X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=INSTALL;h=3731075ef5b330b52c26a7bf23d7be80943e56ea;hb=4423286d19442eb201eb4b63f7ff1877da665f9e;hp=64075d065f602519d24d1afb56bba0b4cc9c61b0;hpb=95ecb6887802fd6f51da559e8c740a494625bf2a;p=adns.git diff --git a/INSTALL b/INSTALL index 64075d0..3731075 100644 --- a/INSTALL +++ b/INSTALL @@ -1,5 +1,8 @@ INSTALLATION INSTRUCTIONS for ADNS +1. Read the security note below. + +2. Standard GNU package build process: $ ./configure $ make # make install @@ -18,15 +21,48 @@ libtool. I'm not interested in supporting non-ELF shared libraries. However, if you send me an appropriate patch I'd be willing to make it easy or automatic to disable the ELF shared library arrangements. -You may find that GNU Make is required. +The adnsresfilter utility uses `tsearch' from the C library (a la SVID +and X/Open). If your C library doesn't have tsearch you will find +that configure arranges for adnsresfilter not to be built. To rectify +this, install a C library containing tsearch, such as the GNU C +library. It is best if tsearch uses an automatically-balancing tree +algorithm, like the glibc version does. Simple binary trees may +perform badly. + +You will probably find that GNU Make is required. + + +SECURITY AND PERFORMANCE - AN IMPORTANT NOTE + +adns is not a full-service resolver. It does no caching of responses +at all, and has no defence against bad nameservers or fake packets +which appear to come from your real nameservers. It relies on the +full-service resolvers listed in resolv.conf to handle these tasks. + +For secure and reasonable operation you MUST run a full-service +nameserver on the same system as your adns applications, or on the +same local, fully trusted network. You MUST only list such +nameservers in the adns configuration (eg resolv.conf). + +You MUST use a firewall or other means to block packets which appear +to come from these nameservers, but which were actually sent by other, +untrusted, entities. + +Furthermore, adns is not DNSSEC-aware in this version; it doesn't +understand even how to ask a DNSSEC-aware nameserver to perform the +DNSSEC cryptographic signature checking. COPYRIGHT This file, INSTALL, contains installation instructions and other -details for adns. +details for adns. It is + Copyright (C) 1997-2000 Ian Jackson -adns is Copyright (C)1997-9 Ian Jackson . +adns is + Copyright (C) 1997-2000 Ian Jackson + Copyright (C) 1999 Tony Finch [1] + Copyright (C) 1991 Massachusetts Institute of Technology [2] adns is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free @@ -39,6 +75,15 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with userv as the file COPYING; if not, email me at the address +along with adns as the file COPYING; if not, email me at the address above or write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +[1] Tony Finch holds the original copyright on + client/adnslogres.c and client/fanftest.c. +[2] MIT hold the original copyright on the included install-sh, + which came via GNU autoconf. + +# Local variables: +# mode: text +# End: