[apple/network_cmds.git] / unbound / doc / libunbound.3.in

.TH "libunbound" "3" "Dec  8, 2014" "NLnet Labs" "unbound 1.5.1"
.\"
.\" libunbound.3 -- unbound library functions manual
.\"
.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
.\"
.\" See LICENSE for the license.
.\"
.\"
.SH "NAME"
.B libunbound,
.B unbound.h,
.B ub_ctx,
.B ub_result,
.B ub_callback_t,
.B ub_ctx_create,
.B ub_ctx_delete,
.B ub_ctx_set_option,
.B ub_ctx_get_option,
.B ub_ctx_config,
.B ub_ctx_set_fwd,
.B ub_ctx_resolvconf,
.B ub_ctx_hosts,
.B ub_ctx_add_ta,
.B ub_ctx_add_ta_autr,
.B ub_ctx_add_ta_file,
.B ub_ctx_trustedkeys,
.B ub_ctx_debugout,
.B ub_ctx_debuglevel,
.B ub_ctx_async,
.B ub_poll,
.B ub_wait,
.B ub_fd,
.B ub_process,
.B ub_resolve,
.B ub_resolve_async,
.B ub_cancel,
.B ub_resolve_free,
.B ub_strerror,
.B ub_ctx_print_local_zones,
.B ub_ctx_zone_add,
.B ub_ctx_zone_remove,
.B ub_ctx_data_add,
.B ub_ctx_data_remove
\- Unbound DNS validating resolver 1.5.1 functions.
.SH "SYNOPSIS"
.B #include <unbound.h>
.LP
\fIstruct ub_ctx *\fR
\fBub_ctx_create\fR(\fIvoid\fR);
.LP
\fIvoid\fR
\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val);
.LP
\fIint\fR
\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val);
.LP
\fIint\fR
\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr);
.LP
\fIint\fR
\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
.LP
\fIint\fR
\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out);
.LP
\fIint\fR
\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
.LP
\fIint\fR
\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
.LP
\fIint\fR
\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
.br
           \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
.LP
\fIint\fR
\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
.br
                 \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, 
.br
                 \fIub_callback_t\fR callback, \fIint*\fR async_id);
.LP
\fIint\fR
\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
.LP
\fIvoid\fR
\fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
.LP
\fIconst char *\fR
\fBub_strerror\fR(\fIint\fR err);
.LP
\fIint\fR
\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
.LP
\fIint\fR
\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type);
.LP
\fIint\fR
\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name);
.LP
\fIint\fR
\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
.LP
\fIint\fR
\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
.SH "DESCRIPTION"
.B Unbound 
is an implementation of a DNS resolver, that does caching and 
DNSSEC validation. This is the library API, for using the \-lunbound library.
The server daemon is described in \fIunbound\fR(8).
The library can be used to convert hostnames to ip addresses, and back,
and obtain other information from the DNS. The library performs public\-key
validation of results with DNSSEC.
.P
The library uses a variable of type \fIstruct ub_ctx\fR to keep context
between calls. The user must maintain it, creating it with
.B ub_ctx_create
and deleting it with
.B ub_ctx_delete\fR.
It can be created and deleted at any time. Creating it anew removes any 
previous configuration (such as trusted keys) and clears any cached results.
.P
The functions are thread\-safe, and a context an be used in a threaded (as 
well as in a non\-threaded) environment. Also resolution (and validation) 
can be performed blocking and non\-blocking (also called asynchronous). 
The async method returns from the call immediately, so that processing 
can go on, while the results become available later. 
.P
The functions are discussed in turn below.
.SH "FUNCTIONS"
.TP 
.B ub_ctx_create
Create a new context, initialised with defaults.
The information from /etc/resolv.conf and /etc/hosts is not utilised 
by default. Use 
.B ub_ctx_resolvconf
and
.B ub_ctx_hosts
to read them.
Before you call this, use the openssl functions CRYPTO_set_id_callback and
CRYPTO_set_locking_callback to set up asyncronous operation if you use
lib openssl (the application calls these functions once for initialisation).
.TP
.B ub_ctx_delete
Delete validation context and free associated resources.
Outstanding async queries are killed and callbacks are not called for them.
.TP
.B ub_ctx_set_option
A power\-user interface that lets you specify one of the options from the
config file format, see \fIunbound.conf\fR(5). Not all options are
relevant. For some specific options, such as adding trust anchors, special
routines exist. Pass the option name with the trailing ':'.
.TP
.B ub_ctx_get_option
A power\-user interface that gets an option value.  Some options cannot be
gotten, and others return a newline separated list.  Pass the option name
without trailing ':'.  The returned value must be free(2)d by the caller.
.TP
.B ub_ctx_config
A power\-user interface that lets you specify an unbound config file, see
\fIunbound.conf\fR(5), which is read for configuration. Not all options are
relevant. For some specific options, such as adding trust anchors, special
routines exist.
.TP
.B ub_ctx_set_fwd
Set machine to forward DNS queries to, the caching resolver to use. 
IP4 or IP6 address. Forwards all DNS requests to that machine, which 
is expected to run a recursive resolver. If the proxy is not 
DNSSEC capable, validation may fail. Can be called several times, in 
that case the addresses are used as backup servers.
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_resolvconf
By default the root servers are queried and full resolver mode is used, but
you can use this call to read the list of nameservers to use from the
filename given.
Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
If they do not support DNSSEC, validation may fail.
Only nameservers are picked up, the searchdomain, ndots and other
settings from \fIresolv.conf\fR(5) are ignored.
If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, 
the system\-wide configured nameserver is picked instead).
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_hosts
Read list of hosts from the filename given.
Usually "/etc/hosts". When queried for, these addresses are not marked 
DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used 
(if on Windows, etc/hosts from WINDIR is picked instead).
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B
ub_ctx_add_ta
Add a trust anchor to the given context.
At this time it is only possible to add trusted keys before the
first resolve is done.
The format is a string, similar to the zone\-file format,
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
.TP
.B ub_ctx_add_ta_autr
Add filename with automatically tracked trust anchor to the given context.
Pass name of a file with the managed trust anchor.  You can create this
file with \fIunbound\-anchor\fR(8) for the root anchor.  You can also
create it with an initial file with one line with a DNSKEY or DS record.
If the file is writable, it is updated when the trust anchor changes.
At this time it is only possible to add trusted keys before the
first resolve is done.
.TP
.B ub_ctx_add_ta_file
Add trust anchors to the given context.
Pass name of a file with DS and DNSKEY records in zone file format.
At this time it is only possible to add trusted keys before the
first resolve is done.
.TP
.B ub_ctx_trustedkeys
Add trust anchors to the given context.
Pass the name of a bind\-style config file with trusted\-keys{}.
At this time it is only possible to add trusted keys before the
first resolve is done.
.TP
.B ub_ctx_debugout
Set debug and error log output to the given stream. Pass NULL to disable
output. Default is stderr. File\-names or using syslog can be enabled
using config options, this routine is for using your own stream.
.TP
.B ub_ctx_debuglevel
Set debug verbosity for the context. Output is directed to stderr.
Higher debug level gives more output.
.TP
.B ub_ctx_async
Set a context behaviour for asynchronous action.
if set to true, enables threading and a call to 
.B ub_resolve_async 
creates a thread to handle work in the background.
If false, a process is forked to handle work in the background.
Changes to this setting after 
.B ub_resolve_async 
calls have been made have no effect (delete and re\-create the context 
to change).
.TP
.B ub_poll
Poll a context to see if it has any new results.
Do not poll in a loop, instead extract the fd below to poll for readiness,
and then check, or wait using the wait routine.
Returns 0 if nothing to read, or nonzero if a result is available.
If nonzero, call 
.B ub_process 
to do callbacks.
.TP
.B ub_wait
Wait for a context to finish with results. Calls 
.B ub_process 
after the wait for you. After the wait, there are no more outstanding 
asynchronous queries.
.TP
.B ub_fd
Get file descriptor. Wait for it to become readable, at this point
answers are returned from the asynchronous validating resolver.
Then call the \fBub_process\fR to continue processing.
.TP
.B ub_process
Call this routine to continue processing results from the validating
resolver (when the fd becomes readable).
Will perform necessary callbacks.
.TP
.B ub_resolve
Perform resolution and validation of the target name.
The name is a domain name in a zero terminated text string.
The rrtype and rrclass are DNS type and class codes.
The result structure is newly allocated with the resulting data.
.TP
.B ub_resolve_async
Perform asynchronous resolution and validation of the target name.
Arguments mean the same as for \fBub_resolve\fR except no
data is returned immediately, instead a callback is called later.
