• R/O
  • SSH

unbound-nsd: Commit

Commit MetaInfo

Révision4 (tree)
l'heure2009-01-17 12:40:32

Message de Log


Change Summary


--- unbound/trunk/bin/man2html.sh (nonexistent)
+++ unbound/trunk/bin/man2html.sh (revision 4)
@@ -0,0 +1,33 @@
3+convert_man() {
4+ local source=$1
5+ manfile=$(basename $source)
6+ if [ "${manfile%gz}" != "$manfile" ]; then
7+ manfile=${manfile%gz}
8+ gzip -dc $source > $tmpdir/$manfile
9+ source=$tmpdir/$manfile
10+ fi
11+ rman -f HTML $source | \
12+ tidy -asxhtml --logical-emphasis yes --enclose-text yes \
13+ > $manfile.html
19+if [ "$destdir" = "" ]; then
20+ "Usage: man2html.sh SOURCEDIR DESTDIR"
21+ exit 1
24+tmpdir=$(mktemp -d)
26+for file in $(ls $sourcedir/doc/*.[1-8]); do
27+ convert_man $file
30+rm -f $tmpdir/*.[1-8]
31+rmdir $tmpdir
33+exit 0
Added: svn:executable
## -0,0 +1 ##
\ No newline at end of property
--- unbound/trunk/omegat/source/unbound.8.html (nonexistent)
+++ unbound/trunk/omegat/source/unbound.8.html (revision 4)
@@ -0,0 +1,59 @@
1+<!-- manual page source format generated by PolyglotMan v3.2, -->
2+<!-- available at http://polyglotman.sourceforge.net/ -->
3+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5+<html xmlns="http://www.w3.org/1999/xhtml">
7+<meta name="generator" content=
8+"HTML Tidy for Linux/x86 (vers 14 June 2007), see www.w3.org" />
9+<title>"unbound"("8") manual page</title>
11+<body bgcolor='white'>
12+<p><a href='#toc'>Table of Contents</a></p>
13+<h2><a name='sect0' href='#toc0' id="sect0">Name</a></h2>
14+<p><strong>unbound</strong> - Unbound DNS validating resolver
16+<h2><a name='sect1' href='#toc1' id="sect1">Synopsis</a></h2>
17+<p><strong>unbound</strong> [<strong>-h</strong>]
18+[<strong>-d</strong>] [<strong>-v</strong>] [<strong>-c</strong>
20+<h2><a name='sect2' href='#toc2' id="sect2">Description</a></h2>
21+<p><strong>Unbound</strong> is an implementation of a DNS resolver,
22+that does caching and DNSSEC validation.</p>
23+<p>The available options are:</p>
26+<dd>Show the version and commandline option help.</dd>
27+<dt><strong>-c <em>cfgfile</em></strong></dt>
28+<dd>Set the config file with settings for unbound to read instead
29+of reading the file at the default location,
30+/usr/local/etc/unbound/unbound.conf. The syntax is described in
31+<a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> .</dd>
33+<dd>Debug flag, do not fork into the background, but stay attached
34+to the console. This flag will also delay writing to the logfile
35+until the thread-spawn time. So that most config and setup errors
36+appear on stderr.</dd>
38+<dd>Increase verbosity. If given multiple times, more information
39+is logged. This is in addition to the verbosity (if any) from the
40+config file.</dd>
42+<h2><a name='sect3' href='#toc3' id="sect3">See Also</a></h2>
43+<p><a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> , <a href=
44+'unbound-checkconf.8'><em>unbound-checkconf</em>(8)</a> .</p>
45+<h2><a name='sect4' href='#toc4' id="sect4">Authors</a></h2>
46+<p><strong>Unbound</strong> developers are mentioned in the CREDITS
47+file in the distribution.</p>
48+<hr />
49+<p><a name='toc' id="toc"><strong>Table of
52+<li><a name='toc0' href='#sect0' id="toc0">Name</a></li>
53+<li><a name='toc1' href='#sect1' id="toc1">Synopsis</a></li>
54+<li><a name='toc2' href='#sect2' id="toc2">Description</a></li>
55+<li><a name='toc3' href='#sect3' id="toc3">See Also</a></li>
56+<li><a name='toc4' href='#sect4' id="toc4">Authors</a></li>
--- unbound/trunk/omegat/source/unbound-checkconf.8.html (nonexistent)
+++ unbound/trunk/omegat/source/unbound-checkconf.8.html (revision 4)
@@ -0,0 +1,56 @@
1+<!-- manual page source format generated by PolyglotMan v3.2, -->
2+<!-- available at http://polyglotman.sourceforge.net/ -->
3+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5+<html xmlns="http://www.w3.org/1999/xhtml">
7+<meta name="generator" content=
8+"HTML Tidy for Linux/x86 (vers 14 June 2007), see www.w3.org" />
9+<title>"unbound-checkconf"("8") manual page</title>
11+<body bgcolor='white'>
12+<p><a href='#toc'>Table of Contents</a></p>
13+<h2><a name='sect0' href='#toc0' id="sect0">Name</a></h2>
14+<p>unbound-checkconf - Check unbound configuration file for
16+<h2><a name='sect1' href='#toc1' id="sect1">Synopsis</a></h2>
17+<p><strong>unbound-checkconf</strong> [<strong>-h</strong>]
19+<h2><a name='sect2' href='#toc2' id="sect2">Description</a></h2>
20+<p><strong>Unbound-checkconf</strong> checks the configuration file
21+for the <a href='unbound.8'><em>unbound</em>(8)</a> DNS resolver
22+for syntax and other errors. The config file syntax is described in
23+<a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> .</p>
24+<p>The available options are:</p>
27+<dd>Show the version and commandline option help.</dd>
29+<dd>The config file to read with settings for unbound. It is
30+checked. If omitted, the config file at the default location is
33+<h2><a name='sect3' href='#toc3' id="sect3">Exit Code</a></h2>
34+<p>The unbound-checkconf program exits with status code 1 on error,
35+0 for a correct config file.</p>
36+<h2><a name='sect4' href='#toc4' id="sect4">Files</a></h2>
39+<dd>unbound configuration file.</dd>
41+<h2><a name='sect5' href='#toc5' id="sect5">See Also</a></h2>
42+<p><a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> , <a href=
43+'unbound.8'><em>unbound</em>(8)</a> .</p>
44+<hr />
45+<p><a name='toc' id="toc"><strong>Table of
48+<li><a name='toc0' href='#sect0' id="toc0">Name</a></li>
49+<li><a name='toc1' href='#sect1' id="toc1">Synopsis</a></li>
50+<li><a name='toc2' href='#sect2' id="toc2">Description</a></li>
51+<li><a name='toc3' href='#sect3' id="toc3">Exit Code</a></li>
52+<li><a name='toc4' href='#sect4' id="toc4">Files</a></li>
53+<li><a name='toc5' href='#sect5' id="toc5">See Also</a></li>
--- unbound/trunk/omegat/source/unbound.conf.5.html (nonexistent)
+++ unbound/trunk/omegat/source/unbound.conf.5.html (revision 4)
@@ -0,0 +1,717 @@
1+<!-- manual page source format generated by PolyglotMan v3.2, -->
2+<!-- available at http://polyglotman.sourceforge.net/ -->
3+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5+<html xmlns="http://www.w3.org/1999/xhtml">
7+<meta name="generator" content=
8+"HTML Tidy for Linux/x86 (vers 14 June 2007), see www.w3.org" />
9+<title>"unbound.conf"("5") manual page</title>
11+<body bgcolor='white'>
12+<p><a href='#toc'>Table of Contents</a></p>
13+<h2><a name='sect0' href='#toc0' id="sect0">Name</a></h2>
14+<p><strong>unbound.conf</strong> - Unbound configuration file.</p>
15+<h2><a name='sect1' href='#toc1' id="sect1">Synopsis</a></h2>
17+<h2><a name='sect2' href='#toc2' id="sect2">Description</a></h2>
18+<p><strong>unbound.conf</strong> is used to configure <a href=
19+'unbound.8'><em>unbound</em>(8)</a> . The file format has
20+attributes and values. Some attributes have attributes inside them.
21+The notation is: attribute: value.</p>
22+<p>Comments start with # and last to the end of line. Empty lines
23+are ignored as is whitespace at the beginning of a line.</p>
24+<p>The utility <a href=
25+'unbound-checkconf.8'><em>unbound-checkconf</em>(8)</a> can be used
26+to check unbound.conf prior to usage.</p>
27+<h2><a name='sect3' href='#toc3' id="sect3">Example</a></h2>
28+<p>An example config file is shown below. Copy this to
29+/etc/unbound/unbound.conf and start the server with:</p>
30+<p><br /></p>
32+<tt> </tt> <tt> </tt> $ unbound -c /etc/unbound/unbound.conf
34+<p>Most settings are the defaults. Stop the server with:</p>
35+<p><br /></p>
37+<tt> </tt> <tt> </tt> $ kill &lsquo;cat /etc/unbound/unbound.pid&lsquo;
39+<p>Below is a minimal config file. The source distribution contains
40+an extensive example.conf file with all the options.</p>
41+<p><br /></p>
43+# unbound.conf(5) config file for unbound(8).
45+<tt> </tt> <tt> </tt> directory: "/etc/unbound"
46+<tt> </tt> <tt> </tt> username: unbound <tt> </tt> <tt> </tt> # make sure it can write to pidfile.
47+<tt> </tt> <tt> </tt> # make sure unbound can access entropy from inside the chroot.
48+<tt> </tt> <tt> </tt> # e.g. on linux the use these commands (on BSD, devfs(8) is used):
49+<tt> </tt> <tt> </tt> # mount --bind -n /dev/random /etc/unbound/dev/random
50+<tt> </tt> <tt> </tt> # and mount --bind -n /dev/log /etc/unbound/dev/log
51+<tt> </tt> <tt> </tt> chroot: "/etc/unbound"
52+<tt> </tt> <tt> </tt> # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile.
53+<tt> </tt> <tt> </tt> pidfile: "/etc/unbound/unbound.pid"
54+<tt> </tt> <tt> </tt> # verbosity: 1<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> # uncomment and increase to get more logging.
55+<tt> </tt> <tt> </tt> # listen on all interfaces, answer queries from the local subnet.
56+<tt> </tt> <tt> </tt> interface:
57+<tt> </tt> <tt> </tt> interface: ::0
58+<tt> </tt> <tt> </tt> access-control: allow
59+<tt> </tt> <tt> </tt> access-control: 2001:DB8::/64 allow
61+<h2><a name='sect4' href='#toc4' id="sect4">File Format</a></h2>
62+<p>There must be whitespace between keywords. Attribute keywords
63+end with a colon &rsquo;:&rsquo;. An attribute is followed by its
64+containing attributes, or a value.</p>
65+<p>Files can be included using the <strong>include:</strong>
66+directive. It can appear anywhere, and takes a single filename as
67+an argument. Processing continues as if the text from the included
68+file was copied into the config file at that point.</p>
69+<h3><a name='sect5' href='#toc5' id="sect5">Server Options</a></h3>
70+<p>These options are part of the <strong>server:</strong>
73+<dt><strong>verbosity: <em>&lt;number&gt;</em></strong></dt>
74+<dd>The verbosity number, level 0 means no verbosity, only errors.
75+Level 1 gives operational information. Level 2 gives detailed
76+operational information. Level 3 gives query level information,
77+output per query. Level 4 gives algorithm level information.
78+Default is level 1. The verbosity can also be increased from the
79+commandline, see <a href='unbound.8'><em>unbound</em>(8)</a> .</dd>
82+<dd>The number of seconds between printing statistics to the log
83+for every thread. Disable with value 0 or "". Default is
85+<dt><strong>statistics-cumulative: <em>&lt;yes or
87+<dd>If enabled, statistics are cumulative since starting unbound,
88+without clearing the statistics counters after logging the
89+statistics. Default is no.</dd>
90+<dt><strong>num-threads: <em>&lt;number&gt;</em></strong></dt>
91+<dd>The number of threads to create to serve clients. Use 1 for no
93+<dt><strong>port: <em>&lt;port number&gt;</em></strong></dt>
94+<dd>The port number, default 53, on which the server responds to
96+<dt><strong>interface: <em>&lt;ip address&gt;</em></strong></dt>
97+<dd>Interface to use to connect to the network. This interface is
98+listened to for queries from clients, and answers to clients are
99+given from it. Can be given multiple times to work on several
100+interfaces. If none are given the default is to listen to
101+localhost. The interfaces are not changed on a reload (kill -HUP)
102+but only on restart.</dd>
103+<dt><strong>interface-automatic: <em>&lt;yes or
105+<dd>Detect source interface on UDP queries and copy them to
106+replies. This feature is experimental, and needs support in your OS
107+for IPv6 (and its socket options) and IPv4 (and have
108+source-interface socket options). Default value is no.</dd>
109+<dt><strong>outgoing-interface: <em>&lt;ip
111+<dd>Interface to use to connect to the network. This interface is
112+used to send queries to authoritative servers and receive their
113+replies. Can be given multiple times to work on several interfaces.
114+If none are given the default (all) is used. You can specify the
115+same interfaces in <strong>interface:</strong> and
116+<strong>outgoing-interface:</strong> lines, the interfaces are then
117+used for both purposes. Outgoing queries are sent via a random
118+outgoing interface to counter spoofing.</dd>
119+<dt><strong>outgoing-range: <em>&lt;number&gt;</em></strong></dt>
120+<dd>Number of ports to open. This number of file descriptors can be
121+opened per thread. Must be at least 1. Default is 256. Larger
122+numbers need extra resources from the operating system.</dd>
123+<dt><strong>outgoing-port-permit: <em>&lt;port number or
125+<dd>Permit unbound to open this port or range of ports for use to
126+send queries. A larger number of permitted outgoing ports increases
127+resilience against spoofing attempts. Make sure these ports are not
128+needed by other daemons. By default only ports above 1024 that have
129+not been assigned by IANA are used. Give a port number or a range
130+of the form "low-high", without spaces.</dd>
131+<dt><strong>outgoing-port-avoid: <em>&lt;port number or
133+<dd>Do not permit unbound to open this port or range of ports for
134+use to send queries. Use this to make sure unbound does not grab a
135+port that another daemon needs. The port is avoided on all outgoing
136+interfaces, both IP4 and IP6. By default only ports above 1024 that
137+have not been assigned by IANA are used. Give a port number or a
138+range of the form "low-high", without spaces.</dd>
139+<dt><strong>outgoing-num-tcp: <em>&lt;number&gt;</em></strong></dt>
140+<dd>Number of outgoing TCP buffers to allocate per thread. Default
141+is 10. If set to 0, or if do_tcp is "no", no TCP queries to
142+authoritative servers are done.</dd>
143+<dt><strong>incoming-num-tcp: <em>&lt;number&gt;</em></strong></dt>
144+<dd>Number of incoming TCP buffers to allocate per thread. Default
145+is 10. If set to 0, or if do_tcp is "no", no TCP queries from
146+clients are accepted.</dd>
147+<dt><strong>msg-buffer-size: <em>&lt;number&gt;</em></strong></dt>
148+<dd>Number of bytes size of the message buffers. Default is 65552
149+bytes, enough for 64 Kb packets, the maximum DNS message size. No
150+message larger than this can be sent or received. Can be reduced to
151+use less memory, but some requests for DNS data, such as for huge
152+resource records, will result in a SERVFAIL reply to the
154+<dt><strong>msg-cache-size: <em>&lt;number&gt;</em></strong></dt>
155+<dd>Number of bytes size of the message cache. Default is 4
156+megabytes. A plain number is in bytes, append &rsquo;k&rsquo;,
157+&rsquo;m&rsquo; or &rsquo;g&rsquo; for kilobytes, megabytes or
158+gigabytes (1024*1024 bytes in a megabyte).</dd>
159+<dt><strong>msg-cache-slabs: <em>&lt;number&gt;</em></strong></dt>
160+<dd>Number of slabs in the message cache. Slabs reduce lock
161+contention by threads. Must be set to a power of 2. Setting (close)
162+to the number of cpus is a reasonable guess.</dd>
165+<dd>The number of queries that every thread will service
166+simultaneously. If more queries arrive that need servicing, they
167+are dropped. This forces the client to resend after a timeout;
168+allowing the server time to work on the existing queries. Default
170+<dt><strong>rrset-cache-size: <em>&lt;number&gt;</em></strong></dt>
171+<dd>Number of bytes size of the RRset cache. Default is 4
172+megabytes. A plain number is in bytes, append &rsquo;k&rsquo;,
173+&rsquo;m&rsquo; or &rsquo;g&rsquo; for kilobytes, megabytes or
174+gigabytes (1024*1024 bytes in a megabyte).</dd>
177+<dd>Number of slabs in the RRset cache. Slabs reduce lock
178+contention by threads. Must be set to a power of 2.</dd>
179+<dt><strong>cache-max-ttl: <em>&lt;seconds&gt;</em></strong></dt>
180+<dd>Time to live maximum for RRsets and messages in the cache.
181+Default is 86400 seconds (1 day). If the maximum kicks in,
182+responses to clients still get decrementing TTLs based on the
183+original (larger) values. When the internal TTL expires, the cache
184+item has expired. Can be set lower to force the resolver to query
185+for data often, and not trust (very large) TTL values.</dd>
186+<dt><strong>infra-host-ttl: <em>&lt;seconds&gt;</em></strong></dt>
187+<dd>Time to live for entries in the host cache. The host cache
188+contains roundtrip timing and EDNS support information. Default is
190+<dt><strong>infra-lame-ttl: <em>&lt;seconds&gt;</em></strong></dt>
191+<dd>The time to live when a delegation is discovered to be lame.
192+Default is 900.</dd>
195+<dd>Number of slabs in the infrastructure cache. Slabs reduce lock
196+contention by threads. Must be set to a power of 2.</dd>
199+<dd>Number of hosts for which information is cached. Default is
203+<dd>Number of bytes that the lameness cache per host is allowed to
204+use. Default is 10 kb, which gives maximum storage for a couple
205+score zones, depending on the lame zone name lengths.</dd>
206+<dt><strong>do-ip4: <em>&lt;yes or no&gt;</em></strong></dt>
207+<dd>Enable or disable whether ip4 queries are answered or issued.
208+Default is yes.</dd>
209+<dt><strong>do-ip6: <em>&lt;yes or no&gt;</em></strong></dt>
210+<dd>Enable or disable whether ip6 queries are answered or issued.
211+Default is yes. If disabled, queries are not answered on IPv6, and
212+queries are not sent on IPv6 to the internet nameservers.</dd>
213+<dt><strong>do-udp: <em>&lt;yes or no&gt;</em></strong></dt>
214+<dd>Enable or disable whether UDP queries are answered or issued.
215+Default is yes.</dd>
216+<dt><strong>do-tcp: <em>&lt;yes or no&gt;</em></strong></dt>
217+<dd>Enable or disable whether TCP queries are answered or issued.
218+Default is yes.</dd>
219+<dt><strong>do-daemonize: <em>&lt;yes or no&gt;</em></strong></dt>
220+<dd>Enable or disable whether the unbound server forks into the
221+background as a daemon. Default is yes.</dd>
222+<dt><strong>access-control: <em>&lt;IP netblock&gt;
224+<dd>The netblock is given as an IP4 or IP6 address with /size
225+appended for a classless network block. The action can be deny,
226+refuse or allow. Deny stops queries from hosts from that netblock.
227+Refuse stops queries too, but sends a DNS rcode REFUSED error
228+message back. Allow gives access to clients from that netblock. By
229+default only localhost is allowed, the rest is refused. The default
230+is refused, because that is protocol-friendly. The DNS protocol is
231+not designed to handle dropped packets due to policy, and dropping
232+may result in (possibly excessive) retried queries.</dd>
233+<dt><strong>chroot: <em>&lt;directory&gt;</em></strong></dt>
234+<dd>If chroot is enabled, you should pass the configfile (from the
235+commandline) as a full path from the original root. After the
236+chroot has been performed the now defunct portion of the config
237+file path is removed to be able to reread the config after a
239+<dt>All other file paths (working dir, pidfile, logfile,
241+<dd>key files) can be specified in several ways: as an absolute
242+path relative to the new root, as a relative path to the working
243+directory, or as an absolute path relative to the original root. In
244+the last case the path is adjusted to remove the unused
246+<dt>Additionally, unbound may need to access /dev/random (for
248+<dd>and to /dev/log (if you use syslog) from inside the
250+<dt>If given a chroot is done to the given directory. The default
252+<dd>"/usr/local/etc/unbound". If you give "" no chroot is
254+<dt><strong>username: <em>&lt;name&gt;</em></strong></dt>
255+<dd>If given, after binding the port the user privileges are
256+dropped. Default is "unbound". If you give username: "" no user
257+change is performed.</dd>
258+<dt>If this user is not capable of binding the</dt>
259+<dd>port, reloads (by signal HUP) will still retain the opened
260+ports. If you change the port number in the config file, and that
261+new port number requires privileges, then a reload will fail; a
262+restart is needed.</dd>
263+<dt><strong>directory: <em>&lt;directory&gt;</em></strong></dt>
264+<dd>Sets the working directory for the program. Default is
266+<dt><strong>logfile: <em>&lt;filename&gt;</em></strong></dt>
267+<dd>If "" is given, logging goes to stderr, or nowhere once
268+daemonized. The logfile is appended to, in the following
269+format:<br />
271+[seconds since 1970] unbound[pid:tid]: type: message.
273+If this option is given, the use-syslog is option is set to "no".
274+The logfile is reopened (for append) when the config file is
275+reread, on SIGHUP.</dd>
276+<dt><strong>use-syslog: <em>&lt;yes or no&gt;</em></strong></dt>
277+<dd>Sets unbound to send log messages to the syslogd, using
278+<a href='syslog.3'><em>syslog</em>(3)</a> . The log facility
279+LOG_DAEMON is used, with identity "unbound". The logfile setting is
280+overridden when use-syslog is turned on. The default is to log to
282+<dt><strong>pidfile: <em>&lt;filename&gt;</em></strong></dt>
283+<dd>The process id is written to the file. Default is
284+"/usr/local/etc/unbound/unbound.pid". So,<br />
286+kill -HUP &lsquo;cat /usr/local/etc/unbound/unbound.pid&lsquo;
288+triggers a reload,<br />
290+kill -QUIT &lsquo;cat /usr/local/etc/unbound/unbound.pid&lsquo;
292+gracefully terminates.</dd>
293+<dt><strong>root-hints: <em>&lt;filename&gt;</em></strong></dt>
294+<dd>Read the root hints from this file. Default is nothing, using
295+builtin hints for the IN class. The file has the format of zone
296+files, with root nameserver names and addresses only. The default
297+may become outdated, when servers change, therefore it is good
298+practice to use a root-hints file.</dd>
299+<dt><strong>hide-identity: <em>&lt;yes or no&gt;</em></strong></dt>
300+<dd>If enabled id.server and hostname.bind queries are
302+<dt><strong>identity: <em>&lt;string&gt;</em></strong></dt>
303+<dd>Set the identity to report. If set to "", the default, then the
304+hostname of the server is returned.</dd>
305+<dt><strong>hide-version: <em>&lt;yes or no&gt;</em></strong></dt>
306+<dd>If enabled version.server and version.bind queries are
308+<dt><strong>version: <em>&lt;string&gt;</em></strong></dt>
309+<dd>Set the version to report. If set to "", the default, then the
310+package version is returned.</dd>
311+<dt><strong>target-fetch-policy: <em>&lt;"list of
313+<dd>Set the target fetch policy used by unbound to determine if it
314+should fetch nameserver target addresses opportunistically. The
315+policy is described per dependency depth.</dd>
316+<dt>The number of values determines the maximum dependency
318+<dd>that unbound will pursue in answering a query. A value of -1
319+means to fetch all targets opportunistically for that dependency
320+depth. A value of 0 means to fetch on demand only. A positive value
321+fetches that many targets opportunistically.</dd>
322+<dt>Enclose the list between quotes ("") and put spaces between
324+<dd>The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0"
325+gives behaviour closer to that of BIND 9, while setting "-1 -1 -1
326+-1 -1" gives behaviour rumoured to be closer to that of BIND
328+<dt><strong>harden-short-bufsize: <em>&lt;yes or
330+<dd>Very small EDNS buffer sizes from queries are ignored. Default
331+is off, since it is legal protocol wise to send these, and unbound
332+tries to give very small answers to these queries, where
334+<dt><strong>harden-large-queries: <em>&lt;yes or
336+<dd>Very large queries are ignored. Default is off, since it is
337+legal protocol wise to send these, and could be necessary for
338+operation if TSIG or EDNS payload is very large.</dd>
339+<dt><strong>harden-glue: <em>&lt;yes or no&gt;</em></strong></dt>
340+<dd>Will trust glue only if it is within the servers authority.
341+Default is on.</dd>
342+<dt><strong>harden-dnssec-stripped: <em>&lt;yes or
344+<dd>Require DNSSEC data for trust-anchored zones, if such data is
345+absent, the zone becomes bogus. If turned off, and no DNSSEC data
346+is received (or the DNSKEY data fails to validate), then the zone
347+is made insecure, this behaves like there is no trust anchor. You
348+could turn this off if you are sometimes behind an intrusive
349+firewall (of some sort) that removes DNSSEC data from packets, or a
350+zone changes from signed to unsigned to badly signed often. If
351+turned off you run the risk of a downgrade attack that disables
352+security for a zone. Default is on.</dd>
353+<dt><strong>use-caps-for-id: <em>&lt;yes or
355+<dd>Use 0x20-encoded random bits in the query to foil spoof
356+attempts. This perturbs the lowercase and uppercase of query names
357+sent to authority servers and checks if the reply still has the
358+correct casing. Disabled by default, because some caching
359+forwarders may not support this. It is known that some authority
360+servers do not support 0x20, and resolution will fail for them. A
361+solution is on the TODO list. This feature is an experimental
362+implementation of draft dns-0x20.</dd>
363+<dt><strong>do-not-query-address: <em>&lt;IP
365+<dd>Do not query the given IP address. Can be IP4 or IP6. Append
366+/num to indicate a classless delegation netblock, for example like
367+ or 2001::11/64.</dd>
368+<dt><strong>do-not-query-localhost: <em>&lt;yes or
370+<dd>If yes, localhost is added to the do-not-query-address entries,
371+both IP6 ::1 and IP4 If no, then localhost can be used
372+to send queries to. Default is yes.</dd>
373+<dt><strong>module-config: <em>&lt;"module
375+<dd>Module configuration, a list of module names separated by
376+spaces, surround the string with quotes (""). The modules can be
377+validator, iterator. Setting this to "iterator" will result in a
378+non-validating server. Setting this to "validator iterator" will
379+turn on DNSSEC validation. You must also set trust-anchors for
380+validation to be useful.</dd>
383+<dd>File with trusted keys for validation. Both DS and DNSKEY
384+entries can appear in the file. The format of the file is the
385+standard DNS Zone file format. Default is "", or no trust anchor
387+<dt><strong>trust-anchor: <em>&lt;"Resource
389+<dd>A DS or DNSKEY RR for a key to use for validation. Multiple
390+entries can be given to specify multiple trusted keys, in addition
391+to the trust-anchor-files. The resource record is entered in the
392+same format as &rsquo;dig&rsquo; or &rsquo;drill&rsquo; prints
393+them, the same format as in the zone file. Has to be on a single
394+line, with "" around it. A TTL can be specified for ease of cut and
395+paste, but is ignored. A class can be specified, but class IN is
399+<dd>File with trusted keys for validation. Specify more than one
400+file with several entries, one file per entry. Like
401+<strong>trust-anchor-file</strong> but has a different file format.
402+Format is BIND-9 style format, the trusted-keys { name flag proto
403+algo "key"; }; clauses are read.</dd>
404+<dt><strong>val-override-date: <em>&lt;rrsig-style date
406+<dd>Default is "" or "0", which disables this debugging feature. If
407+enabled by giving a RRSIG style date, that date is used for
408+verifying RRSIG inception and expiration dates, instead of the
409+current date. Do not set this unless you are debugging signature
410+inception and expiration.</dd>
411+<dt><strong>val-bogus-ttl: <em>&lt;number&gt;</em></strong></dt>
412+<dd>The time to live for bogus data. This is data that has failed
413+validation; due to invalid signatures or other checks. The TTL from
414+that data cannot be trusted, and this value is used instead. The
415+value is in seconds, default 900. The time interval prevents
416+repeated revalidation of bogus data.</dd>
417+<dt><strong>val-clean-additional: <em>&lt;yes or
419+<dd>Instruct the validator to remove data from the additional
420+section of secure messages that are not signed properly. Messages
421+that are insecure, bogus, indeterminate or unchecked are not
422+affected. Default is yes. Use this setting to protect the users
423+that rely on this validator for authentication from protentially
424+bad data in the additional section.</dd>
425+<dt><strong>val-permissive-mode: <em>&lt;yes or
427+<dd>Instruct the validator to mark bogus messages as indeterminate.
428+The security checks are performed, but if the result is bogus
429+(failed security), the reply is not withheld from the client with
430+SERVFAIL as usual. The client receives the bogus data. For messages
431+that are found to be secure the AD bit is set in replies. Also
432+logging is performed as for full validation. The default value is
434+<dt><strong>val-nsec3-keysize-iterations: <em>&lt;"list of
436+<dd>List of keysize and iteration count values, separated by
437+spaces, surrounded by quotes. Default is "1024 150 2048 500 4096
438+2500". This determines the maximum allowed NSEC3 iteration count
439+before a message is simply marked insecure instead of performing
440+the many hashing iterations. The list must be in ascending order
441+and have at least one entry. If you set it to "1024 65535" there is
442+no restriction to NSEC3 iteration values. This table must be kept
443+short; a very long list could cause slower operation.</dd>
444+<dt><strong>key-cache-size: <em>&lt;number&gt;</em></strong></dt>
445+<dd>Number of bytes size of the key cache. Default is 4 megabytes.
446+A plain number is in bytes, append &rsquo;k&rsquo;, &rsquo;m&rsquo;
447+or &rsquo;g&rsquo; for kilobytes, megabytes or gigabytes (1024*1024
448+bytes in a megabyte).</dd>
449+<dt><strong>key-cache-slabs: <em>&lt;number&gt;</em></strong></dt>
450+<dd>Number of slabs in the key cache. Slabs reduce lock contention
451+by threads. Must be set to a power of 2. Setting (close) to the
452+number of cpus is a reasonable guess.</dd>
453+<dt><strong>local-zone: <em>&lt;zone&gt;
455+<dd>Configure a local zone. The type determines the answer to give
456+if there is no match from local-data. The types are deny, refuse,
457+static, transparent, redirect, nodefault, and are explained below.
458+After that the default settings are listed. Use local-data: to
459+enter data into the local zone. Answers for local zones are
460+authoritative DNS answers. By default the zones are class IN.</dd>
461+<dt>If you need more complicated authoritative data, with
462+referrals, wildcards,</dt>
463+<dd>CNAME/DNAME support, or DNSSEC authoritative service, setup a
464+stub-zone for it as detailed in the stub zone section below.</dd>
466+<dd>Do not send an answer, drop the query. If there is a match from
467+local data, the query is answered.</dd>
469+<dd>Send an error message reply, with rcode REFUSED. If there is a
470+match from local data, the query is answered.</dd>
472+<dd>If there is a match from local data, the query is answered.
473+Otherwise, the query is answered with nodata or nxdomain. For a
474+negative answer a SOA is included in the answer if present as
475+local-data for the zone apex domain.</dd>
477+<dd>If there is a match from local data, the query is answered.
