in unbound.conf, the keys need read permission for the user +credentials under which the daemon is started. +The script preserves private keys present in the directory. +After running the script as root, turn on \fBcontrol\-enable\fR in +\fIunbound.conf\fR. +.SH "STATISTIC COUNTERS" +The \fIstats\fR command shows a number of statistic counters. +.TP +.I threadX.num.queries +number of queries received by thread +.TP +.I threadX.num.cachehits +number of queries that were successfully answered using a cache lookup +.TP +.I threadX.num.cachemiss +number of queries that needed recursive processing +.TP +.I threadX.num.prefetch +number of cache prefetches performed. This number is included in +cachehits, as the original query had the unprefetched answer from cache, +and resulted in recursive processing, taking a slot in the requestlist. +Not part of the recursivereplies (or the histogram thereof) or cachemiss, +as a cache response was sent. +.TP +.I threadX.num.recursivereplies +The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries. +.TP +.I threadX.requestlist.avg +The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query. +.TP +.I threadX.requestlist.max +Maximum size attained by the internal recursive processing request list. +.TP +.I threadX.requestlist.overwritten +Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time. +.TP +.I threadX.requestlist.exceeded +Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up. +.TP +.I threadX.requestlist.current.all +Current size of the request list, includes internally generated queries (such +as priming queries and glue lookups). +.TP +.I threadX.requestlist.current.user +Current size of the request list, only the requests from client queries. +.TP +.I threadX.recursion.time.avg +Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average. +.TP +.I threadX.recursion.time.median +The median of the time it took to answer queries that needed recursive +processing. The median means that 50% of the user queries were answered in +less than this time. Because of big outliers (usually queries to non +responsive servers), the average can be bigger than the median. This median +has been calculated by interpolation from a histogram. +.TP +.I total.num.queries +summed over threads. +.TP +.I total.num.cachehits +summed over threads. +.TP +.I total.num.cachemiss +summed over threads. +.TP +.I total.num.prefetch +summed over threads. +.TP +.I total.num.recursivereplies +summed over threads. +.TP +.I total.requestlist.avg +averaged over threads. +.TP +.I total.requestlist.max +the maximum of the thread requestlist.max values. +.TP +.I total.requestlist.overwritten +summed over threads. +.TP +.I total.requestlist.exceeded +summed over threads. +.TP +.I total.requestlist.current.all +summed over threads. +.TP +.I total.recursion.time.median +averaged over threads. +.TP +.I time.now +current time in seconds since 1970. +.TP +.I time.up +uptime since server boot in seconds. +.TP +.I time.elapsed +time since last statistics printout, in seconds. +.SH EXTENDED STATISTICS +.TP +.I mem.total.sbrk +If sbrk(2) is available, an estimate of the heap size of the program in number of bytes. Close to the total memory used by the program, as reported by top and ps. Could be wrong if the OS allocates memory non\-contiguously. +.TP +.I mem.cache.rrset +Memory in bytes in use by the RRset cache. +.TP +.I mem.cache.message +Memory in bytes in use by the message cache. +.TP +.I mem.mod.iterator +Memory in bytes in use by the iterator module. +.TP +.I mem.mod.validator +Memory in bytes in use by the validator module. Includes the key cache and +negative cache. +.TP +.I histogram.<sec>.<usec>.to.<sec>.<usec> +Shows a histogram, summed over all threads. Every element counts the +recursive queries whose reply time fit between the lower and upper bound. +Times larger or equal to the lowerbound, and smaller than the upper bound. +There are 40 buckets, with bucket sizes doubling. +.TP +.I num.query.type.A +The total number of queries over all threads with query type A. +Printed for the other query types as well, but only for the types for which +queries were received, thus =0 entries are omitted for brevity. +.TP +.I num.query.type.other +Number of queries with query types 256\-65535. +.TP +.I num.query.class.IN +The total number of queries over all threads with query class IN (internet). +Also printed for other classes (such as CH (CHAOS) sometimes used for +debugging), or NONE, ANY, used by dynamic update. +num.query.class.other is printed for classes 256\-65535. +.TP +.I num.query.opcode.QUERY +The total number of queries over all threads with query opcode QUERY. +Also printed for other opcodes, UPDATE, ... +.TP +.I num.query.tcp +Number of queries that were made using TCP towards the unbound server. +.TP +.I num.query.ipv6 +Number of queries that were made using IPv6 towards the unbound server. +.TP +.I num.query.flags.RD +The number of queries that had the RD flag set in the header. +Also printed for flags QR, AA, TC, RA, Z, AD, CD. +Note that queries with flags QR, AA or TC may have been rejected +because of that. +.TP +.I num.query.edns.present +number of queries that had an EDNS OPT record present. +.TP +.I num.query.edns.DO +number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set. +These queries are also included in the num.query.edns.present number. +.TP +.I num.answer.rcode.NXDOMAIN +The number of answers to queries, from cache or from recursion, that had the +return code NXDOMAIN. Also printed for the other return codes. +.TP +.I num.answer.rcode.nodata +The number of answers to queries that had the pseudo return code nodata. +This means the actual return code was NOERROR, but additionally, no data was +carried in the answer (making what is called a NOERROR/NODATA answer). +These queries are also included in the num.answer.rcode.NOERROR number. +Common for AAAA lookups when an A record exists, and no AAAA. +.TP +.I num.answer.secure +Number of answers that were secure. The answer validated correctly. +The AD bit might have been set in some of these answers, where the client +signalled (with DO or AD bit in the query) that they were ready to accept +the AD bit in the answer. +.TP +.I num.answer.bogus +Number of answers that were bogus. These answers resulted in SERVFAIL +to the client because the answer failed validation. +.TP +.I num.rrset.bogus +The number of rrsets marked bogus by the validator. Increased for every +RRset inspection that fails. +.TP +.I unwanted.queries +Number of queries that were refused or dropped because they failed the +access control settings. +.TP +.I unwanted.replies +Replies that were unwanted or unsolicited. Could have been random traffic, +delayed duplicates, very late answers, or could be spoofing attempts. +Some low level of late answers and delayed duplicates are to be expected +with the UDP protocol. Very high values could indicate a threat (spoofing). +.SH "FILES" +.TP +.I @ub_conf_file@ +unbound configuration file. +.TP +.I @UNBOUND_RUN_DIR@ +directory with private keys (unbound_server.key and unbound_control.key) and +self\-signed certificates (unbound_server.pem and unbound_control.pem). +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). diff --git a/contrib/unbound/doc/unbound-host.1 b/contrib/unbound/doc/unbound-host.1 new file mode 100644 index 0000000..3848e5c --- /dev/null +++ b/contrib/unbound/doc/unbound-host.1 @@ -0,0 +1,116 @@ +.TH "unbound\-host" "1" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound-host.1 -- unbound DNS lookup utility +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B unbound\-host +\- unbound DNS lookup utility +.SH "SYNOPSIS" +.LP +.B unbound\-host +.RB [ \-vdhr46 ] +.RB [ \-c +.IR class ] +.RB [ \-t +.IR type ] +.I hostname +.RB [ \-y +.IR key ] +.RB [ \-f +.IR keyfile ] +.RB [ \-F +.IR namedkeyfile ] +.RB [ \-C +.IR configfile ] +.SH "DESCRIPTION" +.LP +.B Unbound\-host +uses the unbound validating resolver to query for the hostname and display +results. With the \fB\-v\fR option it displays validation +status: secure, insecure, bogus (security failure). +.P +By default it reads no configuration file whatsoever. It attempts to reach +the internet root servers. With \fB\-C\fR an unbound config file and with +\fB\-r\fR resolv.conf can be read. +.P +The available options are: +.TP +.I hostname +This name is resolved (looked up in the DNS). +If a IPv4 or IPv6 address is given, a reverse lookup is performed. +.TP +.B \-h +Show the version and commandline option help. +.TP +.B \-v +Enable verbose output and it shows validation results, on every line. +Secure means that the NXDOMAIN (no such domain name), nodata (no such data) +or positive data response validated correctly with one of the keys. +Insecure means that that domain name has no security set up for it. +Bogus (security failure) means that the response failed one or more checks, +it is likely wrong, outdated, tampered with, or broken. +.TP +.B \-d +Enable debug output to stderr. One \-d shows what the resolver and validator +are doing and may tell you what is going on. More times, \-d \-d, gives a +lot of output, with every packet sent and received. +.TP +.B \-c \fIclass +Specify the class to lookup for, the default is IN the internet class. +.TP +.B \-t \fItype +Specify the type of data to lookup. The default looks for IPv4, IPv6 and +mail handler data, or domain name pointers for reverse queries. +.TP +.B \-y \fIkey +Specify a public key to use as trust anchor. This is the base for a chain +of trust that is built up from the trust anchor to the response, in order +to validate the response message. Can be given as a DS or DNSKEY record. +For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD". +.TP +.B \-f \fIkeyfile +Reads keys from a file. Every line has a DS or DNSKEY record, in the format +as for \-y. The zone file format, the same as dig and drill produce. +.TP +.B \-F \fInamedkeyfile +Reads keys from a BIND\-style named.conf file. Only the trusted\-key {}; entries +are read. +.TP +.B \-C \fIconfigfile +Uses the specified unbound.conf to prime +.IR libunbound (3). +.TP +.B \-r +Read /etc/resolv.conf, and use the forward DNS servers from there (those could +have been set by DHCP). More info in +.IR resolv.conf (5). +Breaks validation if those servers do not support DNSSEC. +.TP +.B \-4 +Use solely the IPv4 network for sending packets. +.TP +.B \-6 +Use solely the IPv6 network for sending packets. +.SH "EXAMPLES" +.LP +Some examples of use. The keys shown below are fakes, thus a security failure +is encountered. +.P +$ unbound\-host www.example.com +.P +$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com +.P +$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153 +.SH "EXIT CODE" +The unbound\-host program exits with status code 1 on error, +0 on no error. The data may not be available on exit code 0, exit code 1 +means the lookup encountered a fatal error. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\fR(8). diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in new file mode 100644 index 0000000..06cf588 --- /dev/null +++ b/contrib/unbound/doc/unbound.8.in @@ -0,0 +1,51 @@ +.TH "unbound" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound.8 -- unbound manual +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B unbound +\- Unbound DNS validating resolver 1.4.17. +.SH "SYNOPSIS" +.LP +.B unbound +.RB [ \-h ] +.RB [ \-d ] +.RB [ \-v ] +.RB [ \-c +.IR cfgfile ] +.SH "DESCRIPTION" +.LP +.B Unbound +is an implementation of a DNS resolver, that does caching and +DNSSEC validation. +.P +The available options are: +.TP +.B \-h +Show the version and commandline option help. +.TP +.B \-c\fI cfgfile +Set the config file with settings for unbound to read instead of reading the +file at the default location, @ub_conf_file@. The syntax is +described in \fIunbound.conf\fR(5). +.TP +.B \-d +Debug flag, do not fork into the background, but stay attached to the +console. This flag will also delay writing to the logfile until the +thread\-spawn time. So that most config and setup errors appear on stderr. +.TP +.B \-v +Increase verbosity. If given multiple times, more information is logged. +This is in addition to the verbosity (if any) from the config file. +.SH "SEE ALSO" +\fIunbound.conf\fR(5), +\fIunbound\-checkconf\fR(8). +.SH "AUTHORS" +.B Unbound +developers are mentioned in the CREDITS file in the distribution. diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in new file mode 100644 index 0000000..3218875 --- /dev/null +++ b/contrib/unbound/doc/unbound.conf.5.in @@ -0,0 +1,1094 @@ +.TH "unbound.conf" "5" "May 24, 2012" "NLnet Labs" "unbound 1.4.17" +.\" +.\" unbound.conf.5 -- unbound.conf manual +.\" +.\" Copyright (c) 2007, NLnet Labs. All rights reserved. +.\" +.\" See LICENSE for the license. +.\" +.\" +.SH "NAME" +.LP +.B unbound.conf +\- Unbound configuration file. +.SH "SYNOPSIS" +.LP +.B unbound.conf +.SH "DESCRIPTION" +.LP +.B unbound.conf +is used to configure +\fIunbound\fR(8). +The file format has attributes and values. Some attributes have attributes inside them. +The notation is: attribute: value. +.P +Comments start with # and last to the end of line. Empty lines are +ignored as is whitespace at the beginning of a line. +.P +The utility +\fIunbound\-checkconf\fR(8) +can be used to check unbound.conf prior to usage. +.SH "EXAMPLE" +An example config file is shown below. Copy this to /etc/unbound/unbound.conf +and start the server with: +.P +.nf + $ unbound \-c /etc/unbound/unbound.conf +.fi +.P +Most settings are the defaults. Stop the server with: +.P +.nf + $ kill `cat /etc/unbound/unbound.pid` +.fi +.P +Below is a minimal config file. The source distribution contains an extensive +example.conf file with all the options. +.P +.nf +# unbound.conf(5) config file for unbound(8). +server: + directory: "/etc/unbound" + username: unbound + # make sure unbound can access entropy from inside the chroot. + # e.g. on linux the use these commands (on BSD, devfs(8) is used): + # mount \-\-bind \-n /dev/random /etc/unbound/dev/random + # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log + chroot: "/etc/unbound" + # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. + pidfile: "/etc/unbound/unbound.pid" + # verbosity: 1 # uncomment and increase to get more logging. + # listen on all interfaces, answer queries from the local subnet. + interface: 0.0.0.0 + interface: ::0 + access\-control: 10.0.0.0/8 allow + access\-control: 2001:DB8::/64 allow +.fi +.SH "FILE FORMAT" +.LP +There must be whitespace between keywords. Attribute keywords end with a colon ':'. An attribute +is followed by its containing attributes, or a value. +.P +Files can be included using the +.B include: +directive. It can appear anywhere, and takes a single filename as an argument. +Processing continues as if the text from the included file was copied into +the config file at that point. If also using chroot, using full path names +for the included files works, relative pathnames for the included names work +if the directory where the daemon is started equals its chroot/working +directory. +.SS "Server Options" +These options are part of the +.B server: +clause. +.TP +.B verbosity: \fI<number> +The verbosity number, level 0 means no verbosity, only errors. Level 1 +gives operational information. Level 2 gives detailed operational +information. Level 3 gives query level information, output per query. +Level 4 gives algorithm level information. Level 5 logs client +identification for cache misses. Default is level 1. +The verbosity can also be increased from the commandline, see \fIunbound\fR(8). +.TP +.B statistics\-interval: \fI<seconds> +The number of seconds between printing statistics to the log for every thread. +Disable with value 0 or "". Default is disabled. The histogram statistics +are only printed if replies were sent during the statistics interval, +requestlist statistics are printed for every interval (but can be 0). +This is because the median calculation requires data to be present. +.TP +.B statistics\-cumulative: \fI<yes or no> +If enabled, statistics are cumulative since starting unbound, without clearing +the statistics counters after logging the statistics. Default is no. +.TP +.B extended\-statistics: \fI<yes or no> +If enabled, extended statistics are printed from \fIunbound\-control\fR(8). +Default is off, because keeping track of more statistics takes time. The +counters are listed in \fIunbound\-control\fR(8). +.TP +.B num\-threads: \fI<number> +The number of threads to create to serve clients. Use 1 for no threading. +.TP +.B port: \fI<port number> +The port number, default 53, on which the server responds to queries. +.TP +.B interface: \fI<ip address[@port]> +Interface to use to connect to the network. This interface is listened to +for queries from clients, and answers to clients are given from it. +Can be given multiple times to work on several interfaces. If none are +given the default is to listen to localhost. +The interfaces are not changed on a reload (kill \-HUP) but only on restart. +A port number can be specified with @port (without spaces between +interface and port number), if not specified the default port (from +\fBport\fR) is used. +.TP +.B interface\-automatic: \fI<yes or no> +Detect source interface on UDP queries and copy them to replies. This +feature is experimental, and needs support in your OS for particular socket +options. Default value is no. +.TP +.B outgoing\-interface: \fI<ip address> +Interface to use to connect to the network. This interface is used to send +queries to authoritative servers and receive their replies. Can be given +multiple times to work on several interfaces. If none are given the +default (all) is used. You can specify the same interfaces in +.B interface: +and +.B outgoing\-interface: +lines, the interfaces are then used for both purposes. Outgoing queries are +sent via a random outgoing interface to counter spoofing. +.TP +.B outgoing\-range: \fI<number> +Number of ports to open. This number of file descriptors can be opened per +thread. Must be at least 1. Default depends on compile options. Larger +numbers need extra resources from the operating system. For performance a +a very large value is best, use libevent to make this possible. +.TP +.B outgoing\-port\-permit: \fI<port number or range> +Permit unbound to open this port or range of ports for use to send queries. +A larger number of permitted outgoing ports increases resilience against +spoofing attempts. Make sure these ports are not needed by other daemons. +By default only ports above 1024 that have not been assigned by IANA are used. +Give a port number or a range of the form "low\-high", without spaces. +.IP +The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements +are processed in the line order of the config file, adding the permitted ports +and subtracting the avoided ports from the set of allowed ports. The +processing starts with the non IANA allocated ports above 1024 in the set +of allowed ports. +.TP +.B outgoing\-port\-avoid: \fI<port number or range> +Do not permit unbound to open this port or range of ports for use to send +queries. Use this to make sure unbound does not grab a port that another +daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6. +By default only ports above 1024 that have not been assigned by IANA are used. +Give a port number or a range of the form "low\-high", without spaces. +.TP +.B outgoing\-num\-tcp: \fI<number> +Number of outgoing TCP buffers to allocate per thread. Default is 10. If set +to 0, or if do_tcp is "no", no TCP queries to authoritative servers are done. +.TP +.B incoming\-num\-tcp: \fI<number> +Number of incoming TCP buffers to allocate per thread. Default is 10. If set +to 0, or if do_tcp is "no", no TCP queries from clients are accepted. +.TP +.B edns\-buffer\-size: \fI<number> +Number of bytes size to advertise as the EDNS reassembly buffer size. +This is the value put into datagrams over UDP towards peers. The actual +buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do +not set lower than that value. Default is 4096 which is RFC recommended. +If you have fragmentation reassembly problems, usually seen as timeouts, +then a value of 1480 can fix it. Setting to 512 bypasses even the most +stringent path MTU problems, but is seen as extreme, since the amount +of TCP fallback generated is excessive (probably also for this resolver, +consider tuning the outgoing tcp number). +.TP +.B msg\-buffer\-size: \fI<number> +Number of bytes size of the message buffers. Default is 65552 bytes, enough +for 64 Kb packets, the maximum DNS message size. No message larger than this +can be sent or received. Can be reduced to use less memory, but some requests +for DNS data, such as for huge resource records, will result in a SERVFAIL +reply to the client. +.TP +.B msg\-cache\-size: \fI<number> +Number of bytes size of the message cache. Default is 4 megabytes. +A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes +or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B msg\-cache\-slabs: \fI<number> +Number of slabs in the message cache. Slabs reduce lock contention by threads. +Must be set to a power of 2. Setting (close) to the number of cpus is a +reasonable guess. +.TP +.B num\-queries\-per\-thread: \fI<number> +The number of queries that every thread will service simultaneously. +If more queries arrive that need servicing, and no queries can be jostled out +(see \fIjostle\-timeout\fR), then the queries are dropped. This forces +the client to resend after a timeout; allowing the server time to work on +the existing queries. Default depends on compile options, 512 or 1024. +.TP +.B jostle\-timeout: \fI<msec> +Timeout used when the server is very busy. Set to a value that usually +results in one roundtrip to the authority servers. If too many queries +arrive, then 50% of the queries are allowed to run to completion, and +the other 50% are replaced with the new incoming query if they have already +spent more than their allowed time. This protects against denial of +service by slow queries or high query rates. Default 200 milliseconds. +The effect is that the qps for long-lasting queries is about +(numqueriesperthread / 2) / (average time for such long queries) qps. +The qps for short queries can be about (numqueriesperthread / 2) +/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560 +qps by default. +.TP +.B so\-rcvbuf: \fI<number> +If not 0, then set the SO_RCVBUF socket option to get more buffer +space on UDP port 53 incoming queries. So that short spikes on busy +servers do not drop packets (see counter in netstat \-su). Default is +0 (use system value). Otherwise, the number of bytes to ask for, try +"4m" on a busy server. The OS caps it at a maximum, on linux unbound +needs root permission to bypass the limit, or the admin can use sysctl +net.core.rmem_max. On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf. +On OpenBSD change header and recompile kernel. On Solaris ndd \-set +/dev/udp udp_max_buf 8388608. +.TP +.B so\-sndbuf: \fI<number> +If not 0, then set the SO_SNDBUF socket option to get more buffer space on +UDP port 53 outgoing queries. This for very busy servers handles spikes +in answer traffic, otherwise 'send: resource temporarily unavailable' +can get logged, the buffer overrun is also visible by netstat \-su. +Default is 0 (use system value). Specify the number of bytes to ask +for, try "4m" on a very busy server. The OS caps it at a maximum, on +linux unbound needs root permission to bypass the limit, or the admin +can use sysctl net.core.wmem_max. On BSD, Solaris changes are similar +to so\-rcvbuf. +.TP +.B rrset\-cache\-size: \fI<number> +Number of bytes size of the RRset cache. Default is 4 megabytes. +A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes +or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B rrset\-cache\-slabs: \fI<number> +Number of slabs in the RRset cache. Slabs reduce lock contention by threads. +Must be set to a power of 2. +.TP +.B cache\-max\-ttl: \fI<seconds> +Time to live maximum for RRsets and messages in the cache. Default is +86400 seconds (1 day). If the maximum kicks in, responses to clients +still get decrementing TTLs based on the original (larger) values. +When the internal TTL expires, the cache item has expired. +Can be set lower to force the resolver to query for data often, and not +trust (very large) TTL values. +.TP +.B cache\-min\-ttl: \fI<seconds> +Time to live minimum for RRsets and messages in the cache. Default is 0. +If the the minimum kicks in, the data is cached for longer than the domain +owner intended, and thus less queries are made to look up the data. +Zero makes sure the data in the cache is as the domain owner intended, +higher values, especially more than an hour or so, can lead to trouble as +the data in the cache does not match up with the actual data any more. +.TP +.B infra\-host\-ttl: \fI<seconds> +Time to live for entries in the host cache. The host cache contains +roundtrip timing, lameness and EDNS support information. Default is 900. +.TP +.B infra\-cache\-slabs: \fI<number> +Number of slabs in the infrastructure cache. Slabs reduce lock contention +by threads. Must be set to a power of 2. +.TP +.B infra\-cache\-numhosts: \fI<number> +Number of hosts for which information is cached. Default is 10000. +.TP +.B do\-ip4: \fI<yes or no> +Enable or disable whether ip4 queries are answered or issued. Default is yes. +.TP +.B do\-ip6: \fI<yes or no> +Enable or disable whether ip6 queries are answered or issued. Default is yes. +If disabled, queries are not answered on IPv6, and queries are not sent on +IPv6 to the internet nameservers. +.TP +.B do\-udp: \fI<yes or no> +Enable or disable whether UDP queries are answered or issued. Default is yes. +.TP +.B do\-tcp: \fI<yes or no> +Enable or disable whether TCP queries are answered or issued. Default is yes. +.TP +.B tcp\-upstream: \fI<yes or no> +Enable or disable whether the upstream queries use TCP only for transport. +Default is no. Useful in tunneling scenarios. +.TP +.B ssl\-upstream: \fI<yes or no> +Enabled or disable whether the upstream queries use SSL only for transport. +Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in +TCP wireformat. The other server must support this (see \fBssl\-service\-key\fR). +.TP +.B ssl\-service-key: \fI<file> +If enabled, the server provider SSL service on its TCP sockets. The clients +have to use ssl\-upstream: yes. The file is the private key for the TLS +session. The public certificate is in the ssl\-service\-pem file. Default +is "", turned off. Requires a restart (a reload is not enough) if changed, +because the private key is read while root permissions are held and before +chroot (if any). Normal DNS TCP service is not provided and gives errors, +this service is best run with a different \fBport:\fR config or \fI@port\fR +suffixes in the \fBinterface\fR config. +.TP +.B ssl\-service\-pem: \fI<file> +The public key certificate pem file for the ssl service. Default is "", +turned off. +.TP +.B ssl\-port: \fI<number> +The port number on which to provide TCP SSL service, default 443, only +interfaces configured with that port number as @number get the SSL service. +.TP +.B do\-daemonize: \fI<yes or no> +Enable or disable whether the unbound server forks into the background as +a daemon. Default is yes. +.TP +.B access\-control: \fI<IP netblock> <action> +The netblock is given as an IP4 or IP6 address with /size appended for a +classless network block. The action can be \fIdeny\fR, \fIrefuse\fR, +\fIallow\fR or \fIallow_snoop\fR. +.IP +The action \fIdeny\fR stops queries from hosts from that netblock. +.IP +The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED +error message back. +.IP +The action \fIallow\fR gives access to clients from that netblock. +It gives only access for recursion clients (which is +what almost all clients need). Nonrecursive queries are refused. +.IP +The \fIallow\fR action does allow nonrecursive queries to access the +local\-data that is configured. The reason is that this does not involve +the unbound server recursive lookup algorithm, and static data is served +in the reply. This supports normal operations where nonrecursive queries +are made for the authoritative data. For nonrecursive queries any replies +from the dynamic cache are refused. +.IP +The action \fIallow_snoop\fR gives nonrecursive access too. This give +both recursive and non recursive access. The name \fIallow_snoop\fR refers +to cache snooping, a technique to use nonrecursive queries to examine +the cache contents (for malicious acts). However, nonrecursive queries can +also be a valuable debugging tool (when you want to examine the cache +contents). In that case use \fIallow_snoop\fR for your administration host. +.IP +By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd. +The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS +protocol is not designed to handle dropped packets due to policy, and +dropping may result in (possibly excessive) retried queries. +.TP +.B chroot: \fI<directory> +If chroot is enabled, you should pass the configfile (from the +commandline) as a full path from the original root. After the +chroot has been performed the now defunct portion of the config +file path is removed to be able to reread the config after a reload. +.IP +All other file paths (working dir, logfile, roothints, and +key files) can be specified in several ways: +as an absolute path relative to the new root, +as a relative path to the working directory, or +as an absolute path relative to the original root. +In the last case the path is adjusted to remove the unused portion. +.IP +The pidfile can be either a relative path to the working directory, or +an absolute path relative to the original root. It is written just prior +to chroot and dropping permissions. This allows the pidfile to be +/var/run/unbound.pid and the chroot to be /var/unbound, for example. +.IP +Additionally, unbound may need to access /dev/random (for entropy) +from inside the chroot. +.IP +If given a chroot is done to the given directory. The default is +"@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed. +.TP +.B username: \fI<name> +If given, after binding the port the user privileges are dropped. Default is +"@UNBOUND_USERNAME@". If you give username: "" no user change is performed. +.IP +If this user is not capable of binding the +port, reloads (by signal HUP) will still retain the opened ports. +If you change the port number in the config file, and that new port number +requires privileges, then a reload will fail; a restart is needed. +.TP +.B directory: \fI<directory> +Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@". +.TP +.B logfile: \fI<filename> +If "" is given, logging goes to stderr, or nowhere once daemonized. +The logfile is appended to, in the following format: +.nf +[seconds since 1970] unbound[pid:tid]: type: message. +.fi +If this option is given, the use\-syslog is option is set to "no". +The logfile is reopened (for append) when the config file is reread, on +SIGHUP. +.TP +.B use\-syslog: \fI<yes or no> +Sets unbound to send log messages to the syslogd, using +\fIsyslog\fR(3). +The log facility LOG_DAEMON is used, with identity "unbound". +The logfile setting is overridden when use\-syslog is turned on. +The default is to log to syslog. +.TP +.B log\-time\-ascii: \fI<yes or no> +Sets logfile lines to use a timestamp in UTC ascii. Default is no, which +prints the seconds since 1970 in brackets. No effect if using syslog, in +that case syslog formats the timestamp printed into the log files. +.TP +.B log\-queries: \fI<yes or no> +Prints one line per query to the log, with the log timestamp and IP address, +name, type and class. Default is no. Note that it takes time to print these +lines which makes the server (significantly) slower. Odd (nonprintable) +characters in names are printed as '?'. +.TP +.B pidfile: \fI<filename> +The process id is written to the file. Default is "@UNBOUND_PIDFILE@". +So, +.nf +kill \-HUP `cat @UNBOUND_PIDFILE@` +.fi +triggers a reload, +.nf +kill \-QUIT `cat @UNBOUND_PIDFILE@` +.fi +gracefully terminates. +.TP +.B root\-hints: \fI<filename> +Read the root hints from this file. Default is nothing, using builtin hints +for the IN class. The file has the format of zone files, with root +nameserver names and addresses only. The default may become outdated, +when servers change, therefore it is good practice to use a root\-hints file. +.TP +.B hide\-identity: \fI<yes or no> +If enabled id.server and hostname.bind queries are refused. +.TP +.B identity: \fI<string> +Set the identity to report. If set to "", the default, then the hostname +of the server is returned. +.TP +.B hide\-version: \fI<yes or no> +If enabled version.server and version.bind queries are refused. +.TP +.B version: \fI<string> +Set the version to report. If set to "", the default, then the package +version is returned. +.TP +.B target\-fetch\-policy: \fI<"list of numbers"> +Set the target fetch policy used by unbound to determine if it should fetch +nameserver target addresses opportunistically. The policy is described per +dependency depth. +.IP +The number of values determines the maximum dependency depth +that unbound will pursue in answering a query. +A value of \-1 means to fetch all targets opportunistically for that dependency +depth. A value of 0 means to fetch on demand only. A positive value fetches +that many targets opportunistically. +.IP +Enclose the list between quotes ("") and put spaces between numbers. +The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour +closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour +rumoured to be closer to that of BIND 8. +.TP +.B harden\-short\-bufsize: \fI<yes or no> +Very small EDNS buffer sizes from queries are ignored. Default is off, since +it is legal protocol wise to send these, and unbound tries to give very +small answers to these queries, where possible. +.TP +.B harden\-large\-queries: \fI<yes or no> +Very large queries are ignored. Default is off, since it is legal protocol +wise to send these, and could be necessary for operation if TSIG or EDNS +payload is very large. +.TP +.B harden\-glue: \fI<yes or no> +Will trust glue only if it is within the servers authority. Default is on. +.TP +.B harden\-dnssec\-stripped: \fI<yes or no> +Require DNSSEC data for trust\-anchored zones, if such data is absent, +the zone becomes bogus. If turned off, and no DNSSEC data is received +(or the DNSKEY data fails to validate), then the zone is made insecure, +this behaves like there is no trust anchor. You could turn this off if +you are sometimes behind an intrusive firewall (of some sort) that +removes DNSSEC data from packets, or a zone changes from signed to +unsigned to badly signed often. If turned off you run the risk of a +downgrade attack that disables security for a zone. Default is on. +.TP +.B harden\-below\-nxdomain: \fI<yes or no> +From draft-vixie-dnsext-resimprove, returns nxdomain to queries for a name +below another name that is already known to be nxdomain. DNSSEC mandates +noerror for empty nonterminals, hence this is possible. Very old software +might return nxdomain for empty nonterminals (that usually happen for reverse +IP address lookups), and thus may be incompatible with this. To try to avoid +this only DNSSEC-secure nxdomains are used, because the old software does not +have DNSSEC. Default is off. +.TP +.B harden\-referral\-path: \fI<yes or no> +Harden the referral path by performing additional queries for +infrastructure data. Validates the replies if trust anchors are configured +and the zones are signed. This enforces DNSSEC validation on nameserver +NS sets and the nameserver addresses that are encountered on the referral +path to the answer. +Default off, because it burdens the authority servers, and it is +not RFC standard, and could lead to performance problems because of the +extra query load that is generated. Experimental option. +If you enable it consider adding more numbers after the target\-fetch\-policy +to increase the max depth that is checked to. +.TP +.B use\-caps\-for\-id: \fI<yes or no> +Use 0x20\-encoded random bits in the query to foil spoof attempts. +This perturbs the lowercase and uppercase of query names sent to +authority servers and checks if the reply still has the correct casing. +Disabled by default. +This feature is an experimental implementation of draft dns\-0x20. +.TP +.B private\-address: \fI<IP address or subnet> +Give IPv4 of IPv6 addresses or classless subnets. These are addresses +on your private network, and are not allowed to be returned for public +internet names. Any occurence of such addresses are removed from +DNS answers. Additionally, the DNSSEC validator may mark the answers +bogus. This protects against so\-called DNS Rebinding, where a user browser +is turned into a network proxy, allowing remote access through the browser +to other parts of your private network. Some names can be allowed to +contain your private addresses, by default all the \fBlocal\-data\fR +that you configured is allowed to, and you can specify additional +names using \fBprivate\-domain\fR. No private addresses are enabled +by default. We consider to enable this for the RFC1918 private IP +address space by default in later releases. That would enable private +addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 +fd00::/8 and fe80::/10, since the RFC standards say these addresses +should not be visible on the public internet. Turning on 127.0.0.0/8 +would hinder many spamblocklists as they use that. +.TP +.B private\-domain: \fI<domain name> +Allow this domain, and all its subdomains to contain private addresses. +Give multiple times to allow multiple domain names to contain private +addresses. Default is none. +.TP +.B unwanted\-reply\-threshold: \fI<number> +If set, a total number of unwanted replies is kept track of in every thread. +When it reaches the threshold, a defensive action is taken and a warning +is printed to the log. The defensive action is to clear the rrset and +message caches, hopefully flushing away any poison. A value of 10 million +is suggested. Default is 0 (turned off). +.TP +.B do\-not\-query\-address: \fI<IP address> +Do not query the given IP address. Can be IP4 or IP6. Append /num to +indicate a classless delegation netblock, for example like +10.2.3.4/24 or 2001::11/64. +.TP +.B do\-not\-query\-localhost: \fI<yes or no> +If yes, localhost is added to the do\-not\-query\-address entries, both +IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send +queries to. Default is yes. +.TP +.B prefetch: \fI<yes or no> +If yes, message cache elements are prefetched before they expire to +keep the cache up to date. Default is no. Turning it on gives about +10 percent more traffic and load on the machine, but popular items do +not expire from the cache. +.TP +.B prefetch-key: \fI<yes or no> +If yes, fetch the DNSKEYs earlier in the validation process, when a DS +record is encountered. This lowers the latency of requests. It does use +a little more CPU. Also if the cache is set to 0, it is no use. Default is no. +.TP +.B rrset-roundrobin: \fI<yes or no> +If yes, Unbound rotates RRSet order in response (the random number is taken +from the query ID, for speed and thread safety). Default is no. +.TP +.B minimal-responses: \fI<yes or no> +If yes, Unbound doesn't insert authority/additional sections into response +messages when those sections are not required. This reduces response +size significantly, and may avoid TCP fallback for some responses. +This may cause a slight speedup. The default is no, because the DNS +protocol RFCs mandate these sections, and the additional content could +be of use and save roundtrips for clients. +.TP +.B module\-config: \fI<"module names"> +Module configuration, a list of module names separated by spaces, surround +the string with quotes (""). The modules can be validator, iterator. +Setting this to "iterator" will result in a non\-validating server. +Setting this to "validator iterator" will turn on DNSSEC validation. +The ordering of the modules is important. +You must also set trust\-anchors for validation to be useful. +.TP +.B trust\-anchor\-file: \fI<filename> +File with trusted keys for validation. Both DS and DNSKEY entries can appear +in the file. The format of the file is the standard DNS Zone file format. +Default is "", or no trust anchor file. +.TP +.B auto\-trust\-anchor\-file: \fI<filename> +File with trust anchor for one zone, which is tracked with RFC5011 probes. +The probes are several times per month, thus the machine must be online +frequently. The initial file can be one with contents as described in +\fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, +so the unbound user must have write permission. +.TP +.B trust\-anchor: \fI<"Resource Record"> +A DS or DNSKEY RR for a key to use for validation. Multiple entries can be +given to specify multiple trusted keys, in addition to the trust\-anchor\-files. +The resource record is entered in the same format as 'dig' or 'drill' prints +them, the same format as in the zone file. Has to be on a single line, with +"" around it. A TTL can be specified for ease of cut and paste, but is ignored. +A class can be specified, but class IN is default. +.TP +.B trusted\-keys\-file: \fI<filename> +File with trusted keys for validation. Specify more than one file +with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR +but has a different file format. Format is BIND\-9 style format, +the trusted\-keys { name flag proto algo "key"; }; clauses are read. +It is possible to use wildcards with this statement, the wildcard is +expanded on start and on reload. +.TP +.B dlv\-anchor\-file: \fI<filename> +File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and +DNSKEY entries can be used in the file, in the same format as for +\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more +would be slow. The DLV configured is used as a root trusted DLV, this +means that it is a lookaside for the root. Default is "", or no dlv anchor file. +.TP +.B dlv\-anchor: \fI<"Resource Record"> +Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. +.TP +.B domain\-insecure: \fI<domain name> +Sets domain name to be insecure, DNSSEC chain of trust is ignored towards +the domain name. So a trust anchor above the domain name can not make the +domain secure with a DS record, such a DS record is then ignored. +Also keys from DLV are ignored for the domain. Can be given multiple times +to specify multiple domains that are treated as if unsigned. If you set +trust anchors for the domain they override this setting (and the domain +is secured). +.IP +This can be useful if you want to make sure a trust anchor for external +lookups does not affect an (unsigned) internal domain. A DS record +externally can create validation failures for that internal domain. +.TP +.B val\-override\-date: \fI<rrsig\-style date spec> +Default is "" or "0", which disables this debugging feature. If enabled by +giving a RRSIG style date, that date is used for verifying RRSIG inception +and expiration dates, instead of the current date. Do not set this unless +you are debugging signature inception and expiration. The value \-1 ignores +the date altogether, useful for some special applications. +.TP +.B val\-sig\-skew\-min: \fI<seconds> +Minimum number of seconds of clock skew to apply to validated signatures. +A value of 10% of the signature lifetime (expiration \- inception) is +used, capped by this setting. Default is 3600 (1 hour) which allows for +daylight savings differences. Lower this value for more strict checking +of short lived signatures. +.TP +.B val\-sig\-skew\-max: \fI<seconds> +Maximum number of seconds of clock skew to apply to validated signatures. +A value of 10% of the signature lifetime (expiration \- inception) +is used, capped by this setting. Default is 86400 (24 hours) which +allows for timezone setting problems in stable domains. Setting both +min and max very low disables the clock skew allowances. Setting both +min and max very high makes the validator check the signature timestamps +less strictly. +.TP +.B val\-bogus\-ttl: \fI<number> +The time to live for bogus data. This is data that has failed validation; +due to invalid signatures or other checks. The TTL from that data cannot be +trusted, and this value is used instead. The value is in seconds, default 60. +The time interval prevents repeated revalidation of bogus data. +.TP +.B val\-clean\-additional: \fI<yes or no> +Instruct the validator to remove data from the additional section of secure +messages that are not signed properly. Messages that are insecure, bogus, +indeterminate or unchecked are not affected. Default is yes. Use this setting +to protect the users that rely on this validator for authentication from +protentially bad data in the additional section. +.TP +.B val\-log\-level: \fI<number> +Have the validator print validation failures to the log. Regardless of +the verbosity setting. Default is 0, off. At 1, for every user query +that fails a line is printed to the logs. This way you can monitor what +happens with validation. Use a diagnosis tool, such as dig or drill, +to find out why validation is failing for these queries. At 2, not only +the query that failed is printed but also the reason why unbound thought +it was wrong and which server sent the faulty data. +.TP +.B val\-permissive\-mode: \fI<yes or no> +Instruct the validator to mark bogus messages as indeterminate. The security +checks are performed, but if the result is bogus (failed security), the +reply is not withheld from the client with SERVFAIL as usual. The client +receives the bogus data. For messages that are found to be secure the AD bit +is set in replies. Also logging is performed as for full validation. +The default value is "no". +.TP +.B ignore\-cd\-flag: \fI<yes or no> +Instruct unbound to ignore the CD flag from clients and refuse to +return bogus answers to them. Thus, the CD (Checking Disabled) flag +does not disable checking any more. This is useful if legacy (w2008) +servers that set the CD flag but cannot validate DNSSEC themselves are +the clients, and then unbound provides them with DNSSEC protection. +The default value is "no". +.TP +.B val\-nsec3\-keysize\-iterations: \fI<"list of values"> +List of keysize and iteration count values, separated by spaces, surrounded +by quotes. Default is "1024 150 2048 500 4096 2500". This determines the +maximum allowed NSEC3 iteration count before a message is simply marked +insecure instead of performing the many hashing iterations. The list must +be in ascending order and have at least one entry. If you set it to +"1024 65535" there is no restriction to NSEC3 iteration values. +This table must be kept short; a very long list could cause slower operation. +.TP +.B add\-holddown: \fI<seconds> +Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 +autotrust updates to add new trust anchors only after they have been +visible for this time. Default is 30 days as per the RFC. +.TP +.B del\-holddown: \fI<seconds> +Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 +autotrust updates to remove revoked trust anchors after they have been +kept in the revoked list for this long. Default is 30 days as per +the