From 3e103c29831c6059a974d00ad78ff65b46763111 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 29 Feb 2008 09:28:55 +0000 Subject: [PATCH] doc nicer. git-svn-id: file:///svn/unbound/trunk@1004 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 3 +++ doc/README | 7 ++----- doc/README.svn | 4 ++-- doc/TODO | 31 ++++++++++--------------------- doc/unbound-host.1 | 3 ++- doc/unbound.conf.5 | 15 ++++++++------- 6 files changed, 27 insertions(+), 36 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 5a0ec3e65..377255435 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +29 February 2008: Wouter + - documentation update. + 28 February 2008: Wouter - fixed memory leaks in libunbound (during cancellation and wait). - libunbound returns the answer packet in full. diff --git a/doc/README b/doc/README index c44debc3f..fd25966b1 100644 --- a/doc/README +++ b/doc/README @@ -4,7 +4,7 @@ http://unbound.net This software is under BSD license, see LICENSE for details. -* Download the latest version of this software from +* Download the latest release version of this software from http://unbound.net or get a beta version from the svn repository at http://unbound.net/svn/ @@ -15,10 +15,6 @@ This software is under BSD license, see LICENSE for details. * libevent http://www.monkey.org/~provos/libevent/ (BSD license) (optional) can use builtin alternative instead. -* Create build environment - * run libtoolize -c if config.sub is missing, or run glibtoolize. - * autoreconf (autoheader && autoconf), if ./configure is missing. - * Make and install: ./configure; make; make install * Use GNU make; default on linux, often called 'gmake' on BSD and Solaris. * --with-ldns=/path/to/ldns @@ -74,6 +70,7 @@ o If you are not receiving the correct source IP address on replies (e.g. Acknowledgements ---------------- +o Unbound was written in portable C by Wouter Wijngaards (NLnet Labs). o Thanks to David Blacka and Matt Larson (Verisign) for the unbound-java prototype. Design and code from that prototype has been used to create this program. Such as the iterator state machine and the cache design. diff --git a/doc/README.svn b/doc/README.svn index 18c145849..18ff73925 100644 --- a/doc/README.svn +++ b/doc/README.svn @@ -1,8 +1,8 @@ README.svn For a svn checkout -* Create build environment - see README. - * possibly copy aclocal.m4 from your autoconf/libtool setup. +* configure script, aclocal.m4, as well as yacc/lex output files are + committed to the repository. * Note changes in the Changelog. * Every check-in a postcommit hook is run diff --git a/doc/TODO b/doc/TODO index 758888483..4f2709b37 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,43 +1,32 @@ TODO items. o understand synthesized DNAMEs, so those TTL=0 packets are cached properly. -o understand NSEC/NSEC3, aggressive negative caching, so that updates to - NSEC/NSEC3 will result in proper negative responses. +o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 + will result in proper negative responses. o get serverselection algorithm out of local optimum. make subtargets to get rtt info for a couple of targets, like fetch-policy. or send out multiple queries to multiple servers. -o configuration option where port 53 is used for send and receive, no other - ports are used. +o (option) where port 53 is used for send and receive, no other ports are used. o (option) to not send replies to clients after a timeout of (say 5 secs) has passed, but keep task active for later retries by client. -o private TTL feature -o pretend-dnssec-unaware, and pretend-edns-unaware modes for debug/workshops. +o (option) private TTL feature (always report TTL x in answers). +o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. -o reprime and refresh oft used data before timeout. -o retain prime results in a overlaid roothints file. -o store primed key data in a overlaid keyhints file (sort of like drafttimers). +o (option) reprime and refresh oft used data before timeout. +o (option) retain prime results in a overlaid roothints file. +o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). o windows version, auto update feature, a query to check for the version. -o autoreport of problems o command the server with TSIG inband. get-config, clearcache, get stats, get memstats, get ..., reload, clear one zone from cache o watch for spoof nearmisses. Keep counter of nearmisses and print that in the stats lines, operator can determine what level is a redalert. -o improve compression of DNS packets by first putting uncompressible rrs, then - compress to their rdata. Messes up the ordering of RRs, so bad for interop. o NSID rfc 5001 support. o timers rfc 5011 support. o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. -o grab ports nonconsequtive and change the set after a while (change within - a given range). Could be bad for OS if wrong port. unsure if it helps secure. o make timeout backoffs randomized (a couple percent random) to spread traffic. o inspect date on executable, then warn user in log if its more than 1 year. -o proactively prime root, stubs and trust anchors, feature. +o (option) proactively prime root, stubs and trust anchors, feature. early failure, faster on first query, but more traffic. -o use privilege separation, to change privilege options during reload securely - not needed. o On Windows use CryptGenRandom() to get random seed for arc4random. -o Think about intermediate firewalls dropping EDNS UDP & handling that. - detect nonEDNS middlebox by timeout on edns queries, and fallback to - nonEDNS when appropriate. o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. o library add function to get signature data (or whole reply message). o library add function to validate input from app that is signed. @@ -49,4 +38,4 @@ o support multiple dns messages in a TCP query stream for the unbound server. o SIG(0) and TSIG. o support OPT record placement on recv anywhere in the additional section. o add local-file: config with authority features. -o option to make local-data answers be secure for libunbound (default=no) +o (option) to make local-data answers be secure for libunbound (default=no) diff --git a/doc/unbound-host.1 b/doc/unbound-host.1 index 2085f85a2..b39f3e077 100644 --- a/doc/unbound-host.1 +++ b/doc/unbound-host.1 @@ -83,7 +83,8 @@ Uses the specified unbound.conf to prime .IR libunbound (3). .SH "EXAMPLES" .LP -Some examples of use. +Some examples of use. The keys shown below are fakes, thus a security failure +is encountered. .P $ unbound\-host www.example.com .P diff --git a/doc/unbound.conf.5 b/doc/unbound.conf.5 index c7576f713..3727fa77b 100644 --- a/doc/unbound.conf.5 +++ b/doc/unbound.conf.5 @@ -608,8 +608,9 @@ In the example config settings below memory usage is reduced. Some service levels are lower, notable very large data and a high TCP load are no longer supported. Very large data and high TCP loads are exceptional for the DNS. DNSSEC validation is enabled, just add trust anchors. -If you do not have to worry about programs using more than 1 meg of memory, -the below example is not for you. Use the defaults to receive full service. +If you do not have to worry about programs using more than 3 Mb of memory, +the below example is not for you. Use the defaults to receive full service, +which on BSD-32bit tops out at 30-40 Mb after heavy usage. .P .nf # example settings that reduce memory usage @@ -619,19 +620,19 @@ server: incoming\-num\-tcp: 1 outgoing\-range: 1 # uses less memory, but less port randomness. msg\-buffer\-size: 8192 # note this limits service, 'no huge stuff'. - msg\-cache\-size: 102400 # 100 Kb. + msg\-cache\-size: 100k msg\-cache\-slabs: 1 - rrset\-cache\-size: 102400 # 100 Kb. + rrset\-cache\-size: 100k rrset\-cache\-slabs: 1 infra\-cache\-numhosts: 200 - infra\-cache\-numlame: 10 - key\-cache\-size: 102400 # 100 Kb. + infra\-cache\-slabs: 1 + infra\-cache\-lame\-size: 1k + key\-cache\-size: 100k key\-cache\-slabs: 1 num\-queries\-per\-thread: 30 target\-fetch\-policy: "2 1 0 0 0 0" harden\-large\-queries: "yes" harden\-short\-bufsize: "yes" - do\-ip6: no # save a bit of memory if not used. .fi .SH "FILES" .TP -- 2.47.2