| 1 | INSTALLATION INSTRUCTIONS for GNU ADNS |
| 2 | |
| 3 | 1. Read the security note below. |
| 4 | |
| 5 | 2. Standard GNU package build process: |
| 6 | $ ./configure [--disable-dynamic] [--prefix=... ...] |
| 7 | $ make |
| 8 | # make install |
| 9 | |
| 10 | Unfortunately, there is no comprehensive documentation yet. For now, |
| 11 | use the comments in the public header file adns.h, and for the C |
| 12 | programs their usage messages. If you find this information |
| 13 | ambiguous, incomplete or wrong, please report it as a bug. |
| 14 | |
| 15 | |
| 16 | TESTED PLATFORMS |
| 17 | |
| 18 | The following platforms have been tested at at least some point and |
| 19 | should work - please report if they don't: |
| 20 | adns version OS |
| 21 | 1.0 Linux glibc 2.1 (actually tested on Debian 2.2) |
| 22 | 1.0 Solaris 2.6, 2.7, 2.8 [3] |
| 23 | 1.0 FreeBSD 3.2, 4.0 (no poll(2), so no adnsresfilter) |
| 24 | The following work, but only with --disable-dynamic: |
| 25 | 1.0 IRIX 6.5 *not* with GCC [1], [2] |
| 26 | 1.0 AIX 4.1.5 |
| 27 | 1.0 HP-UX 10.20, 11.00 |
| 28 | 1.1 Darwin (kernel 7.5.1) |
| 29 | Later versions of the same OS should work too. Usually entries in |
| 30 | this table mean adns passes its own regression test, when compiled |
| 31 | with GCC, and appears to install and run correctly. If you have more |
| 32 | information for this table please let me know. |
| 33 | |
| 34 | Notes/known problems: |
| 35 | [1] IRIX 6.5 inet_ntoa seems to break with GCC. |
| 36 | [2] The SGI IRIX compiler produces many spurious warnings. |
| 37 | [3] Dynamically linked, needs some help to find libadns.so.1.0. |
| 38 | |
| 39 | The following platforms are known to be deficient and will not work: |
| 40 | Solaris 2.5 Lacks vsnprintf - install glibc ? |
| 41 | TruUnix64 (DEC UNIX 4.0f) Lacks vsnprintf - install glibc ? |
| 42 | Please don't report these problems unless you have a nice, |
| 43 | straightforward solution or workaround for them. (I don't consider |
| 44 | including a `vsnprintf' implementation nice, so don't send me one.) |
| 45 | |
| 46 | |
| 47 | PORTABILITY INFORMATION |
| 48 | |
| 49 | You will find that adns requires a reasonably standard and up to date |
| 50 | system. Systems which are neither GNU nor UNIX are not supported. |
| 51 | |
| 52 | The build system assumes by default that you have ELF shared |
| 53 | libraries, and that the directory in which libadns.so.1 will be |
| 54 | installed is on your dynamic library search path. If your system |
| 55 | doesn't have ELF shared libraries then dynamic linking is not |
| 56 | supported by adns. Use the --disable-shared configure option. |
| 57 | Please don't send me patches to use libtool (which I dislike). |
| 58 | |
| 59 | Compilers other than GNU C should work, but are not well-tested. Feel |
| 60 | free to send me patches to improve the situation. However, the |
| 61 | Makefiles only know how to use GCC to make dynamic libraries. |
| 62 | |
| 63 | The adnsresfilter utility uses `tsearch' from the C library (a la SVID |
| 64 | and X/Open). If you don't have tsearch configure will arranges for |
| 65 | adnsresfilter not to be built. To fix this, install a C library |
| 66 | containing tsearch, such as the GNU C library. It is best if tsearch |
| 67 | uses an automatically-balancing tree algorithm, like the glibc version |
| 68 | does. Simple binary trees may perform badly. |
| 69 | |
| 70 | If you change the m4 input files in regress/ you may need GNU m4. |
| 71 | |
| 72 | You will probably find that GNU Make is required. |
| 73 | Please do not report this as a bug; install GNU Make instead. |
| 74 | |
| 75 | |
| 76 | SECURITY AND PERFORMANCE - AN IMPORTANT NOTE |
| 77 | |
| 78 | adns is not a `full-service resolver': it does no caching of responses |
| 79 | at all, and has no defence against bad nameservers or fake packets |
| 80 | which appear to come from your real nameservers. It relies on the |
| 81 | full-service resolvers listed in resolv.conf to handle these tasks. |
| 82 | |
| 83 | For secure and reasonable operation you MUST run a full-service |
| 84 | nameserver on the same system as your adns applications, or on the |
| 85 | same local, fully trusted network. You MUST only list such |
| 86 | nameservers in the adns configuration (eg resolv.conf). |
| 87 | |
| 88 | You MUST use a firewall or other means to block packets which appear |
| 89 | to come from these nameservers, but which were actually sent by other, |
| 90 | untrusted, entities. |
| 91 | |
| 92 | Furthermore, adns is not DNSSEC-aware in this version; it doesn't |
| 93 | understand even how to ask a DNSSEC-aware nameserver to perform the |
| 94 | DNSSEC cryptographic signature checking. |
| 95 | |
| 96 | |
| 97 | COPYRIGHT |
| 98 | |
| 99 | This file, INSTALL, contains installation instructions and other |
| 100 | details for adns. It is |
| 101 | Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk> |
| 102 | |
| 103 | adns is |
| 104 | Copyright (C) 1997-2000,2003,2006 Ian Jackson <ian@davenant.greenend.org.uk> |
| 105 | Copyright (C) 1999-2000,2003,2006 Tony Finch <dot@dotat.at> [1] |
| 106 | Copyright (C) 1991 Massachusetts Institute of Technology [2] |
| 107 | |
| 108 | adns is free software; you can redistribute it and/or modify it under |
| 109 | the terms of the GNU General Public License as published by the Free |
| 110 | Software Foundation; either version 2 of the License, or (at your |
| 111 | option) any later version. |
| 112 | |
| 113 | This program is distributed in the hope that it will be useful, but |
| 114 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 115 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 116 | General Public License for more details. |
| 117 | |
| 118 | You should have received a copy of the GNU General Public License |
| 119 | along with adns as the file COPYING; if not, email me at the address |
| 120 | above or write to the Free Software Foundation, 59 Temple Place - |
| 121 | Suite 330, Boston, MA 02111-1307, USA. |
| 122 | |
| 123 | [1] Tony Finch holds the original copyright on client/adnslogres.c, |
| 124 | client/adnsheloex.c and client/fanftest.c, and some modifications |
| 125 | to those files. |
| 126 | [2] MIT hold the original copyright on the included install-sh, |
| 127 | which came via GNU autoconf. |
| 128 | |
| 129 | |
| 130 | # Local variables: |
| 131 | # mode: text |
| 132 | # End: |