| 1 | INSTALLATION INSTRUCTIONS for ADNS |
| 2 | |
| 3 | 1. Read the security note below. |
| 4 | |
| 5 | 2. Standard GNU package build process: |
| 6 | $ ./configure |
| 7 | $ make |
| 8 | # make install |
| 9 | |
| 10 | Unfortunately, since this is a beta, there is no good documentation |
| 11 | yet. For now, use the comments in the public header file adns.h. |
| 12 | |
| 13 | |
| 14 | You will find that adns requires a reasonably standard and up to date |
| 15 | system. |
| 16 | |
| 17 | The following platforms have been tested at at least some point and |
| 18 | should work - please report if they don't: |
| 19 | [adns] OS |
| 20 | pre-1.0 Linux glibc 2.1 (actually tested on Debian 2.2). |
| 21 | pre-1.0 FreeBSD 3.2 |
| 22 | pre-1.0 Solaris 2.6, 2.7, 2.8 |
| 23 | pre-1.0 HP-UX 10.20, 11.00 |
| 24 | pre-1.0 IRIX 6.5 *not* with GCC [1], --disable-dynamic |
| 25 | Later versions of the same OS should work too. [adns] is the latest |
| 26 | version of adns that has been tested. Usually entries in this table |
| 27 | mean they pass adns's own regression test, when compiled with GCC. |
| 28 | Notes/known problems: |
| 29 | [1] IRIX 6.5 inet_ntoa seems to break with GCC. |
| 30 | |
| 31 | The following platforms are known to be deficient and will not work: |
| 32 | Solaris 2.5 Lacks vsnprintf |
| 33 | TruUnix64 (DEC UNIX 4.0f) Lacks vsnprintf |
| 34 | Please don't report these problems unless you have a nice, |
| 35 | straightforward solution or workaround for them. |
| 36 | |
| 37 | In particular, the build system assumes that you have ELF shared |
| 38 | libraries. If you don't then please don't send me patches to support |
| 39 | your kind of shared libraries, and don't send me patches to use |
| 40 | libtool. I'm not interested in supporting non-ELF shared libraries, |
| 41 | and I dislike libtool. If you do not have ELF shared libraries then |
| 42 | please use the --disable-shared configure option. |
| 43 | |
| 44 | The adnsresfilter utility uses `tsearch' from the C library (a la SVID |
| 45 | and X/Open). If your C library doesn't have tsearch you will find |
| 46 | that configure arranges for adnsresfilter not to be built. To rectify |
| 47 | this, install a C library containing tsearch, such as the GNU C |
| 48 | library. It is best if tsearch uses an automatically-balancing tree |
| 49 | algorithm, like the glibc version does. Simple binary trees may |
| 50 | perform badly. |
| 51 | |
| 52 | You will probably find that GNU Make is required. |
| 53 | |
| 54 | |
| 55 | SECURITY AND PERFORMANCE - AN IMPORTANT NOTE |
| 56 | |
| 57 | adns is not a full-service resolver. It does no caching of responses |
| 58 | at all, and has no defence against bad nameservers or fake packets |
| 59 | which appear to come from your real nameservers. It relies on the |
| 60 | full-service resolvers listed in resolv.conf to handle these tasks. |
| 61 | |
| 62 | For secure and reasonable operation you MUST run a full-service |
| 63 | nameserver on the same system as your adns applications, or on the |
| 64 | same local, fully trusted network. You MUST only list such |
| 65 | nameservers in the adns configuration (eg resolv.conf). |
| 66 | |
| 67 | You MUST use a firewall or other means to block packets which appear |
| 68 | to come from these nameservers, but which were actually sent by other, |
| 69 | untrusted, entities. |
| 70 | |
| 71 | Furthermore, adns is not DNSSEC-aware in this version; it doesn't |
| 72 | understand even how to ask a DNSSEC-aware nameserver to perform the |
| 73 | DNSSEC cryptographic signature checking. |
| 74 | |
| 75 | |
| 76 | COPYRIGHT |
| 77 | |
| 78 | This file, INSTALL, contains installation instructions and other |
| 79 | details for adns. It is |
| 80 | Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk> |
| 81 | |
| 82 | adns is |
| 83 | Copyright (C) 1997-2000 Ian Jackson <ian@davenant.greenend.org.uk> |
| 84 | Copyright (C) 1999 Tony Finch <dot@dotat.at> [1] |
| 85 | Copyright (C) 1991 Massachusetts Institute of Technology [2] |
| 86 | |
| 87 | adns is free software; you can redistribute it and/or modify it under |
| 88 | the terms of the GNU General Public License as published by the Free |
| 89 | Software Foundation; either version 2 of the License, or (at your |
| 90 | option) any later version. |
| 91 | |
| 92 | This program is distributed in the hope that it will be useful, but |
| 93 | WITHOUT ANY WARRANTY; without even the implied warranty of |
| 94 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 95 | General Public License for more details. |
| 96 | |
| 97 | You should have received a copy of the GNU General Public License |
| 98 | along with adns as the file COPYING; if not, email me at the address |
| 99 | above or write to the Free Software Foundation, 59 Temple Place - |
| 100 | Suite 330, Boston, MA 02111-1307, USA. |
| 101 | |
| 102 | [1] Tony Finch holds the original copyright on |
| 103 | client/adnslogres.c and client/fanftest.c. |
| 104 | [2] MIT hold the original copyright on the included install-sh, |
| 105 | which came via GNU autoconf. |
| 106 | |
| 107 | # Local variables: |
| 108 | # mode: text |
| 109 | # End: |