RFC. +.TP +.B keep\-missing: \fI<seconds> +Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 +autotrust updates to remove missing trust anchors after they have been +unseen for this long. This cleans up the state file if the target zone +does not perform trust anchor revocation, so this makes the auto probe +mechanism work with zones that perform regular (non\-5011) rollovers. +The default is 366 days. The value 0 does not remove missing anchors, +as per the RFC. +.TP +.B key\-cache\-size: \fI<number> +Number of bytes size of the key cache. Default is 4 megabytes. +A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes +or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B key\-cache\-slabs: \fI<number> +Number of slabs in the key cache. Slabs reduce lock contention by threads. +Must be set to a power of 2. Setting (close) to the number of cpus is a +reasonable guess. +.TP +.B neg\-cache\-size: \fI<number> +Number of bytes size of the aggressive negative cache. Default is 1 megabyte. +A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes +or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B local\-zone: \fI<zone> <type> +Configure a local zone. The type determines the answer to give if +there is no match from local\-data. The types are deny, refuse, static, +transparent, redirect, nodefault, typetransparent, and are explained +below. After that the default settings are listed. Use local\-data: to +enter data into the local zone. Answers for local zones are authoritative +DNS answers. By default the zones are class IN. +.IP +If you need more complicated authoritative data, with referrals, wildcards, +CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for +it as detailed in the stub zone section below. +.TP 10 +\h'5'\fIdeny\fR +Do not send an answer, drop the query. +If there is a match from local data, the query is answered. +.TP 10 +\h'5'\fIrefuse\fR +Send an error message reply, with rcode REFUSED. +If there is a match from local data, the query is answered. +.TP 10 +\h'5'\fIstatic\fR +If there is a match from local data, the query is answered. +Otherwise, the query is answered with nodata or nxdomain. +For a negative answer a SOA is included in the answer if present +as local\-data for the zone apex domain. +.TP 10 +\h'5'\fItransparent\fR +If there is a match from local data, the query is answered. +Otherwise if the query has a different name, the query is resolved normally. +If the query is for a name given in localdata but no such type of data is +given in localdata, then a noerror nodata answer is returned. +If no local\-zone is given local\-data causes a transparent zone +to be created by default. +.TP 10 +\h'5'\fItypetransparent\fR +If there is a match from local data, the query is answered. If the query +is for a different name, or for the same name but for a different type, +the query is resolved normally. So, similar to transparent but types +that are not listed in local data are resolved normally, so if an A record +is in the local data that does not cause a nodata reply for AAAA queries. +.TP 10 +\h'5'\fIredirect\fR +The query is answered from the local data for the zone name. +There may be no local data beneath the zone name. +This answers queries for the zone, and all subdomains of the zone +with the local data for the zone. +It can be used to redirect a domain to return a different address record +to the end user, with +local\-zone: "example.com." redirect and +local\-data: "example.com. A 127.0.0.1" +queries for www.example.com and www.foo.example.com are redirected, so +that users with web browsers cannot access sites with suffix example.com. +.TP 10 +\h'5'\fInodefault\fR +Used to turn off default contents for AS112 zones. The other types +also turn off default contents for the zone. The 'nodefault' option +has no other effect than turning off default contents for the +given zone. +.P +The default zones are localhost, reverse 127.0.0.1 and ::1, and the AS112 +zones. The AS112 zones are reverse DNS zones for private use and reserved +IP addresses for which the servers on the internet cannot provide correct +answers. They are configured by default to give nxdomain (no reverse +information) answers. The defaults can be turned off by specifying your +own local\-zone of that name, or using the 'nodefault' type. Below is a +list of the default zone contents. +.TP 10 +\h'5'\fIlocalhost\fR +The IP4 and IP6 localhost information is given. NS and SOA records are provided +for completeness and to satisfy some DNS update tools. Default content: +.nf +local\-zone: "localhost." static +local\-data: "localhost. 10800 IN NS localhost." +local\-data: "localhost. 10800 IN + SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" +local\-data: "localhost. 10800 IN A 127.0.0.1" +local\-data: "localhost. 10800 IN AAAA ::1" +.fi +.TP 10 +\h'5'\fIreverse IPv4 loopback\fR +Default content: +.nf +local\-zone: "127.in\-addr.arpa." static +local\-data: "127.in\-addr.arpa. 10800 IN NS localhost." +local\-data: "127.in\-addr.arpa. 10800 IN + SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" +local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN + PTR localhost." +.fi +.TP 10 +\h'5'\fIreverse IPv6 loopback\fR +Default content: +.nf +local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. + 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static +local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. + 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN + NS localhost." +local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. + 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN + SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" +local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. + 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN + PTR localhost." +.fi +.TP 10 +\h'5'\fIreverse RFC1918 local use zones\fR +Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to +31.172.in\-addr.arpa, 168.192.in\-addr.arpa. +The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS +records are provided. +.TP 10 +\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR +Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa, +2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2), +113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa. +.TP 10 +\h'5'\fIreverse RFC4291 IP6 unspecified\fR +Reverse data for zone +.nf +0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. +0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. +.fi +.TP 10 +\h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR +Reverse data for zone D.F.ip6.arpa. +.TP 10 +\h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR +Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa. +.TP 10 +\h'5'\fIreverse IPv6 Example Prefix\fR +Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for +tutorials and examples. You can remove the block on this zone with: +.nf + local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault +.fi +You can also selectively unblock a part of the zone by making that part +transparent with a local\-zone statement. +This also works with the other default zones. +.\" End of local-zone listing. +.TP 5 +.B local\-data: \fI"<resource record string>" +Configure local data, which is served in reply to queries for it. +The query has to match exactly unless you configure the local\-zone as +redirect. If not matched exactly, the local\-zone type determines +further processing. If local\-data is configured that is not a subdomain of +a local\-zone, a transparent local\-zone is configured. +For record types such as TXT, use single quotes, as in +local\-data: 'example. TXT "text"'. +.IP +If you need more complicated authoritative data, with referrals, wildcards, +CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for +it as detailed in the stub zone section below. +.TP 5 +.B local\-data\-ptr: \fI"IPaddr name" +Configure local data shorthand for a PTR record with the reversed IPv4 or +IPv6 address and the host name. For example "192.0.2.4 www.example.com". +TTL can be inserted like this: "2001:DB8::4 7200 www.example.com" +.SS "Remote Control Options" +In the +.B remote\-control: +clause are the declarations for the remote control facility. If this is +enabled, the \fIunbound\-control\fR(8) utility can be used to send +commands to the running unbound server. The server uses these clauses +to setup SSLv3 / TLSv1 security for the connection. The +\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR +section for options. To setup the correct self\-signed certificates use the +\fIunbound\-control\-setup\fR(8) utility. +.TP 5 +.B control\-enable: \fI<yes or no> +The option is used to enable remote control, default is "no". +If turned off, the server does not listen for control commands. +.TP 5 +.B control\-interface: <ip address> +Give IPv4 or IPv6 addresses to listen on for control commands. +By default localhost (127.0.0.1 and ::1) is listened to. +Use 0.0.0.0 and ::0 to listen to all interfaces. +.TP 5 +.B control\-port: <port number> +The port number to listen on for control commands, default is 8953. +If you change this port number, and permissions have been dropped, +a reload is not sufficient to open the port again, you must then restart. +.TP 5 +.B server\-key\-file: "<private key file>" +Path to the server private key, by default unbound_server.key. +This file is generated by the \fIunbound\-control\-setup\fR utility. +This file is used by the unbound server, but not by \fIunbound\-control\fR. +.TP 