INSTALLATION INSTRUCTIONS for ADNS
+1. Read the security note below.
+
+2. Standard GNU package build process:
$ ./configure
$ make
# make install
You will find that adns requires a reasonably standard and up to date
system.
+The following platforms have been tested at at least some point and
+should work - please report if they don't:
+ [adns] OS
+ pre-1.0 Linux glibc 2.1 (actually tested on Debian 2.2).
+ pre-1.0 FreeBSD 3.2
+ pre-1.0 Solaris 2.6, 2.7, 2.8
+ pre-1.0 HP-UX 10.20, 11.00
+ pre-1.0 IRIX 6.5 *not* with GCC [1], --disable-dynamic
+ AIX no dynamic
+Later versions of the same OS should work too. [adns] is the latest
+version of adns that has been tested. Usually entries in this table
+mean they pass adns's own regression test, when compiled with GCC.
+Notes/known problems:
+ [1] IRIX 6.5 inet_ntoa seems to break with GCC.
+
+The following platforms are known to be deficient and will not work:
+ Solaris 2.5 Lacks vsnprintf - install glibc ?
+ TruUnix64 (DEC UNIX 4.0f) Lacks vsnprintf - install glibc ?
+Please don't report these problems unless you have a nice,
+straightforward solution or workaround for them.
+
In particular, the build system assumes that you have ELF shared
libraries. If you don't then please don't send me patches to support
your kind of shared libraries, and don't send me patches to use
-libtool. I'm not interested in supporting non-ELF shared libraries.
-However, if you send me an appropriate patch I'd be willing to make it
-easy or automatic to disable the ELF shared library arrangements.
+libtool. I'm not interested in supporting non-ELF shared libraries,
+and I dislike libtool. If you do not have ELF shared libraries then
+please use the --disable-shared configure option.
The adnsresfilter utility uses `tsearch' from the C library (a la SVID
and X/Open). If your C library doesn't have tsearch you will find
You will probably find that GNU Make is required.
+SECURITY AND PERFORMANCE - AN IMPORTANT NOTE
+
+adns is not a full-service resolver. It does no caching of responses
+at all, and has no defence against bad nameservers or fake packets
+which appear to come from your real nameservers. It relies on the
+full-service resolvers listed in resolv.conf to handle these tasks.
+
+For secure and reasonable operation you MUST run a full-service
+nameserver on the same system as your adns applications, or on the
+same local, fully trusted network. You MUST only list such
+nameservers in the adns configuration (eg resolv.conf).
+
+You MUST use a firewall or other means to block packets which appear
+to come from these nameservers, but which were actually sent by other,
+untrusted, entities.
+
+Furthermore, adns is not DNSSEC-aware in this version; it doesn't
+understand even how to ask a DNSSEC-aware nameserver to perform the
+DNSSEC cryptographic signature checking.
+
+
COPYRIGHT
This file, INSTALL, contains installation instructions and other
-details for adns.
+details for adns. It is
+ Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
adns is
- Copyright (C) 1997-1999 Ian Jackson <ian@davenant.greenend.org.uk>
- Copyright (C) 1999 Tony Finch <dot@dotat.at>
+ Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
+ Copyright (C) 1999 Tony Finch <dot@dotat.at> [1]
+ Copyright (C) 1991 Massachusetts Institute of Technology [2]
adns is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
General Public License for more details.
You should have received a copy of the GNU General Public License
-along with userv as the file COPYING; if not, email me at the address
+along with adns as the file COPYING; if not, email me at the address
above or write to the Free Software Foundation, 59 Temple Place -
Suite 330, Boston, MA 02111-1307, USA.
+[1] Tony Finch holds the original copyright on
+ client/adnslogres.c and client/fanftest.c.
+[2] MIT hold the original copyright on the included install-sh,
+ which came via GNU autoconf.
+
# Local variables:
# mode: text
# End:
~ianmdlvl / adns.git / blobdiff