The callback receives a copy of the mydata pointer, that you can use to pass
information to the callback. The callback type is a function pointer to
a function declared as
.IP
void my_callback_function(void* my_arg, int err, 
.br
                  struct ub_result* result);
.IP
The async_id is returned so you can (at your option) decide to track it
and cancel the request if needed.  If you pass a NULL pointer the async_id
is not returned. 
.TP
.B ub_cancel
Cancel an async query in progress.  This may return an error if the query
does not exist, or the query is already being delivered, in that case you 
may still get a callback for the query.
.TP
.B ub_resolve_free
Free struct ub_result contents after use.
.TP
.B ub_strerror
Convert error value from one of the unbound library functions 
to a human readable string.
.TP
.B ub_ctx_print_local_zones
Debug printout the local authority information to debug output.
.TP
.B ub_ctx_zone_add
Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) 
statement.
.TP
.B ub_ctx_zone_remove
Delete zone from local authority info.
.TP
.B ub_ctx_data_add
Add resource record data to local authority info, like local\-data
\fIunbound.conf\fR(5) statement.
.TP
.B ub_ctx_data_remove
Delete local authority data from the name given.
.SH "RESULT DATA STRUCTURE"
The result of the DNS resolution and validation is returned as 
\fIstruct ub_result\fR. The result structure contains the following entries.
.P
.nf
	struct ub_result {
		char* qname; /* text string, original question */
		int qtype;   /* type code asked for */
		int qclass;  /* class code asked for */
		char** data; /* array of rdata items, NULL terminated*/
		int* len;    /* array with lengths of rdata items */
		char* canonname; /* canonical name of result */
		int rcode;   /* additional error code in case of no data */
		void* answer_packet; /* full network format answer packet */
		int answer_len; /* length of packet in octets */
		int havedata; /* true if there is data */
		int nxdomain; /* true if nodata because name does not exist */
		int secure;  /* true if result is secure */
		int bogus;   /* true if a security failure happened */
		char* why_bogus; /* string with error if bogus */
		int ttl;     /* number of seconds the result is valid */
	};
.fi
.P
If both secure and bogus are false, security was not enabled for the 
domain of the query.  Else, they are not both true, one of them is true.
.SH "RETURN VALUES"
Many routines return an error code. The value 0 (zero) denotes no error
happened. Other values can be passed to
.B ub_strerror
to obtain a readable error string.
.B ub_strerror
returns a zero terminated string.
.B ub_ctx_create
returns NULL on an error (a malloc failure).
.B ub_poll
returns true if some information may be available, false otherwise.
.B ub_fd
returns a file descriptor or \-1 on error.
.SH "SEE ALSO"
\fIunbound.conf\fR(5), 
\fIunbound\fR(8).
.SH "AUTHORS"
.B Unbound
developers are mentioned in the CREDITS file in the distribution.
Commit	Line	Data
89c4ed63 A	1	.TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
	2	.\"
	3	.\" libunbound.3 -- unbound library functions manual
	4	.\"
	5	.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
	6	.\"
	7	.\" See LICENSE for the license.
	8	.\"
	9	.\"
	10	.SH "NAME"
	11	.B libunbound,
	12	.B unbound.h,
	13	.B ub_ctx,
	14	.B ub_result,
	15	.B ub_callback_t,
	16	.B ub_ctx_create,
	17	.B ub_ctx_delete,
	18	.B ub_ctx_set_option,
	19	.B ub_ctx_get_option,
	20	.B ub_ctx_config,
	21	.B ub_ctx_set_fwd,
	22	.B ub_ctx_resolvconf,
	23	.B ub_ctx_hosts,
	24	.B ub_ctx_add_ta,
	25	.B ub_ctx_add_ta_autr,
	26	.B ub_ctx_add_ta_file,
	27	.B ub_ctx_trustedkeys,
	28	.B ub_ctx_debugout,
	29	.B ub_ctx_debuglevel,
	30	.B ub_ctx_async,
	31	.B ub_poll,
	32	.B ub_wait,
	33	.B ub_fd,
	34	.B ub_process,
	35	.B ub_resolve,
	36	.B ub_resolve_async,
	37	.B ub_cancel,
	38	.B ub_resolve_free,
	39	.B ub_strerror,
	40	.B ub_ctx_print_local_zones,
	41	.B ub_ctx_zone_add,
	42	.B ub_ctx_zone_remove,
	43	.B ub_ctx_data_add,
	44	.B ub_ctx_data_remove
	45	\- Unbound DNS validating resolver 1.5.1 functions.
	46	.SH "SYNOPSIS"
	47	.B #include <unbound.h>
	48	.LP
	49	\fIstruct ub_ctx *\fR
	50	\fBub_ctx_create\fR(\fIvoid\fR);
	51	.LP
	52	\fIvoid\fR
	53	\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
	54	.LP
	55	\fIint\fR
	56	\fBub_ctx_set_option\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR opt, \fIchar*\fR val);
	57	.LP
	58	\fIint\fR
	59	\fBub_ctx_get_option\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR opt, \fIchar**\fR val);
	60	.LP
	61	\fIint\fR
	62	\fBub_ctx_config\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
	63	.LP
	64	\fIint\fR
65	\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR addr);
66	.LP
67	\fIint\fR
68	\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
69	.LP
70	\fIint\fR
71	\fBub_ctx_hosts\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
72	.LP
73	\fIint\fR
74	\fBub_ctx_add_ta\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR ta);
75	.LP
76	\fIint\fR
77	\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
78	.LP
79	\fIint\fR
80	\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
81	.LP
82	\fIint\fR
83	\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR fname);
84	.LP
85	\fIint\fR
86	\fBub_ctx_debugout\fR(\fIstruct ub_ctx\fR ctx, \fIFILE\fR out);
87	.LP
88	\fIint\fR
89	\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
90	.LP
91	\fIint\fR
92	\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
93	.LP
94	\fIint\fR
95	\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
96	.LP
97	\fIint\fR
98	\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
99	.LP
100	\fIint\fR
101	\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
102	.LP
103	\fIint\fR
104	\fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
105	.LP
106	\fIint\fR
107	\fBub_resolve\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR name,
108	.br
109	\fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
110	.LP
111	\fIint\fR
112	\fBub_resolve_async\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR name,
113	.br
114	\fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata,
115	.br
116	\fIub_callback_t\fR callback, \fIint*\fR async_id);
117	.LP
118	\fIint\fR
119	\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
120	.LP
121	\fIvoid\fR
122	\fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
123	.LP
124	\fIconst char *\fR
125	\fBub_strerror\fR(\fIint\fR err);
126	.LP
127	\fIint\fR
128	\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
129	.LP
130	\fIint\fR
131	\fBub_ctx_zone_add\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR zone_name, \fIchar*\fR zone_type);
132	.LP
133	\fIint\fR
134	\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR zone_name);
135	.LP
136	\fIint\fR
137	\fBub_ctx_data_add\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR data);
138	.LP
139	\fIint\fR
140	\fBub_ctx_data_remove\fR(\fIstruct ub_ctx\fR ctx, \fIchar\fR data);
141	.SH "DESCRIPTION"
142	.B Unbound
143	is an implementation of a DNS resolver, that does caching and
144	DNSSEC validation. This is the library API, for using the \-lunbound library.
145	The server daemon is described in \fIunbound\fR(8).
146	The library can be used to convert hostnames to ip addresses, and back,
147	and obtain other information from the DNS. The library performs public\-key
148	validation of results with DNSSEC.
149	.P
150	The library uses a variable of type \fIstruct ub_ctx\fR to keep context
151	between calls. The user must maintain it, creating it with
152	.B ub_ctx_create
153	and deleting it with
154	.B ub_ctx_delete\fR.
155	It can be created and deleted at any time. Creating it anew removes any
156	previous configuration (such as trusted keys) and clears any cached results.
157	.P
158	The functions are thread\-safe, and a context an be used in a threaded (as
159	well as in a non\-threaded) environment. Also resolution (and validation)
160	can be performed blocking and non\-blocking (also called asynchronous).
161	The async method returns from the call immediately, so that processing
162	can go on, while the results become available later.
163	.P
164	The functions are discussed in turn below.
165	.SH "FUNCTIONS"
166	.TP
167	.B ub_ctx_create
168	Create a new context, initialised with defaults.
169	The information from /etc/resolv.conf and /etc/hosts is not utilised
170	by default. Use
171	.B ub_ctx_resolvconf
172	and
173	.B ub_ctx_hosts
174	to read them.
175	Before you call this, use the openssl functions CRYPTO_set_id_callback and
176	CRYPTO_set_locking_callback to set up asyncronous operation if you use
177	lib openssl (the application calls these functions once for initialisation).
178	.TP
179	.B ub_ctx_delete
180	Delete validation context and free associated resources.
181	Outstanding async queries are killed and callbacks are not called for them.
182	.TP
183	.B ub_ctx_set_option
184	A power\-user interface that lets you specify one of the options from the
185	config file format, see \fIunbound.conf\fR(5). Not all options are
186	relevant. For some specific options, such as adding trust anchors, special
187	routines exist. Pass the option name with the trailing ':'.
188	.TP
189	.B ub_ctx_get_option
190	A power\-user interface that gets an option value. Some options cannot be
191	gotten, and others return a newline separated list. Pass the option name
192	without trailing ':'. The returned value must be free(2)d by the caller.
193	.TP
194	.B ub_ctx_config
195	A power\-user interface that lets you specify an unbound config file, see
196	\fIunbound.conf\fR(5), which is read for configuration. Not all options are
197	relevant. For some specific options, such as adding trust anchors, special
198	routines exist.
199	.TP
200	.B ub_ctx_set_fwd
201	Set machine to forward DNS queries to, the caching resolver to use.
202	IP4 or IP6 address. Forwards all DNS requests to that machine, which
203	is expected to run a recursive resolver. If the proxy is not
204	DNSSEC capable, validation may fail. Can be called several times, in
205	that case the addresses are used as backup servers.
206	At this time it is only possible to set configuration before the
207	first resolve is done.
208	.TP
209	.B ub_ctx_resolvconf
210	By default the root servers are queried and full resolver mode is used, but
211	you can use this call to read the list of nameservers to use from the
212	filename given.
213	Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
214	If they do not support DNSSEC, validation may fail.
215	Only nameservers are picked up, the searchdomain, ndots and other
216	settings from \fIresolv.conf\fR(5) are ignored.
217	If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows,
218	the system\-wide configured nameserver is picked instead).
219	At this time it is only possible to set configuration before the
220	first resolve is done.
221	.TP
222	.B ub_ctx_hosts
223	Read list of hosts from the filename given.
224	Usually "/etc/hosts". When queried for, these addresses are not marked
225	DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used
226	(if on Windows, etc/hosts from WINDIR is picked instead).
227	At this time it is only possible to set configuration before the
228	first resolve is done.
229	.TP
230	.B
231	ub_ctx_add_ta
232	Add a trust anchor to the given context.
233	At this time it is only possible to add trusted keys before the
234	first resolve is done.
235	The format is a string, similar to the zone\-file format,
236	[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
237	.TP
238	.B ub_ctx_add_ta_autr
239	Add filename with automatically tracked trust anchor to the given context.
240	Pass name of a file with the managed trust anchor. You can create this
241	file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
242	create it with an initial file with one line with a DNSKEY or DS record.
243	If the file is writable, it is updated when the trust anchor changes.
244	At this time it is only possible to add trusted keys before the
245	first resolve is done.
246	.TP
247	.B ub_ctx_add_ta_file
248	Add trust anchors to the given context.
249	Pass name of a file with DS and DNSKEY records in zone file format.
250	At this time it is only possible to add trusted keys before the
251	first resolve is done.
252	.TP
253	.B ub_ctx_trustedkeys
254	Add trust anchors to the given context.
255	Pass the name of a bind\-style config file with trusted\-keys{}.
256	At this time it is only possible to add trusted keys before the
257	first resolve is done.
258	.TP
259	.B ub_ctx_debugout
260	Set debug and error log output to the given stream. Pass NULL to disable
261	output. Default is stderr. File\-names or using syslog can be enabled
262	using config options, this routine is for using your own stream.
263	.TP
264	.B ub_ctx_debuglevel
265	Set debug verbosity for the context. Output is directed to stderr.
266	Higher debug level gives more output.
267	.TP
268	.B ub_ctx_async
269	Set a context behaviour for asynchronous action.
270	if set to true, enables threading and a call to
271	.B ub_resolve_async
272	creates a thread to handle work in the background.
273	If false, a process is forked to handle work in the background.
274	Changes to this setting after
275	.B ub_resolve_async
276	calls have been made have no effect (delete and re\-create the context
277	to change).
278	.TP
279	.B ub_poll
280	Poll a context to see if it has any new results.
281	Do not poll in a loop, instead extract the fd below to poll for readiness,
282	and then check, or wait using the wait routine.
