95ecb688 |
1 | INSTALLATION INSTRUCTIONS for ADNS |
2 | |
2b61beb8 |
3 | 1. Read the security note below. |
4 | |
5 | 2. Standard GNU package build process: |
95ecb688 |
6 | $ ./configure |
7 | $ make |
8 | # make install |
9 | |
10 | Unfortunately, since this is a beta, there is no good documentation |
11 | yet. For now, use the comments in the public header file adns.h. |
12 | |
13 | |
14 | You will find that adns requires a reasonably standard and up to date |
15 | system. |
16 | |
17 | In particular, the build system assumes that you have ELF shared |
18 | libraries. If you don't then please don't send me patches to support |
19 | your kind of shared libraries, and don't send me patches to use |
20 | libtool. I'm not interested in supporting non-ELF shared libraries. |
21 | However, if you send me an appropriate patch I'd be willing to make it |
22 | easy or automatic to disable the ELF shared library arrangements. |
23 | |
9a09fa18 |
24 | The adnsresfilter utility uses `tsearch' from the C library (a la SVID |
25 | and X/Open). If your C library doesn't have tsearch you will find |
26 | that configure arranges for adnsresfilter not to be built. To rectify |
27 | this, install a C library containing tsearch, such as the GNU C |
28 | library. It is best if tsearch uses an automatically-balancing tree |
29 | algorithm, like the glibc version does. Simple binary trees may |
30 | perform badly. |
31 | |
e39ec089 |
32 | You will probably find that GNU Make is required. |
95ecb688 |
33 | |
34 | |
2b61beb8 |
35 | SECURITY AND PERFORMANCE - AN IMPORTANT NOTE |
36 | |
37 | adns is not a full-service resolver. It does no caching of responses |
38 | at all, and has no defence against bad nameservers or fake packets |
39 | which appear to come from your real nameservers. It relies on the |
40 | full-service resolvers listed in resolv.conf to handle these tasks. |
41 | |
42 | For secure and reasonable operation you MUST run a full-service |
43 | nameserver on the same system as your adns applications, or on the |
44 | same local, fully trusted network. You MUST only list such |
45 | nameservers in the adns configuration (eg resolv.conf). |
46 | |
47 | You MUST use a firewall or other means to block packets which appear |
48 | to come from these nameservers, but which were actually sent by other, |
49 | untrusted, entities. |
50 | |
51 | Furthermore, adns is not DNSSEC-aware in this version; it doesn't |
52 | understand even how to ask a DNSSEC-aware nameserver to perform the |
53 | DNSSEC cryptographic signature checking. |
54 | |
55 | |
95ecb688 |
56 | COPYRIGHT |
57 | |
58 | This file, INSTALL, contains installation instructions and other |
59 | details for adns. |
60 | |
d942707d |
61 | adns is |
d0bed398 |
62 | Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk> |
63 | Copyright (C) 1999 Tony Finch <dot@dotat.at> [1] |
64 | Copyright (C) 1991 Massachusetts Institute of Technology [2] |
95ecb688 |
65 | |
66 | adns is free software; you can redistribute it and/or modify it under |
67 | the terms of the GNU General Public License as published by the Free |
68 | Software Foundation; either version 2 of the License, or (at your |
69 | option) any later version. |
70 | |
71 | This program is distributed in the hope that it will be useful, but |
72 | WITHOUT ANY WARRANTY; without even the implied warranty of |
73 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
74 | General Public License for more details. |
75 | |
76 | You should have received a copy of the GNU General Public License |
77 | along with userv as the file COPYING; if not, email me at the address |
78 | above or write to the Free Software Foundation, 59 Temple Place - |
79 | Suite 330, Boston, MA 02111-1307, USA. |
9a09fa18 |
80 | |
d0bed398 |
81 | [1] Tony Finch holds the original copyright on |
82 | client/adnslogres.c and client/fanftest.c. |
83 | [2] MIT hold the original copyright on the included install-sh, |
84 | which came via GNU autoconf. |
85 | |
9a09fa18 |
86 | # Local variables: |
87 | # mode: text |
88 | # End: |