[adns] / INSTALL

INSTALLATION INSTRUCTIONS for ADNS

1. Read the security note below.

2. Standard GNU package build process:
   $ ./configure
   $ make
   # make install

Unfortunately, since this is a beta, there is no good documentation
yet.  For now, use the comments in the public header file adns.h.


You will find that adns requires a reasonably standard and up to date
system.

In particular, the build system assumes that you have ELF shared
libraries.  If you don't then please don't send me patches to support
your kind of shared libraries, and don't send me patches to use
libtool.  I'm not interested in supporting non-ELF shared libraries.
However, if you send me an appropriate patch I'd be willing to make it
easy or automatic to disable the ELF shared library arrangements.

The adnsresfilter utility uses `tsearch' from the C library (a la SVID
and X/Open).  If your C library doesn't have tsearch you will find
that configure arranges for adnsresfilter not to be built.  To rectify
this, install a C library containing tsearch, such as the GNU C
library.  It is best if tsearch uses an automatically-balancing tree
algorithm, like the glibc version does.  Simple binary trees may
perform badly.

You will probably find that GNU Make is required.


SECURITY AND PERFORMANCE - AN IMPORTANT NOTE

adns is not a full-service resolver.  It does no caching of responses
at all, and has no defence against bad nameservers or fake packets
which appear to come from your real nameservers.  It relies on the
full-service resolvers listed in resolv.conf to handle these tasks.

For secure and reasonable operation you MUST run a full-service
nameserver on the same system as your adns applications, or on the
same local, fully trusted network.  You MUST only list such
nameservers in the adns configuration (eg resolv.conf).

You MUST use a firewall or other means to block packets which appear
to come from these nameservers, but which were actually sent by other,
untrusted, entities.

Furthermore, adns is not DNSSEC-aware in this version; it doesn't
understand even how to ask a DNSSEC-aware nameserver to perform the
DNSSEC cryptographic signature checking.


COPYRIGHT

This file, INSTALL, contains installation instructions and other
details for adns.

adns is
 Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
 Copyright (C) 1999 Tony Finch <dot@dotat.at>              [1]
 Copyright (C) 1991 Massachusetts Institute of Technology  [2]

adns is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with userv as the file COPYING; if not, email me at the address
above or write to the Free Software Foundation, 59 Temple Place -
Suite 330, Boston, MA 02111-1307, USA.

[1] Tony Finch holds the original copyright on
    client/adnslogres.c and client/fanftest.c.
[2] MIT hold the original copyright on the included install-sh,
    which came via GNU autoconf.

# Local variables:
# mode: text
# End:
Commit	Line	Data
95ecb688	1	INSTALLATION INSTRUCTIONS for ADNS
95ecb688	2
2b61beb8	3	1. Read the security note below.
	4
	5	2. Standard GNU package build process:
95ecb688	6	$ ./configure
	7	$ make
	8	# make install
	9
	10	Unfortunately, since this is a beta, there is no good documentation
	11	yet. For now, use the comments in the public header file adns.h.
	12
	13
	14	You will find that adns requires a reasonably standard and up to date
	15	system.
	16
	17	In particular, the build system assumes that you have ELF shared
	18	libraries. If you don't then please don't send me patches to support
	19	your kind of shared libraries, and don't send me patches to use
	20	libtool. I'm not interested in supporting non-ELF shared libraries.
	21	However, if you send me an appropriate patch I'd be willing to make it
	22	easy or automatic to disable the ELF shared library arrangements.
	23
9a09fa18	24	The adnsresfilter utility uses `tsearch' from the C library (a la SVID
	25	and X/Open). If your C library doesn't have tsearch you will find
	26	that configure arranges for adnsresfilter not to be built. To rectify
	27	this, install a C library containing tsearch, such as the GNU C
	28	library. It is best if tsearch uses an automatically-balancing tree
	29	algorithm, like the glibc version does. Simple binary trees may
	30	perform badly.
	31
e39ec089	32	You will probably find that GNU Make is required.
95ecb688	33
95ecb688	34
2b61beb8	35	SECURITY AND PERFORMANCE - AN IMPORTANT NOTE
	36
	37	adns is not a full-service resolver. It does no caching of responses
	38	at all, and has no defence against bad nameservers or fake packets
	39	which appear to come from your real nameservers. It relies on the
	40	full-service resolvers listed in resolv.conf to handle these tasks.
	41
	42	For secure and reasonable operation you MUST run a full-service
	43	nameserver on the same system as your adns applications, or on the
	44	same local, fully trusted network. You MUST only list such
	45	nameservers in the adns configuration (eg resolv.conf).
	46
	47	You MUST use a firewall or other means to block packets which appear
	48	to come from these nameservers, but which were actually sent by other,
	49	untrusted, entities.
	50
	51	Furthermore, adns is not DNSSEC-aware in this version; it doesn't
	52	understand even how to ask a DNSSEC-aware nameserver to perform the
	53	DNSSEC cryptographic signature checking.
	54
	55
95ecb688	56	COPYRIGHT
	57
	58	This file, INSTALL, contains installation instructions and other
	59	details for adns.
	60
d942707d	61	adns is
d0bed398	62	Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
	63	Copyright (C) 1999 Tony Finch <dot@dotat.at> [1]
	64	Copyright (C) 1991 Massachusetts Institute of Technology [2]
95ecb688	65
	66	adns is free software; you can redistribute it and/or modify it under
	67	the terms of the GNU General Public License as published by the Free
	68	Software Foundation; either version 2 of the License, or (at your
	69	option) any later version.
	70
	71	This program is distributed in the hope that it will be useful, but
	72	WITHOUT ANY WARRANTY; without even the implied warranty of
	73	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	74	General Public License for more details.
	75
	76	You should have received a copy of the GNU General Public License
	77	along with userv as the file COPYING; if not, email me at the address
	78	above or write to the Free Software Foundation, 59 Temple Place -
	79	Suite 330, Boston, MA 02111-1307, USA.
9a09fa18	80
d0bed398	81	[1] Tony Finch holds the original copyright on
	82	client/adnslogres.c and client/fanftest.c.
	83	[2] MIT hold the original copyright on the included install-sh,
	84	which came via GNU autoconf.
	85
9a09fa18	86	# Local variables:
	87	# mode: text
	88	# End: