93189d3083
- Merge PR #164: Framestreams, this branch implements dnstap unidirectional connectivity in unbound. This has a number of new features. The dependency on libfstrm is removed. The fstrm protocol code resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This contains a brief definition of what unbound needs. The make unbound-dnstap-socket builds a debug tool, unbound-dnstap-socket. It can listen, accept multiple DNSTAP streams and print information. Commandline options control it. Unbound can reconnect if the unix domain socket file socket is closed. This uses exponential backoff after which it uses a one second timer to throttle cpu down. There is also support to use TCP and TLS for connecting to the log server. There are new config options to turn them on, in the dnstap section in the man page and example config file. dnstap-ip with IP address of server for TCP or TLS use. dnstap-tls to turn on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle, dnstap-tls-client-key-file and dnstap-tls-client-cert-file to configure the certificates for server authentication and client authentication, or leave at "" to not use that. |
||
|---|---|---|
| .github | ||
| cachedb | ||
| compat | ||
| contrib | ||
| daemon | ||
| dns64 | ||
| dnscrypt | ||
| dnstap | ||
| doc | ||
| edns-subnet | ||
| ipsecmod | ||
| ipset | ||
| iterator | ||
| libunbound | ||
| pythonmod | ||
| respip | ||
| services | ||
| sldns | ||
| smallapp | ||
| testcode | ||
| testdata | ||
| util | ||
| validator | ||
| winrc | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| ac_pkg_swig.m4 | ||
| aclocal.m4 | ||
| acx_nlnetlabs.m4 | ||
| acx_python.m4 | ||
| ax_pthread.m4 | ||
| config.guess | ||
| config.h.in | ||
| config.sub | ||
| configure | ||
| configure.ac | ||
| install-sh | ||
| LICENSE | ||
| ltmain.sh | ||
| makedist.sh | ||
| Makefile.in | ||
| README | ||
| README.md | ||
| systemd.m4 | ||
Unbound
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to create an issue on Github or post a message on the Unbound mailing list. You can lean more about Unbound by reading our documentation.
Compiling
Make sure you have the C toolchain, OpenSSL and its include files, and libexpat installed. Unbound can be compiled and installed using:
./configure && make && make install
You can use libevent if you want. libevent is useful when using many (10000) outgoing ports. By default max 256 ports are opened at the same time and the builtin alternative is equally capable and a little faster.
Use the --with-libevent=dir configure option to compile Unbound with libevent
support.
Unbound configuration
All of Unbound's configuration options are described in the man pages, which will be installed and are available on the Unbound documentation page.
An example configuration file is located in doc/example.conf.