5 +.B server\-cert\-file: "<certificate file.pem>" +Path to the server self signed certificate, by default unbound_server.pem. +This file is generated by the \fIunbound\-control\-setup\fR utility. +This file is used by the unbound server, and also by \fIunbound\-control\fR. +.TP 5 +.B control\-key\-file: "<private key file>" +Path to the control client private key, by default unbound_control.key. +This file is generated by the \fIunbound\-control\-setup\fR utility. +This file is used by \fIunbound\-control\fR. +.TP 5 +.B control\-cert\-file: "<certificate file.pem>" +Path to the control client certificate, by default unbound_control.pem. +This certificate has to be signed with the server certificate. +This file is generated by the \fIunbound\-control\-setup\fR utility. +This file is used by \fIunbound\-control\fR. +.SS "Stub Zone Options" +.LP +There may be multiple +.B stub\-zone: +clauses. Each with a name: and zero or more hostnames or IP addresses. +For the stub zone this list of nameservers is used. Class IN is assumed. +The servers should be authority servers, not recursors; unbound performs +the recursive processing itself for stub zones. +.P +The stub zone can be used to configure authoritative data to be used +by the resolver that cannot be accessed using the public internet servers. +This is useful for company\-local data or private zones. Setup an +authoritative server on a different host (or different port). Enter a config +entry for unbound with +.B stub\-addr: +<ip address of host[@port]>. +The unbound resolver can then access the data, without referring to the +public internet for it. +.P +This setup allows DNSSEC signed zones to be served by that +authoritative server, in which case a trusted key entry with the public key +can be put in config, so that unbound can validate the data and set the AD +bit on replies for the private zone (authoritative servers do not set the +AD bit). This setup makes unbound capable of answering queries for the +private zone, and can even set the AD bit ('authentic'), but the AA +('authoritative') bit is not set on these replies. +.TP +.B name: \fI<domain name> +Name of the stub zone. +.TP +.B stub\-host: \fI<domain name> +Name of stub zone nameserver. Is itself resolved before it is used. +.TP +.B stub\-addr: \fI<IP address> +IP address of stub zone nameserver. Can be IP 4 or IP 6. +To use a nondefault port for DNS communication append '@' with the port number. +.TP +.B stub\-prime: \fI<yes or no> +This option is by default off. If enabled it performs NS set priming, +which is similar to root hints, where it starts using the list of nameservers +currently published by the zone. Thus, if the hint list is slightly outdated, +the resolver picks up a correct list online. +.TP +.B stub\-first: \fI<yes or no> +If enabled, a query is attempted without the stub clause if it fails. +The default is no. +.SS "Forward Zone Options" +.LP +There may be multiple +.B forward\-zone: +clauses. Each with a \fBname:\fR and zero or more hostnames or IP +addresses. For the forward zone this list of nameservers is used to +forward the queries to. The servers listed as \fBforward\-host:\fR and +\fBforward\-addr:\fR have to handle further recursion for the query. Thus, +those servers are not authority servers, but are (just like unbound is) +recursive servers too; unbound does not perform recursion itself for the +forward zone, it lets the remote server do it. Class IN is assumed. +A forward\-zone entry with name "." and a forward\-addr target will +forward all queries to that other server (unless it can answer from +the cache). +.TP +.B name: \fI<domain name> +Name of the forward zone. +.TP +.B forward\-host: \fI<domain name> +Name of server to forward to. Is itself resolved before it is used. +.TP +.B forward\-addr: \fI<IP address> +IP address of server to forward to. Can be IP 4 or IP 6. +To use a nondefault port for DNS communication append '@' with the port number. +.TP +.B forward\-first: \fI<yes or no> +If enabled, a query is attempted without the forward clause if it fails. +The default is no. +.SS "Python Module Options" +.LP +The +.B python: +clause gives the settings for the \fIpython\fR(1) script module. This module +acts like the iterator and validator modules do, on queries and answers. +To enable the script module it has to be compiled into the daemon, +and the word "python" has to be put in the \fBmodule\-config:\fR option +(usually first, or between the validator and iterator). +.TP +.B python\-script: \fI<python file>\fR +The script file to load. +.SH "MEMORY CONTROL EXAMPLE" +In the example config settings below memory usage is reduced. Some service +levels are lower, notable very large data and a high TCP load are no longer +supported. Very large data and high TCP loads are exceptional for the DNS. +DNSSEC validation is enabled, just add trust anchors. +If you do not have to worry about programs using more than 3 Mb of memory, +the below example is not for you. Use the defaults to receive full service, +which on BSD\-32bit tops out at 30\-40 Mb after heavy usage. +.P +.nf +# example settings that reduce memory usage +server: + num\-threads: 1 + outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers. + incoming\-num\-tcp: 1 + outgoing\-range: 60 # uses less memory, but less performance. + msg\-buffer\-size: 8192 # note this limits service, 'no huge stuff'. + msg\-cache\-size: 100k + msg\-cache\-slabs: 1 + rrset\-cache\-size: 100k + rrset\-cache\-slabs: 1 + infra\-cache\-numhosts: 200 + infra\-cache\-slabs: 1 + key\-cache\-size: 100k + key\-cache\-slabs: 1 + neg\-cache\-size: 10k + num\-queries\-per\-thread: 30 + target\-fetch\-policy: "2 1 0 0 0 0" + harden\-large\-queries: "yes" + harden\-short\-bufsize: "yes" +.fi +.SH "FILES" +.TP +.I @UNBOUND_RUN_DIR@ +default unbound working directory. +.TP +.I @UNBOUND_CHROOT_DIR@ +default +\fIchroot\fR(2) +location. +.TP +.I @ub_conf_file@ +unbound configuration file. +.TP +.I @UNBOUND_PIDFILE@ +default unbound pidfile with process ID of the running daemon. +.TP +.I unbound.log +unbound log file. default is to log to +\fIsyslog\fR(3). +.SH "SEE ALSO" +\fIunbound\fR(8), +\fIunbound\-checkconf\fR(8). +.SH "AUTHORS" +.B Unbound +was written by NLnet Labs. Please see CREDITS file +in the distribution for further details. diff --git a/contrib/unbound/doc/unbound.doxygen b/contrib/unbound/doc/unbound.doxygen new file mode 100644 index 0000000..b32316b --- /dev/null +++ b/contrib/unbound/doc/unbound.doxygen @@ -0,0 +1,1648 @@ +# Doxyfile 1.7.1 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# http://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = unbound + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = 0.1 + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = doc + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, +# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English +# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, +# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, +# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = YES + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given extension. +# Doxygen has a built-in mapping, but you can override or extend it using this +# tag. The format is ext=language, where ext is a file extension, and language +# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, +# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make +# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C +# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions +# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. + +EXTENSION_MAPPING = + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to +# determine which symbols to keep in memory and which to flush to disk. +# When the cache is full, less often used symbols will be written to disk. +# For small to medium size projects (<1000 input files) the default value is +# probably good enough. For larger projects a too small cache size can cause +# doxygen to be busy swapping symbols to and from disk most of the time +# causing a significant performance penality. +# If the system has enough physical memory increasing the cache will improve the +# performance by keeping more symbols in memory. Note that the value works on +# a logarithmic scale so increasing the size by one will rougly double the +# memory usage. The cache size is given by this formula: +# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, +# corresponding to a cache size of 2^16 = 65536 symbols + +SYMBOL_CACHE_SIZE = 0 + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = NO + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = YES + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = YES + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = YES + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen +# will list include files with double quotes in the documentation +# rather than with sharp brackets. + +FORCE_LOCAL_INCLUDES = NO + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = NO + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen +# will sort the (brief and detailed) documentation of class members so that +# constructors and destructors are listed first. If set to NO (the default) +# the constructors will appear in the respective orders defined by +# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. +# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO +# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. + +SORT_MEMBERS_CTORS_1ST = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = YES + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. +# This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command <command> <input-file>, where <command> is the value of +# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. The create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. +# You can optionally specify a file name after the option, if omitted +# DoxygenLayout.xml will be used as the name of the layout file. + +LAYOUT_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = YES + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = NO + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = YES + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = . + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = ./build \ + ./compat \ + util/configparser.c \ + util/configparser.h \ + util/configlexer.c \ + util/locks.h \ + pythonmod/unboundmodule.py \ + pythonmod/interface.h \ + pythonmod/examples/resgen.py \ + pythonmod/examples/resmod.py \ + pythonmod/examples/resip.py \ + libunbound/python/unbound.py \ + libunbound/python/libunbound_wrap.c \ + ./ldns-src + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command <filter> <input-file>, where <filter> +# is the value of the INPUT_FILTER tag, and <input-file> is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. +# If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. +# Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. +# The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = YES + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = YES + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. +# Otherwise they will link to the documentation. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = YES + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# If the HTML_TIMESTAMP tag is set to YES then the generated HTML +# documentation will contain the timesstamp. + +HTML_TIMESTAMP = NO + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. +# Doxygen will adjust the colors in the stylesheet and background images +# according to this color. Hue is specified as an angle on a colorwheel, +# see http://en.wikipedia.org/wiki/Hue for more information. +# For instance the value 0 represents red, 60 is yellow, 120 is green, +# 180 is cyan, 240 is blue, 300 purple, and 360 is red again. +# The allowed range is 0 to 359. + +#HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of +# the colors in the HTML output. For a value of 0 the output will use +# grayscales only. A value of 255 will produce the most vivid colors. + +#HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to +# the luminance component of the colors in the HTML output. Values below +# 100 gradually make the output lighter, whereas values above 100 make +# the output darker. The value divided by 100 is the actual gamma applied, +# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, +# and 100 does not change the gamma. + +#HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting +# this to NO can help when comparing the output of multiple runs. + +HTML_TIMESTAMP = YES + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. +# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html +# for more information. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify +# the documentation publisher. This should be a reverse domain-name style +# string, e.g. com.mycompany.MyDocSet.documentation. + +#DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. + +#DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated +# that can be used as input for Qt's qhelpgenerator to generate a +# Qt Compressed Help (.qch) of the generated HTML documentation. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can +# be used to specify the file name of the resulting .qch file. +# The path specified is relative to the HTML output folder. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#namespace + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating +# Qt Help Project output. For more information please see +# http://doc.trolltech.com/qthelpproject.html#virtual-folders + +QHP_VIRTUAL_FOLDER = doc + +# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to +# add. For more information please see +# http://doc.trolltech.com/qthelpproject.html#custom-filters + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see +# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters"> +# Qt Help Project / Custom Filters</a>. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's +# filter section matches. +# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes"> +# Qt Help Project / Filter Attributes</a>. + +QHP_SECT_FILTER_ATTRS = + +# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can +# be used to specify the location of Qt's qhelpgenerator. +# If non-empty doxygen will try to run qhelpgenerator on the generated +# .qhp file. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files +# will be generated, which together with the HTML files, form an Eclipse help +# plugin. To install this plugin and make it available under the help contents +# menu in Eclipse, the contents of the directory containing the HTML and XML +# files needs to be copied into the plugins directory of eclipse. The name of +# the directory within the plugins directory should be the same as +# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before +# the help appears. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have +# this name. + +ECLIPSE_DOC_ID = org.doxygen.Project + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to YES, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). +# Windows users are probably better off using the HTML help feature. + +GENERATE_TREEVIEW = NO + +# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, +# and Class Hierarchy pages using a tree view instead of an ordered list. + +USE_INLINE_TREES = NO + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open +# links to external symbols imported via tag files in a separate window. + +#EXT_LINKS_IN_WINDOW = NO + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are +# not supported properly for IE 6.0, but are supported on all modern browsers. +# Note that when changing this option you need to delete any form_*.png files +# in the HTML output before the changes have effect. + +#FORMULA_TRANSPARENT = YES + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box +# for the HTML output. The underlying search engine uses javascript +# and DHTML and should work on any modern browser. Note that when using +# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets +# (GENERATE_DOCSET) there is already a search function so this one should +# typically be disabled. For large projects the javascript based search engine +# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. + +SEARCHENGINE = NO + +# When the SERVER_BASED_SEARCH tag is enabled the search engine will be +# implemented using a PHP enabled web server instead of at the web client +# using Javascript. Doxygen will generate the search PHP script and index +# file to put on the web server. The advantage of the server +# based approach is that it scales better to large projects and allows +# full text search. The disadvances is that it is more difficult to setup +# and does not have live searching capabilities. + +SERVER_BASED_SEARCH = NO + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = NO + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. +# Note that when enabling USE_PDFLATEX this option is only used for +# generating bitmaps for formulas in the HTML output, but not in the +# Makefile that is written to the output directory. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = NO + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = NO + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +# If LATEX_SOURCE_CODE is set to YES then doxygen will include +# source code with syntax highlighting in the LaTeX output. +# Note that which sources are shown also depends on other settings +# such as SOURCE_BROWSER. + +LATEX_SOURCE_CODE = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = YES + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. +# This is useful +# if you want to understand what is going on. +# On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = YES + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = YES + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = *.h + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = DOXYGEN + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = ATTR_UNUSED + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is +# allowed to run in parallel. When set to 0 (the default) doxygen will +# base this on the number of processors available in the system. You can set it +# explicitly to a value larger than 0 to get control over the balance +# between CPU load and processing speed. + +#DOT_NUM_THREADS = 0 + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans.ttf + +# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. +# The default size is 10pt. + +DOT_FONTSIZE = 10 + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is disabled by default, because dot on Windows does not +# seem to support this out of the box. Warning: Depending on the platform used, +# enabling this option may lead to badly anti-aliased labels on the edges of +# a graph (i.e. they become hard to read). + +DOT_TRANSPARENT = NO + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES |
