1.\" $OpenBSD: unwind.8,v 1.13 2023/02/21 07:47:24 jmc Exp $ 2.\" 3.\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> 4.\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: February 21 2023 $ 19.Dt UNWIND 8 20.Os 21.Sh NAME 22.Nm unwind 23.Nd validating DNS resolver 24.Sh SYNOPSIS 25.Nm 26.Op Fl dnv 27.Op Fl f Ar file 28.Op Fl s Ar socket 29.Sh DESCRIPTION 30.Nm 31is a validating DNS resolver. 32It is intended to run on client machines like workstations or laptops and only 33listens on localhost. 34.Pp 35.Nm 36sends DNS queries to nameservers to answer queries. 37If it detects that DNS queries are blocked by the local network, 38it can switch to resolvers learned through autoconfiguration. 39It periodically probes if DNS is no longer blocked and switches back to 40querying nameservers itself. 41A list of sources for proposals learned through autoconfiguration 42is documented in 43.Xr resolvd 8 . 44.Pp 45.Nm 46keeps the DNS answers in a cache shared by the different DNS name 47server types. 48.Nm 49manages the cache size by deleting oldest entries when needed. 50The cache is non-configurable and is lost upon process restart. 51.Pp 52To have 53.Nm 54enabled at boot time, use 55.Dq rcctl enable unwind , 56which sets 57.Pp 58.Dl unwind_flags=\(dq\(dq 59.Pp 60in 61.Xr rc.conf.local 8 . 62.Pp 63A running 64.Nm 65can be controlled with the 66.Xr unwindctl 8 67utility. 68.Pp 69The options are as follows: 70.Bl -tag -width Ds 71.It Fl d 72Do not daemonize. 73If this option is specified, 74.Nm 75will run in the foreground and log to 76.Em stderr . 77.It Fl f Ar file 78Specify an alternative configuration file. 79.It Fl n 80Configtest mode. 81Only check the configuration file for validity. 82.It Fl s Ar socket 83Use an alternate location for the default control socket. 84.It Fl v 85Produce more verbose output. 86Multiple 87.Fl v 88options increase the verbosity. 89Debug output from libunbound is only available when logging to 90.Em stderr . 91.El 92.Sh FILES 93.Bl -tag -width "/var/db/unwind.keyXXX" -compact 94.It Pa /etc/unwind.conf 95Default 96.Nm 97configuration file. 98.It Pa /var/db/unwind.key 99Trust anchor for DNSSEC validation. 100.It Pa /dev/unwind.sock 101.Ux Ns -domain 102socket used for communication with 103.Xr unwindctl 8 . 104.El 105.Sh SEE ALSO 106.Xr unwind.conf 5 , 107.Xr unbound 8 , 108.Xr unwindctl 8 109.Sh STANDARDS 110.Rs 111.%A P. Mockapetris 112.%D November 1987 113.%R RFC 1034 114.%T DOMAIN NAMES - CONCEPTS AND FACILITIES 115.Re 116.Pp 117.Rs 118.%A P. Mockapetris 119.%D November 1987 120.%R RFC 1035 121.%T DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION 122.Re 123.Sh HISTORY 124The 125.Nm 126program first appeared in 127.Ox 6.5 . 128.Sh AUTHORS 129.An -nosplit 130The 131.Nm 132program was written by 133.An Florian Obser Aq Mt florian@openbsd.org . 134