283	Returns 0 if nothing to read, or nonzero if a result is available.
284	If nonzero, call
285	.B ub_process
286	to do callbacks.
287	.TP
288	.B ub_wait
289	Wait for a context to finish with results. Calls
290	.B ub_process
291	after the wait for you. After the wait, there are no more outstanding
292	asynchronous queries.
293	.TP
294	.B ub_fd
295	Get file descriptor. Wait for it to become readable, at this point
296	answers are returned from the asynchronous validating resolver.
297	Then call the \fBub_process\fR to continue processing.
298	.TP
299	.B ub_process
300	Call this routine to continue processing results from the validating
301	resolver (when the fd becomes readable).
302	Will perform necessary callbacks.
303	.TP
304	.B ub_resolve
305	Perform resolution and validation of the target name.
306	The name is a domain name in a zero terminated text string.
307	The rrtype and rrclass are DNS type and class codes.
308	The result structure is newly allocated with the resulting data.
309	.TP
310	.B ub_resolve_async
311	Perform asynchronous resolution and validation of the target name.
312	Arguments mean the same as for \fBub_resolve\fR except no
313	data is returned immediately, instead a callback is called later.
314	The callback receives a copy of the mydata pointer, that you can use to pass
315	information to the callback. The callback type is a function pointer to
316	a function declared as
317	.IP
318	void my_callback_function(void* my_arg, int err,
319	.br
320	struct ub_result* result);
321	.IP
322	The async_id is returned so you can (at your option) decide to track it
323	and cancel the request if needed. If you pass a NULL pointer the async_id
324	is not returned.
325	.TP
326	.B ub_cancel
327	Cancel an async query in progress. This may return an error if the query
328	does not exist, or the query is already being delivered, in that case you
329	may still get a callback for the query.
330	.TP
331	.B ub_resolve_free
332	Free struct ub_result contents after use.
333	.TP
334	.B ub_strerror
335	Convert error value from one of the unbound library functions
336	to a human readable string.
337	.TP
338	.B ub_ctx_print_local_zones
339	Debug printout the local authority information to debug output.
340	.TP
341	.B ub_ctx_zone_add
342	Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5)
343	statement.
344	.TP
345	.B ub_ctx_zone_remove
346	Delete zone from local authority info.
347	.TP
348	.B ub_ctx_data_add
349	Add resource record data to local authority info, like local\-data
350	\fIunbound.conf\fR(5) statement.
351	.TP
352	.B ub_ctx_data_remove
353	Delete local authority data from the name given.
354	.SH "RESULT DATA STRUCTURE"
355	The result of the DNS resolution and validation is returned as
356	\fIstruct ub_result\fR. The result structure contains the following entries.
357	.P
358	.nf
359	struct ub_result {
360	char* qname; /* text string, original question */
361	int qtype; /* type code asked for */
362	int qclass; /* class code asked for */
363	char** data; /* array of rdata items, NULL terminated*/
364	int* len; /* array with lengths of rdata items */
365	char* canonname; /* canonical name of result */
366	int rcode; /* additional error code in case of no data */
367	void* answer_packet; /* full network format answer packet */
368	int answer_len; /* length of packet in octets */
369	int havedata; /* true if there is data */
370	int nxdomain; /* true if nodata because name does not exist */
371	int secure; /* true if result is secure */
372	int bogus; /* true if a security failure happened */
373	char* why_bogus; /* string with error if bogus */
374	int ttl; /* number of seconds the result is valid */
375	};
376	.fi
377	.P
378	If both secure and bogus are false, security was not enabled for the
379	domain of the query. Else, they are not both true, one of them is true.
380	.SH "RETURN VALUES"
381	Many routines return an error code. The value 0 (zero) denotes no error
382	happened. Other values can be passed to
383	.B ub_strerror
384	to obtain a readable error string.
385	.B ub_strerror
386	returns a zero terminated string.
387	.B ub_ctx_create
388	returns NULL on an error (a malloc failure).
389	.B ub_poll
390	returns true if some information may be available, false otherwise.
391	.B ub_fd
392	returns a file descriptor or \-1 on error.
393	.SH "SEE ALSO"
394	\fIunbound.conf\fR(5),
395	\fIunbound\fR(8).
396	.SH "AUTHORS"
397	.B Unbound
398	developers are mentioned in the CREDITS file in the distribution.