[adns] / INSTALL

INSTALLATION INSTRUCTIONS for ADNS

1. Read the security note below.

2. Standard GNU package build process:
   $ ./configure
   $ make
   # make install

Unfortunately, since this is a beta, there is no good documentation
yet.  For now, use the comments in the public header file adns.h.


You will find that adns requires a reasonably standard and up to date
system.

In particular, the build system assumes that you have ELF shared
libraries.  If you don't then please don't send me patches to support
your kind of shared libraries, and don't send me patches to use
libtool.  I'm not interested in supporting non-ELF shared libraries.
However, if you send me an appropriate patch I'd be willing to make it
easy or automatic to disable the ELF shared library arrangements.

The adnsresfilter utility uses `tsearch' from the C library (a la SVID
and X/Open).  If your C library doesn't have tsearch you will find
that configure arranges for adnsresfilter not to be built.  To rectify
this, install a C library containing tsearch, such as the GNU C
library.  It is best if tsearch uses an automatically-balancing tree
algorithm, like the glibc version does.  Simple binary trees may
perform badly.

You will probably find that GNU Make is required.


IPv6 SUPPORT

If you build adns on a system without a definition for AF_INET6 in
<netinet/in.h>, you will (probably) still be able to do lookups for
IPv6 addresses, etc.  However, adns will do this by including the
header file adns-in6fake.h, which contains definitions of various
IPv6-related structures (those in RFC2133) which I have just made up.
They may not be the same as those which a later version of your system
actually includes, which means that the versions of adns built
before and after IPv6 support on your platform might not be binary
compatible - EVEN FOR PROGRAMS WHICH DO NOT DO IPv6 LOOKUPS !

On platforms with a `sa_len' field this feature will not work
properly.


SECURITY AND PERFORMANCE - AN IMPORTANT NOTE

adns is not a full-service resolver.  It does no caching of responses
at all, and has no defence against bad nameservers or fake packets
which appear to come from your real nameservers.  It relies on the
full-service resolvers listed in resolv.conf to handle these tasks.

For secure and reasonable operation you MUST run a full-service
nameserver on the same system as your adns applications, or on the
same local, fully trusted network.  You MUST only list such
nameservers in the adns configuration (eg resolv.conf).

You MUST use a firewall or other means to block packets which appear
to come from these nameservers, but which were actually sent by other,
untrusted, entities.

Furthermore, adns is not DNSSEC-aware in this version; it doesn't
understand even how to ask a DNSSEC-aware nameserver to perform the
DNSSEC cryptographic signature checking.


COPYRIGHT

This file, INSTALL, contains installation instructions and other
details for adns.

adns is
 Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
 Copyright (C) 1999 Tony Finch <dot@dotat.at>              [1]
 Copyright (C) 1991 Massachusetts Institute of Technology  [2]

adns is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with userv as the file COPYING; if not, email me at the address
above or write to the Free Software Foundation, 59 Temple Place -
Suite 330, Boston, MA 02111-1307, USA.

[1] Tony Finch holds the original copyright on
    client/adnslogres.c and client/fanftest.c.
[2] MIT hold the original copyright on the included install-sh,
    which came via GNU autoconf.

# Local variables:
# mode: text
# End:
Commit	Line	Data
95ecb688	1	INSTALLATION INSTRUCTIONS for ADNS
95ecb688	2
2b61beb8	3	1. Read the security note below.
	4
	5	2. Standard GNU package build process:
95ecb688	6	$ ./configure
	7	$ make
	8	# make install
	9
	10	Unfortunately, since this is a beta, there is no good documentation
	11	yet. For now, use the comments in the public header file adns.h.
	12
	13
	14	You will find that adns requires a reasonably standard and up to date
	15	system.
	16
	17	In particular, the build system assumes that you have ELF shared
	18	libraries. If you don't then please don't send me patches to support
	19	your kind of shared libraries, and don't send me patches to use
	20	libtool. I'm not interested in supporting non-ELF shared libraries.
	21	However, if you send me an appropriate patch I'd be willing to make it
	22	easy or automatic to disable the ELF shared library arrangements.
	23
9a09fa18	24	The adnsresfilter utility uses `tsearch' from the C library (a la SVID
	25	and X/Open). If your C library doesn't have tsearch you will find
	26	that configure arranges for adnsresfilter not to be built. To rectify
	27	this, install a C library containing tsearch, such as the GNU C
	28	library. It is best if tsearch uses an automatically-balancing tree
	29	algorithm, like the glibc version does. Simple binary trees may
	30	perform badly.
	31
e39ec089	32	You will probably find that GNU Make is required.
95ecb688	33
95ecb688	34
0d417fc2	35	IPv6 SUPPORT
	36
	37	If you build adns on a system without a definition for AF_INET6 in
	38	<netinet/in.h>, you will (probably) still be able to do lookups for
	39	IPv6 addresses, etc. However, adns will do this by including the
	40	header file adns-in6fake.h, which contains definitions of various
	41	IPv6-related structures (those in RFC2133) which I have just made up.
	42	They may not be the same as those which a later version of your system
	43	actually includes, which means that the versions of adns built
	44	before and after IPv6 support on your platform might not be binary
	45	compatible - EVEN FOR PROGRAMS WHICH DO NOT DO IPv6 LOOKUPS !
	46
	47	On platforms with a `sa_len' field this feature will not work
	48	properly.
	49
	50
2b61beb8	51	SECURITY AND PERFORMANCE - AN IMPORTANT NOTE
	52
	53	adns is not a full-service resolver. It does no caching of responses
	54	at all, and has no defence against bad nameservers or fake packets
	55	which appear to come from your real nameservers. It relies on the
	56	full-service resolvers listed in resolv.conf to handle these tasks.
	57
	58	For secure and reasonable operation you MUST run a full-service
	59	nameserver on the same system as your adns applications, or on the
	60	same local, fully trusted network. You MUST only list such
	61	nameservers in the adns configuration (eg resolv.conf).
	62
	63	You MUST use a firewall or other means to block packets which appear
	64	to come from these nameservers, but which were actually sent by other,
	65	untrusted, entities.
	66
	67	Furthermore, adns is not DNSSEC-aware in this version; it doesn't
	68	understand even how to ask a DNSSEC-aware nameserver to perform the
	69	DNSSEC cryptographic signature checking.
	70
	71
95ecb688	72	COPYRIGHT
	73
	74	This file, INSTALL, contains installation instructions and other
	75	details for adns.
	76
d942707d	77	adns is
d0bed398	78	Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk>
	79	Copyright (C) 1999 Tony Finch <dot@dotat.at> [1]
	80	Copyright (C) 1991 Massachusetts Institute of Technology [2]
95ecb688	81
	82	adns is free software; you can redistribute it and/or modify it under
	83	the terms of the GNU General Public License as published by the Free
	84	Software Foundation; either version 2 of the License, or (at your
	85	option) any later version.
	86
	87	This program is distributed in the hope that it will be useful, but
	88	WITHOUT ANY WARRANTY; without even the implied warranty of
	89	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	90	General Public License for more details.
	91
	92	You should have received a copy of the GNU General Public License
	93	along with userv as the file COPYING; if not, email me at the address
	94	above or write to the Free Software Foundation, 59 Temple Place -
	95	Suite 330, Boston, MA 02111-1307, USA.
9a09fa18	96
d0bed398	97	[1] Tony Finch holds the original copyright on
	98	client/adnslogres.c and client/fanftest.c.
	99	[2] MIT hold the original copyright on the included install-sh,
	100	which came via GNU autoconf.
	101
9a09fa18	102	# Local variables:
	103	# mode: text
	104	# End: