INSTALLATION INSTRUCTIONS for GNU ADNS 1. Read the security note below. 2. Standard GNU package build process: $ ./configure [--disable-dynamic] [--prefix=... ...] $ make # make install Unfortunately, there is no comprehensive documentation yet. For now, use the comments in the public header file adns.h, and for the C programs their usage messages. If you find this information ambiguous, incomplete or wrong, please report it as a bug. TESTED PLATFORMS The following platforms have been tested at at least some point and should work - please report if they don't: adns version OS 1.0 Linux glibc 2.1 (actually tested on Debian 2.2) 1.0 Solaris 2.6, 2.7, 2.8 [3] 1.0 FreeBSD 3.2, 4.0 (no poll(2), so no adnsresfilter) The following work, but only with --disable-dynamic: 1.0 IRIX 6.5 *not* with GCC [1], [2] 1.0 AIX 4.1.5 1.0 HP-UX 10.20, 11.00 1.1 Darwin (kernel 7.5.1) Later versions of the same OS should work too. Usually entries in this table mean adns passes its own regression test, when compiled with GCC, and appears to install and run correctly. If you have more information for this table please let me know. Notes/known problems: [1] IRIX 6.5 inet_ntoa seems to break with GCC. [2] The SGI IRIX compiler produces many spurious warnings. [3] Dynamically linked, needs some help to find libadns.so.1.0. The following platforms are known to be deficient and will not work: Solaris 2.5 Lacks vsnprintf - install glibc ? TruUnix64 (DEC UNIX 4.0f) Lacks vsnprintf - install glibc ? Please don't report these problems unless you have a nice, straightforward solution or workaround for them. (I don't consider including a `vsnprintf' implementation nice, so don't send me one.) PORTABILITY INFORMATION You will find that adns requires a reasonably standard and up to date system. Systems which are neither GNU nor UNIX are not supported. The build system assumes by default that you have ELF shared libraries, and that the directory in which libadns.so.1 will be installed is on your dynamic library search path. If your system doesn't have ELF shared libraries then dynamic linking is not supported by adns. Use the --disable-shared configure option. Please don't send me patches to use libtool (which I dislike). Compilers other than GNU C should work, but are not well-tested. Feel free to send me patches to improve the situation. However, the Makefiles only know how to use GCC to make dynamic libraries. The adnsresfilter utility uses `tsearch' from the C library (a la SVID and X/Open). If you don't have tsearch configure will arranges for adnsresfilter not to be built. To fix this, install a C library containing tsearch, such as the GNU C library. It is best if tsearch uses an automatically-balancing tree algorithm, like the glibc version does. Simple binary trees may perform badly. If you change the m4 input files in regress/ you may need GNU m4. You will probably find that GNU Make is required. Please do not report this as a bug; install GNU Make instead. SECURITY AND PERFORMANCE - AN IMPORTANT NOTE adns is not a `full-service resolver': it does no caching of responses at all, and has no defence against bad nameservers or fake packets which appear to come from your real nameservers. It relies on the full-service resolvers listed in resolv.conf to handle these tasks. For secure and reasonable operation you MUST run a full-service nameserver on the same system as your adns applications, or on the same local, fully trusted network. You MUST only list such nameservers in the adns configuration (eg resolv.conf). You MUST use a firewall or other means to block packets which appear to come from these nameservers, but which were actually sent by other, untrusted, entities. Furthermore, adns is not DNSSEC-aware in this version; it doesn't understand even how to ask a DNSSEC-aware nameserver to perform the DNSSEC cryptographic signature checking. COPYRIGHT This file, INSTALL, contains installation instructions and other details for adns. It is Copyright (C) 1997-2000 Ian Jackson adns is Copyright (C) 1997-2000,2003,2006 Ian Jackson Copyright (C) 1999-2000,2003,2006 Tony Finch [1] Copyright (C) 1991 Massachusetts Institute of Technology [2] adns is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with adns as the file COPYING; if not, email me at the address above or write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. [1] Tony Finch holds the original copyright on client/adnslogres.c, client/adnsheloex.c and client/fanftest.c, and some modifications to those files. [2] MIT hold the original copyright on the included install-sh, which came via GNU autoconf. # Local variables: # mode: text # End: