1*f5291493Sjmc.\" $OpenBSD: unwind.8,v 1.13 2023/02/21 07:47:24 jmc Exp $ 2018cebfbSflorian.\" 3018cebfbSflorian.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> 4018cebfbSflorian.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> 5018cebfbSflorian.\" 6018cebfbSflorian.\" Permission to use, copy, modify, and distribute this software for any 7018cebfbSflorian.\" purpose with or without fee is hereby granted, provided that the above 8018cebfbSflorian.\" copyright notice and this permission notice appear in all copies. 9018cebfbSflorian.\" 10018cebfbSflorian.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11018cebfbSflorian.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12018cebfbSflorian.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13018cebfbSflorian.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14018cebfbSflorian.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15018cebfbSflorian.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16018cebfbSflorian.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17018cebfbSflorian.\" 18*f5291493Sjmc.Dd $Mdocdate: February 21 2023 $ 19018cebfbSflorian.Dt UNWIND 8 20018cebfbSflorian.Os 21018cebfbSflorian.Sh NAME 22018cebfbSflorian.Nm unwind 23018cebfbSflorian.Nd validating DNS resolver 24018cebfbSflorian.Sh SYNOPSIS 25018cebfbSflorian.Nm 26018cebfbSflorian.Op Fl dnv 27018cebfbSflorian.Op Fl f Ar file 28018cebfbSflorian.Op Fl s Ar socket 29018cebfbSflorian.Sh DESCRIPTION 30018cebfbSflorian.Nm 31018cebfbSflorianis a validating DNS resolver. 32018cebfbSflorianIt is intended to run on client machines like workstations or laptops and only 33018cebfbSflorianlistens on localhost. 34*f5291493Sjmc.Pp 35018cebfbSflorian.Nm 36*f5291493Sjmcsends DNS queries to nameservers to answer queries. 37*f5291493SjmcIf it detects that DNS queries are blocked by the local network, 38*f5291493Sjmcit can switch to resolvers learned through autoconfiguration. 39018cebfbSflorianIt periodically probes if DNS is no longer blocked and switches back to 40018cebfbSflorianquerying nameservers itself. 41*f5291493SjmcA list of sources for proposals learned through autoconfiguration 42*f5291493Sjmcis documented in 43*f5291493Sjmc.Xr resolvd 8 . 44018cebfbSflorian.Pp 45b0f9fe49Ssolene.Nm 46b0f9fe49Ssolenekeeps the DNS answers in a cache shared by the different DNS name 47b0f9fe49Ssoleneserver types. 48b0f9fe49Ssolene.Nm 49b0f9fe49Ssolenemanages the cache size by deleting oldest entries when needed. 50b0f9fe49SsoleneThe cache is non-configurable and is lost upon process restart. 51b0f9fe49Ssolene.Pp 52f2cc1b42SlandryTo have 53018cebfbSflorian.Nm 54f2cc1b42Slandryenabled at boot time, use 55f2cc1b42Slandry.Dq rcctl enable unwind , 56f2cc1b42Slandrywhich sets 57018cebfbSflorian.Pp 58f2cc1b42Slandry.Dl unwind_flags=\(dq\(dq 59018cebfbSflorian.Pp 60f2cc1b42Slandryin 61f2cc1b42Slandry.Xr rc.conf.local 8 . 62018cebfbSflorian.Pp 63018cebfbSflorianA running 64018cebfbSflorian.Nm 65018cebfbSfloriancan be controlled with the 66018cebfbSflorian.Xr unwindctl 8 67018cebfbSflorianutility. 68018cebfbSflorian.Pp 69018cebfbSflorianThe options are as follows: 70018cebfbSflorian.Bl -tag -width Ds 71018cebfbSflorian.It Fl d 72018cebfbSflorianDo not daemonize. 73018cebfbSflorianIf this option is specified, 74018cebfbSflorian.Nm 75018cebfbSflorianwill run in the foreground and log to 76018cebfbSflorian.Em stderr . 77018cebfbSflorian.It Fl f Ar file 78018cebfbSflorianSpecify an alternative configuration file. 79018cebfbSflorian.It Fl n 80018cebfbSflorianConfigtest mode. 81018cebfbSflorianOnly check the configuration file for validity. 82018cebfbSflorian.It Fl s Ar socket 83018cebfbSflorianUse an alternate location for the default control socket. 84018cebfbSflorian.It Fl v 85018cebfbSflorianProduce more verbose output. 86018cebfbSflorianMultiple 87018cebfbSflorian.Fl v 88018cebfbSflorianoptions increase the verbosity. 89935c2f99SflorianDebug output from libunbound is only available when logging to 90935c2f99Sflorian.Em stderr . 91018cebfbSflorian.El 92018cebfbSflorian.Sh FILES 935738e84eSotto.Bl -tag -width "/var/db/unwind.keyXXX" -compact 94018cebfbSflorian.It Pa /etc/unwind.conf 95018cebfbSflorianDefault 96018cebfbSflorian.Nm 97018cebfbSflorianconfiguration file. 9890d56d5fSflorian.It Pa /var/db/unwind.key 99fdee2cadSflorianTrust anchor for DNSSEC validation. 1005738e84eSotto.It Pa /dev/unwind.sock 101018cebfbSflorian.Ux Ns -domain 102018cebfbSfloriansocket used for communication with 103018cebfbSflorian.Xr unwindctl 8 . 104018cebfbSflorian.El 105018cebfbSflorian.Sh SEE ALSO 106018cebfbSflorian.Xr unwind.conf 5 , 107018cebfbSflorian.Xr unbound 8 , 108018cebfbSflorian.Xr unwindctl 8 109018cebfbSflorian.Sh STANDARDS 110018cebfbSflorian.Rs 111018cebfbSflorian.%A P. Mockapetris 112018cebfbSflorian.%D November 1987 113018cebfbSflorian.%R RFC 1034 114018cebfbSflorian.%T DOMAIN NAMES - CONCEPTS AND FACILITIES 115018cebfbSflorian.Re 116018cebfbSflorian.Pp 117018cebfbSflorian.Rs 118018cebfbSflorian.%A P. Mockapetris 119018cebfbSflorian.%D November 1987 120018cebfbSflorian.%R RFC 1035 121018cebfbSflorian.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 122018cebfbSflorian.Re 123018cebfbSflorian.Sh HISTORY 124018cebfbSflorianThe 125018cebfbSflorian.Nm 126018cebfbSflorianprogram first appeared in 127018cebfbSflorian.Ox 6.5 . 128018cebfbSflorian.Sh AUTHORS 129018cebfbSflorian.An -nosplit 130018cebfbSflorianThe 131018cebfbSflorian.Nm 132018cebfbSflorianprogram was written by 133018cebfbSflorian.An Florian Obser Aq Mt florian@openbsd.org . 134