478+Otherwise, the query is resolved normally. If no local-zone is
479+given local-data causes a transparent zone to be created by
482+<dd>The query is answered from the local data for the zone name.
483+There may be no local data beneath the zone name. This answers
484+queries for the zone, and all subdomains of the zone with the local
485+data for the zone. It can be used to redirect a domain to a
486+different address, with local-zone: "example.com." redirect and
487+local-data: "example.com. A" queries for www.example.com
488+and www.foo.example.com are redirected.</dd>
490+<dd>Used to turn off default contents for AS112 zones. The other
491+types also turn off default contents for the zone. The
492+&rsquo;nodefault&rsquo; option has no other effect than turning off
493+default contents for the given zone.</dd>
495+<p>The default zones are localhost, reverse and ::1, and
496+the AS112 zones. The AS112 zones are reverse DNS zones for private
497+use and reserved IP addresses for which the servers on the internet
498+cannot provide correct answers. They are configured by default to
499+give nxdomain (no reverse information) answers. The defaults can be
500+turned off by specifying your own local-zone of that name, or using
501+the &rsquo;nodefault&rsquo; type. Below is a list of the default
502+zone contents.</p>
505+<dd>The IP4 and IP6 localhost information is given. NS and SOA
506+records are provided for completeness and to satisfy some DNS
507+update tools. Default content:<br />
509+local-zone: "localhost." static
510+local-data: "localhost. 10800 IN NS localhost."
511+local-data: "localhost. 10800 IN
512+ SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
513+local-data: "localhost. 10800 IN A"
514+local-data: "localhost. 10800 IN AAAA ::1"
516+<dt><em>reverse IPv4 loopback</em></dt>
517+<dd>Default content:<br />
519+local-zone: "127.in-addr.arpa." static
520+local-data: "127.in-addr.arpa. 10800 IN NS localhost."
521+local-data: "127.in-addr.arpa. 10800 IN
522+ SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
523+local-data: " 10800 IN
524+ PTR localhost."
526+<dt><em>reverse IPv6 loopback</em></dt>
527+<dd>Default content:<br />
529+local-zone: "
530+" static
531+local-data: "
532+ 10800 IN
533+ NS localhost."
534+local-data: "
535+ 10800 IN
536+ SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
537+local-data: "
538+ 10800 IN
539+ PTR localhost."
541+<dt><em>reverse RFC1918 local use zones</em></dt>
542+<dd>Reverse data for zones 10.in-addr.arpa, 16.172.in-addr.arpa to
543+31.172.in-addr.arpa, 168.192.in-addr.arpa. The
544+<strong>local-zone:</strong> is set static and as
545+<strong>local-data:</strong> SOA and NS records are provided.</dd>
546+<dt><em>reverse RFC3330 IP4 this, link-local, testnet and
548+<dd>Reverse data for zones 0.in-addr.arpa, 254.169.in-addr.arpa,
550+<dt><em>reverse RFC4291 IP6 unspecified</em></dt>
551+<dd>Reverse data for zone<br />
556+<dt><em>reverse RFC4193 IPv6 Locally Assigned Local
558+<dd>Reverse data for zone D.F.ip6.arpa.</dd>
559+<dt><em>reverse RFC4291 IPv6 Link Local Addresses</em></dt>
560+<dd>Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.</dd>
561+<dt><em>reverse IPv6 Example Prefix</em></dt>
562+<dd>Reverse data for zone 8.B.D. This zone is
563+used for tutorials and examples. You can remove the block on this
564+zone with:<br />
566+ local-zone: 8.B.D. nodefault
568+This also works with the other default zones.</dd>
569+<dt><strong>local-data: <em>"&lt;resource record
571+<dd>Configure local data, which is served in reply to queries for
572+it. The query has to match exactly unless you configure the
573+local-zone as redirect. If not matched exactly, the local-zone type
574+determines further processing. If local-data is configured that is
575+not a subdomain of a local-zone, a transparent local-zone is
576+configured. For record types such as TXT, use single quotes, as in
577+local-data: &rsquo;example. TXT "text"&rsquo;.</dd>
578+<dt>If you need more complicated authoritative data, with
579+referrals, wildcards,</dt>
580+<dd>CNAME/DNAME support, or DNSSEC authoritative service, setup a
581+stub-zone for it as detailed in the stub zone section below.</dd>
583+<h3><a name='sect6' href='#toc6' id="sect6">Stub Zone
585+<p>There may be multiple <strong>stub-zone:</strong> clauses. Each
586+with a name: and zero or more hostnames or IP addresses. For the
587+stub zone this list of nameservers is used. Class IN is
589+<p>The stub zone can be used to configure authoritative data to be
590+used by the resolver that cannot be accessed using the public
591+internet servers. This is useful for company-local data or private
592+zones. Setup an authoritative server on a different host (or
593+different port). Enter a config entry for unbound with
594+<strong>stub-addr:</strong> &lt;ip address of host[@port]&gt;. The
595+unbound resolver can then access the data, without referring to the
596+public internet for it.</p>
597+<p>This setup allows DNSSEC signed zones to be served by that
598+authoritative server, in which case a trusted key entry with the
599+public key can be put in config, so that unbound can validate the
600+data and set the AD bit on replies for the private zone
601+(authoritative servers do not set the AD bit). This setup makes
602+unbound capable of answering queries for the private zone, and can
603+even set the AD bit (&rsquo;authentic&rsquo;), but the AA
604+(&rsquo;authoritative&rsquo;) bit is not set on these replies.</p>
606+<dt><strong>name: <em>&lt;domain name&gt;</em></strong></dt>
607+<dd>Name of the stub zone.</dd>
608+<dt><strong>stub-host: <em>&lt;domain name&gt;</em></strong></dt>
609+<dd>Name of stub zone nameserver. Is itself resolved before it is
611+<dt><strong>stub-addr: <em>&lt;IP address&gt;</em></strong></dt>
612+<dd>IP address of stub zone nameserver. Can be IP 4 or IP 6. To use
613+a nondefault port for DNS communication append &rsquo;@&rsquo; with
614+the port number.</dd>
616+<h3><a name='sect7' href='#toc7' id="sect7">Forward Zone
618+<p>There may be multiple <strong>forward-zone:</strong> clauses.
619+Each with a name: and zero or more hostnames or IP addresses. For
620+the forward zone this list of nameservers is used to forward the
621+queries to. The servers have to handle further recursion for the
622+query. Class IN is assumed. A forward-zone entry with name "." and
623+a forward-addr target will forward all queries to that other server
624+(unless it can answer from the cache).</p>
626+<dt><strong>name: <em>&lt;domain name&gt;</em></strong></dt>
627+<dd>Name of the forward zone.</dd>
628+<dt><strong>forward-host: <em>&lt;domain
630+<dd>Name of server to forward to. Is itself resolved before it is
632+<dt><strong>forward-addr: <em>&lt;IP address&gt;</em></strong></dt>
633+<dd>IP address of server to forward to. Can be IP 4 or IP 6. To use
634+a nondefault port for DNS communication append &rsquo;@&rsquo; with
635+the port number.</dd>
637+<h2><a name='sect8' href='#toc8' id="sect8">Memory Control
639+<p>In the example config settings below memory usage is reduced.
640+Some service levels are lower, notable very large data and a high
641+TCP load are no longer supported. Very large data and high TCP
642+loads are exceptional for the DNS. DNSSEC validation is enabled,
643+just add trust anchors. If you do not have to worry about programs
644+using more than 3 Mb of memory, the below example is not for you.
645+Use the defaults to receive full service, which on BSD-32bit tops
646+out at 30-40 Mb after heavy usage.</p>
647+<p><br /></p>
649+# example settings that reduce memory usage
651+<tt> </tt> <tt> </tt> num-threads: 1
652+<tt> </tt> <tt> </tt> outgoing-num-tcp: 1<tt> </tt> <tt> </tt> # this limits TCP service, uses less buffers.
653+<tt> </tt> <tt> </tt> incoming-num-tcp: 1
654+<tt> </tt> <tt> </tt> outgoing-range: 16<tt> </tt> <tt> </tt> # uses less memory, but less performance.
655+<tt> </tt> <tt> </tt> msg-buffer-size: 8192 # note this limits service, &rsquo;no huge stuff&rsquo;.
656+<tt> </tt> <tt> </tt> msg-cache-size: 100k
657+<tt> </tt> <tt> </tt> msg-cache-slabs: 1
658+<tt> </tt> <tt> </tt> rrset-cache-size: 100k
659+<tt> </tt> <tt> </tt> rrset-cache-slabs: 1
660+<tt> </tt> <tt> </tt> infra-cache-numhosts: 200
661+<tt> </tt> <tt> </tt> infra-cache-slabs: 1
662+<tt> </tt> <tt> </tt> infra-cache-lame-size: 1k
663+<tt> </tt> <tt> </tt> key-cache-size: 100k
664+<tt> </tt> <tt> </tt> key-cache-slabs: 1
665+<tt> </tt> <tt> </tt> num-queries-per-thread: 30
666+<tt> </tt> <tt> </tt> target-fetch-policy: "2 1 0 0 0 0"
667+<tt> </tt> <tt> </tt> harden-large-queries: "yes"
668+<tt> </tt> <tt> </tt> harden-short-bufsize: "yes"
670+<h2><a name='sect9' href='#toc9' id="sect9">Files</a></h2>
673+<dd>default unbound working directory.</dd>
675+<dd>default <a href='chroot.2'><em>chroot</em>(2)</a>
678+<dd>unbound configuration file.</dd>
680+<dd>default unbound pidfile with process ID of the running
683+<dd>unbound log file. default is to log to <a href=
684+'syslog.3'><em>syslog</em>(3)</a> .</dd>
686+<h2><a name='sect10' href='#toc10' id="sect10">See Also</a></h2>
687+<p><a href='unbound.8'><em>unbound</em>(8)</a> , <a href=
688+'unbound-checkconf.8'><em>unbound-checkconf</em>(8)</a> .</p>
689+<h2><a name='sect11' href='#toc11' id="sect11">Authors</a></h2>
690+<p><strong>Unbound</strong> was written by NLnet Labs. Please see
691+CREDITS file in the distribution for further details.</p>
692+<hr />
693+<p><a name='toc' id="toc"><strong>Table of
696+<li><a name='toc0' href='#sect0' id="toc0">Name</a></li>
697+<li><a name='toc1' href='#sect1' id="toc1">Synopsis</a></li>
698+<li><a name='toc2' href='#sect2' id="toc2">Description</a></li>
699+<li><a name='toc3' href='#sect3' id="toc3">Example</a></li>
700+<li><a name='toc4' href='#sect4' id="toc4">File Format</a></li>
701+<li style="list-style: none; display: inline">
703+<li><a name='toc5' href='#sect5' id="toc5">Server Options</a></li>
704+<li><a name='toc6' href='#sect6' id="toc6">Stub Zone
706+<li><a name='toc7' href='#sect7' id="toc7">Forward Zone
710+<li><a name='toc8' href='#sect8' id="toc8">Memory Control
712+<li><a name='toc9' href='#sect9' id="toc9">Files</a></li>
713+<li><a name='toc10' href='#sect10' id="toc10">See Also</a></li>
714+<li><a name='toc11' href='#sect11' id="toc11">Authors</a></li>
--- unbound/trunk/omegat/source/libunbound.3.html (nonexistent)
+++ unbound/trunk/omegat/source/libunbound.3.html (revision 4)
@@ -0,0 +1,286 @@
1+<!-- manual page source format generated by PolyglotMan v3.2, -->
2+<!-- available at http://polyglotman.sourceforge.net/ -->
3+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5+<html xmlns="http://www.w3.org/1999/xhtml">
7+<meta name="generator" content=
8+"HTML Tidy for Linux/x86 (vers 14 June 2007), see www.w3.org" />
9+<title>"libunbound"("3") manual page</title>
11+<body bgcolor='white'>
12+<p><a href='#toc'>Table of Contents</a></p>
13+<h2><a name='sect0' href='#toc0' id="sect0">Name</a></h2>
14+<p><strong>libunbound,</strong> <strong>unbound.h,</strong>
15+<strong>ub_ctx,</strong> <strong>ub_result,</strong>
16+<strong>ub_callback_t,</strong> <strong>ub_ctx_create,</strong>
17+<strong>ub_ctx_delete,</strong> <strong>ub_ctx_set_option,</strong>
18+<strong>ub_ctx_config,</strong> <strong>ub_ctx_set_fwd,</strong>
19+<strong>ub_ctx_resolvconf,</strong> <strong>ub_ctx_hosts,</strong>
24+<strong>ub_ctx_debuglevel,</strong> <strong>ub_ctx_async,</strong>
25+<strong>ub_poll,</strong> <strong>ub_wait,</strong>
26+<strong>ub_fd,</strong> <strong>ub_process,</strong>
27+<strong>ub_resolve,</strong> <strong>ub_resolve_async,</strong>
28+<strong>ub_cancel,</strong> <strong>ub_resolve_free,</strong>
29+<strong>ub_strerror</strong> - Unbound DNS validating resolver
30+1.0.2 functions.</p>
31+<h2><a name='sect1' href='#toc1' id="sect1">Synopsis</a></h2>
32+<p><strong>#include &lt;unbound.h&gt;</strong></p>
33+<p><em>struct ub_ctx *</em>
35+<p><em>void</em> <strong>ub_ctx_delete</strong>(<em>struct
36+ub_ctx*</em> ctx);</p>
37+<p><em>int</em> <strong>ub_ctx_set_option</strong>(<em>struct
38+ub_ctx*</em> ctx, <em>char*</em> opt, <em>char*</em> val);</p>
39+<p><em>int</em> <strong>ub_ctx_config</strong>(<em>struct
40+ub_ctx*</em> ctx, <em>char*</em> fname);</p>
41+<p><em>int</em> <strong>ub_ctx_set_fwd</strong>(<em>struct
42+ub_ctx*</em> ctx, <em>char*</em> addr);</p>
43+<p><em>int</em> <strong>ub_ctx_resolvconf</strong>(<em>struct
44+ub_ctx*</em> ctx, <em>char*</em> fname);</p>
45+<p><em>int</em> <strong>ub_ctx_hosts</strong>(<em>struct
46+ub_ctx*</em> ctx, <em>char*</em> fname);</p>
47+<p><em>int</em> <strong>ub_ctx_add_ta</strong>(<em>struct
48+ub_ctx*</em> ctx, <em>char*</em> ta);</p>
49+<p><em>int</em> <strong>ub_ctx_add_ta_file</strong>(<em>struct
50+ub_ctx*</em> ctx, <em>char*</em> fname);</p>
51+<p><em>int</em> <strong>ub_ctx_trustedkeys</strong>(<em>struct
52+ub_ctx*</em> ctx, <em>char*</em> fname);</p>
53+<p><em>int</em> <strong>ub_ctx_debugout</strong>(<em>struct
54+ub_ctx*</em> ctx, <em>FILE*</em> out);</p>
55+<p><em>int</em> <strong>ub_ctx_debuglevel</strong>(<em>struct
56+ub_ctx*</em> ctx, <em>int</em> d);</p>
57+<p><em>int</em> <strong>ub_ctx_async</strong>(<em>struct
58+ub_ctx*</em> ctx, <em>int</em> dothread);</p>
59+<p><em>int</em> <strong>ub_poll</strong>(<em>struct ub_ctx*</em>
61+<p><em>int</em> <strong>ub_wait</strong>(<em>struct ub_ctx*</em>
63+<p><em>int</em> <strong>ub_fd</strong>(<em>struct ub_ctx*</em>
65+<p><em>int</em> <strong>ub_process</strong>(<em>struct ub_ctx*</em>
67+<p><em>int</em> <strong>ub_resolve</strong>(<em>struct ub_ctx*</em>
68+ctx, <em>char*</em> name,<br />
69+<em>int</em> rrtype, <em>int</em> rrclass, <em>int*</em>
70+secure,<br />
71+<br />
72+<em>int*</em> data, <em>struct ub_result**</em> result);<br /></p>
73+<p><em>int</em> <strong>ub_resolve_async</strong>(<em>struct
74+ub_ctx*</em> ctx, <em>char*</em> name,<br />
75+<em>int</em> rrtype, <em>int</em> rrclass, <em>void*</em>
76+mydata,<br />
77+<br />
78+<em>ub_callback_t</em> callback, <em>int*</em> async_id);<br /></p>
79+<p><em>int</em> <strong>ub_cancel</strong>(<em>struct ub_ctx*</em>
80+ctx, <em>int</em> async_id);</p>
81+<p><em>void</em> <strong>ub_resolve_free</strong>(<em>struct
82+ub_result*</em> result);</p>
83+<p><em>const char *</em> <strong>ub_strerror</strong>(<em>int</em>
85+<h2><a name='sect2' href='#toc2' id="sect2">Description</a></h2>
86+<p><strong>Unbound</strong> is an implementation of a DNS resolver,
87+that does caching and DNSSEC validation. This is the library API,
88+for using the -lunbound library. The server daemon is described in
89+<a href='unbound.8'><em>unbound</em>(8)</a> . The library can be
90+used to convert hostnames to ip addresses, and back, and obtain
91+other information from the DNS. The library performs public-key
92+validation of results with DNSSEC.</p>
93+<p>The library uses a variable of type <em>struct ub_ctx</em> to
94+keep context between calls. The user must maintain it, creating it
95+with <strong>ub_ctx_create</strong> and deleting it with
96+<strong>ub_ctx_delete.</strong> It can be created and deleted at
97+any time. Creating it anew removes any previous configuration (such
98+as trusted keys) and clears any cached results.</p>
99+<p>The functions are thread-safe, and a context an be used in a
100+threaded (as well as in a non-threaded) environment. Also
101+resolution (and validation) can be performed blocking and
102+non-blocking (also called asynchronous). The async method returns
103+from the call immediately, so that processing can go on, while the
104+results become available later.</p>
105+<p>The functions are discussed in turn below.</p>
106+<h2><a name='sect3' href='#toc3' id="sect3">Functions</a></h2>
109+<dd>Create a new context, initialised with defaults. The
110+information from /etc/resolv.conf and /etc/hosts is not utilised by
111+default. Use <strong>ub_ctx_resolvconf</strong> and
112+<strong>ub_ctx_hosts</strong> to read them.</dd>
114+<dd>Delete validation context and free associated resources.
115+Outstanding async queries are killed and callbacks are not called
116+for them.</dd>
118+<dd>A power-user interface that lets you specify one of the options
119+from the config file format, see <a href=
120+'unbound.conf.5'><em>unbound.conf</em>(5)</a> . Not all options are
121+relevant. For some specific options, such as adding trust anchors,
122+special routines exist. Pass the option name with the trailing
125+<dd>A power-user interface that lets you specify an unbound config
126+file, see <a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> ,
127+which is read for configuration. Not all options are relevant. For
128+some specific options, such as adding trust anchors, special
129+routines exist.</dd>
131+<dd>Set machine to forward DNS queries to, the caching resolver to
132+use. IP4 or IP6 address. Forwards all DNS requests to that machine,
133+which is expected to run a recursive resolver. If the proxy is not
134+DNSSEC capable, validation may fail. Can be called several times,
135+in that case the addresses are used as backup servers. At this time
136+it is only possible to set configuration before the first resolve
137+is done.</dd>
139+<dd>Read list of nameservers to use from the filename given.
140+Usually "/etc/resolv.conf". Uses those nameservers as caching
141+proxies. If they do not support DNSSEC, validation may fail. Only
142+nameservers are picked up, the searchdomain, ndots and other
143+settings from <a href='resolv.conf.5'><em>resolv.conf</em>(5)</a>
144+are ignored. If fname NULL is passed, "/etc/resolv.conf" is used.
145+At this time it is only possible to set configuration before the
146+first resolve is done.</dd>
148+<dd>Read list of hosts from the filename given. Usually
149+"/etc/hosts". When queried for, these addresses are not marked
150+DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used. At
151+this time it is only possible to set configuration before the first
152+resolve is done.</dd>
154+<dd>Add a trust anchor to the given context. At this time it is
155+only possible to add trusted keys before the first resolve is done.
156+The format is a string, similar to the zone-file format,
157+[domainname] [type] [rdata contents]. Both DS and DNSKEY records
158+are accepted.</dd>
160+<dd>Add trust anchors to the given context. Pass name of a file
161+with DS and DNSKEY records in zone file format. At this time it is
162+only possible to add trusted keys before the first resolve is
165+<dd>Add trust anchors to the given context. Pass the name of a
166+bind-style config file with trusted-keys{}. At this time it is only
167+possible to add trusted keys before the first resolve is done.</dd>
169+<dd>Set debug and error log output to the given stream. Pass NULL
170+to disable output. Default is stderr. File-names or using syslog
171+can be enabled using config options, this routine is for using your
172+own stream.</dd>
174+<dd>Set debug verbosity for the context. Output is directed to
175+stderr. Higher debug level gives more output.</dd>
177+<dd>Set a context behaviour for asynchronous action. if set to
178+true, enables threading and a call to
179+<strong>ub_resolve_async</strong> creates a thread to handle work
180+in the background. If false, a process is forked to handle work in
181+the background. Changes to this setting after
182+<strong>ub_resolve_async</strong> calls have been made have no
183+effect (delete and re-create the context to change).</dd>
185+<dd>Poll a context to see if it has any new results. Do not poll in
186+a loop, instead extract the fd below to poll for readiness, and
187+then check, or wait using the wait routine. Returns 0 if nothing to
188+read, or nonzero if a result is available. If nonzero, call
189+<strong>ub_process</strong> to do callbacks.</dd>
191+<dd>Wait for a context to finish with results. Calls
192+<strong>ub_process</strong> after the wait for you. After the wait,
193+there are no more outstanding asynchronous queries.</dd>
195+<dd>Get file descriptor. Wait for it to become readable, at this
196+point answers are returned from the asynchronous validating
197+resolver. Then call the <strong>ub_process</strong> to continue
200+<dd>Call this routine to continue processing results from the
201+validating resolver (when the fd becomes readable). Will perform
202+necessary callbacks.</dd>
204+<dd>Perform resolution and validation of the target name. The name
205+is a domain name in a zero terminated text string. The rrtype and
206+rrclass are DNS type and class codes. The value secure returns true
207+if the answer validated securely. The value data returns true if
208+there was data. The result structure is newly allocated with the
209+resulting data.</dd>
211+<dd>Perform asynchronous resolution and validation of the target
212+name. Arguments mean the same as for <strong>ub_resolve</strong>
213+except no data is returned immediately, instead a callback is
214+called later. The callback receives a copy of the mydata pointer,
215+that you can use to pass information to the callback. The callback
216+type is a function pointer to a function declared as</dd>
217+<dt>void my_callback_function(void* my_arg, int err,</dt>
218+<dd><br />
219+struct ub_result* result);<br /></dd>
220+<dt>The async_id is returned so you can (at your option) decide to
221+track it</dt>
222+<dd>and cancel the request if needed.</dd>
224+<dd>Cancel an async query in progress.</dd>
226+<dd>Free struct ub_result contents after use.</dd>
228+<dd>Convert error value from one of the unbound library functions
229+to a human readable string.</dd>
231+<h2><a name='sect4' href='#toc4' id="sect4">Result Data
233+<p>The result of the DNS resolution and validation is returned as
234+<em>struct ub_result</em>. The result structure contains the
235+following entries.</p>
236+<p><br /></p>
238+<tt> </tt> <tt> </tt> struct ub_result {
239+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> char* qname; /* text string, original question */
240+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int qtype; /* type code asked for */
241+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int qclass; /* class code asked for */
242+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> char** data; /* array of rdata items, NULL terminated*/
243+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int* len; /* array with lengths of rdata items */
244+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> char* canonname; /* canonical name of result */
245+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int rcode; /* additional error code in case of no data */
246+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> void* answer_packet; /* full network format answer packet */
247+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int answer_len; /* length of packet in octets */
248+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int havedata; /* true if there is data */
249+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int nxdomain; /* true if nodata because name does not exist */
250+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int secure; /* true if result is secure */
251+<tt> </tt> <tt> </tt> <tt> </tt> <tt> </tt> int bogus; /* true if a security failure happened */
252+<tt> </tt> <tt> </tt> };
254+<p>If both secure and bogus are false, security was not enabled for
255+the domain of the query.</p>
256+<h2><a name='sect5' href='#toc5' id="sect5">Return Values</a></h2>
257+<p>Many routines return an error code. The value 0 (zero) denotes
258+no error happened. Other values can be passed to
259+<strong>ub_strerror</strong> to obtain a readable error string.
260+<strong>ub_strerror</strong> returns a zero terminated string.
261+<strong>ub_ctx_create</strong> returns NULL on an error (a malloc
262+failure). <strong>ub_poll</strong> returns true if some information
263+may be available, false otherwise. <strong>ub_fd</strong> returns a
264+file descriptor or -1 on error.</p>
265+<h2><a name='sect6' href='#toc6' id="sect6">See Also</a></h2>
266+<p><a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> , <a href=
267+'unbound.8'><em>unbound</em>(8)</a> .</p>
268+<h2><a name='sect7' href='#toc7' id="sect7">Authors</a></h2>
269+<p><strong>Unbound</strong> developers are mentioned in the CREDITS
270+file in the distribution.</p>
271+<hr />
272+<p><a name='toc' id="toc"><strong>Table of
275+<li><a name='toc0' href='#sect0' id="toc0">Name</a></li>
276+<li><a name='toc1' href='#sect1' id="toc1">Synopsis</a></li>
277+<li><a name='toc2' href='#sect2' id="toc2">Description</a></li>
278+<li><a name='toc3' href='#sect3' id="toc3">Functions</a></li>
279+<li><a name='toc4' href='#sect4' id="toc4">Result Data
281+<li><a name='toc5' href='#sect5' id="toc5">Return Values</a></li>
282+<li><a name='toc6' href='#sect6' id="toc6">See Also</a></li>
283+<li><a name='toc7' href='#sect7' id="toc7">Authors</a></li>
--- unbound/trunk/omegat/source/unbound-host.1.html (nonexistent)
+++ unbound/trunk/omegat/source/unbound-host.1.html (revision 4)
@@ -0,0 +1,103 @@
1+<!-- manual page source format generated by PolyglotMan v3.2, -->
2+<!-- available at http://polyglotman.sourceforge.net/ -->
3+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5+<html xmlns="http://www.w3.org/1999/xhtml">
7+<meta name="generator" content=
8+"HTML Tidy for Linux/x86 (vers 14 June 2007), see www.w3.org" />
9+<title>"unbound\-host"("1") manual page</title>
11+<body bgcolor='white'>
12+<p><a href='#toc'>Table of Contents</a></p>
13+<h2><a name='sect0' href='#toc0' id="sect0">Name</a></h2>
14+<p><strong>unbound-host</strong> - unbound DNS lookup utility</p>
15+<h2><a name='sect1' href='#toc1' id="sect1">Synopsis</a></h2>
16+<p><strong>unbound-host</strong> [<strong>-vdhr</strong>]
17+[<strong>-c</strong> <em>class</em>] [<strong>-t</strong>
18+<em>type</em>] <em>hostname</em> [<strong>-y</strong> <em>key</em>]
19+[<strong>-f</strong> <em>keyfile</em>] [<strong>-F</strong>
20+<em>namedkeyfile</em>] [<strong>-C</strong>
22+<h2><a name='sect2' href='#toc2' id="sect2">Description</a></h2>
23+<p><strong>Unbound-host</strong> uses the unbound validating
24+resolver to query for the hostname and display results. With the
25+<strong>-v</strong> option it displays validation status: secure,
26+insecure, bogus (security failure).</p>
27+<p>The available options are:</p>
30+<dd>This name is resolved (looked up in the DNS). If a IPv4 or IPv6
31+address is given, a reverse lookup is performed.</dd>
33+<dd>Show the version and commandline option help.</dd>
35+<dd>Enable verbose output and it shows validation results, on every
36+line. Secure means that the NXDOMAIN (no such domain name), nodata
37+(no such data) or positive data response validated correctly with
38+one of the keys. Insecure means that that domain name has no
39+security set up for it. Bogus (security failure) means that the
40+response failed one or more checks, it is likely wrong, outdated,
41+tampered with, or broken.</dd>
43+<dd>Enable debug output to stderr. One -d shows what the resolver
44+and validator are doing and may tell you what is going on. More
45+times, -d -d, gives a lot of output, with every packet sent and
47+<dt><strong>-c <em>class</em></strong></dt>
48+<dd>Specify the class to lookup for, the default is IN the internet
50+<dt><strong>-t <em>type</em></strong></dt>
51+<dd>Specify the type of data to lookup. The default looks for IPv4,
52+IPv6 and mail handler data, or domain name pointers for reverse
54+<dt><strong>-y <em>key</em></strong></dt>
55+<dd>Specify a public key to use as trust anchor. This is the base
56+for a chain of trust that is built up from the trust anchor to the
57+response, in order to validate the response message. Can be given
58+as a DS or DNSKEY record. For example -y "example.com DS 31560 5 1
60+<dt><strong>-f <em>keyfile</em></strong></dt>
61+<dd>Reads keys from a file. Every line has a DS or DNSKEY record,
62+in the format as for -y. The zone file format, the same as dig and
63+drill produce.</dd>
64+<dt><strong>-F <em>namedkeyfile</em></strong></dt>
65+<dd>Reads keys from a BIND-style named.conf file. Only the
66+trusted-key {}; entries are read.</dd>
67+<dt><strong>-C <em>configfile</em></strong></dt>
68+<dd>Uses the specified unbound.conf to prime <a href=
69+'libunbound.3'><em>libunbound</em>(3)</a> .</dd>
71+<dd>Read /etc/resolv.conf, and use the forward DNS servers from
72+there (those could have been set by DHCP). More info in <a href=
73+'resolv.conf.5'><em>resolv.conf</em>(5)</a> . Breaks validation if
74+those servers do not support DNSSEC.</dd>
76+<h2><a name='sect3' href='#toc3' id="sect3">Examples</a></h2>
77+<p>Some examples of use. The keys shown below are fakes, thus a
78+security failure is encountered.</p>
79+<p>$ unbound-host www.example.com</p>
80+<p>$ unbound-host -v -y "example.com DS 31560 5 1
81+1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com</p>
82+<p>$ unbound-host -v -y "example.com DS 31560 5 1
84+<h2><a name='sect4' href='#toc4' id="sect4">Exit Code</a></h2>
85+<p>The unbound-host program exits with status code 1 on error, 0 on
86+no error. The data may not be available on exit code 0, exit code 1
87+means the lookup encountered a fatal error.</p>
88+<h2><a name='sect5' href='#toc5' id="sect5">See Also</a></h2>
89+<p><a href='unbound.conf.5'><em>unbound.conf</em>(5)</a> , <a href=
90+'unbound.8'><em>unbound</em>(8)</a> .</p>
91+<hr />
92+<p><a name='toc' id="toc"><strong>Table of
95+<li><a name='toc0' href='#sect0' id="toc0">Name</a></li>
96+<li><a name='toc1' href='#sect1' id="toc1">Synopsis</a></li>
97+<li><a name='toc2' href='#sect2' id="toc2">Description</a></li>
98+<li><a name='toc3' href='#sect3' id="toc3">Examples</a></li>
99+<li><a name='toc4' href='#sect4' id="toc4">Exit Code</a></li>
100+<li><a name='toc5' href='#sect5' id="toc5">See Also</a></li>
Afficher sur ancien navigateur de dépôt.