]> git.saurik.com Git - apple/network_cmds.git/blob - unbound/doc/libunbound.3.in
network_cmds-481.20.1.tar.gz
[apple/network_cmds.git] / unbound / doc / libunbound.3.in
1 .TH "libunbound" "3" "Dec 8, 2014" "NLnet Labs" "unbound 1.5.1"
2 .\"
3 .\" libunbound.3 -- unbound library functions manual
4 .\"
5 .\" Copyright (c) 2007, NLnet Labs. All rights reserved.
6 .\"
7 .\" See LICENSE for the license.
8 .\"
9 .\"
10 .SH "NAME"
11 .B libunbound,
12 .B unbound.h,
13 .B ub_ctx,
14 .B ub_result,
15 .B ub_callback_t,
16 .B ub_ctx_create,
17 .B ub_ctx_delete,
18 .B ub_ctx_set_option,
19 .B ub_ctx_get_option,
20 .B ub_ctx_config,
21 .B ub_ctx_set_fwd,
22 .B ub_ctx_resolvconf,
23 .B ub_ctx_hosts,
24 .B ub_ctx_add_ta,
25 .B ub_ctx_add_ta_autr,
26 .B ub_ctx_add_ta_file,
27 .B ub_ctx_trustedkeys,
28 .B ub_ctx_debugout,
29 .B ub_ctx_debuglevel,
30 .B ub_ctx_async,
31 .B ub_poll,
32 .B ub_wait,
33 .B ub_fd,
34 .B ub_process,
35 .B ub_resolve,
36 .B ub_resolve_async,
37 .B ub_cancel,
38 .B ub_resolve_free,
39 .B ub_strerror,
40 .B ub_ctx_print_local_zones,
41 .B ub_ctx_zone_add,
42 .B ub_ctx_zone_remove,
43 .B ub_ctx_data_add,
44 .B ub_ctx_data_remove
45 \- Unbound DNS validating resolver 1.5.1 functions.
46 .SH "SYNOPSIS"
47 .B #include <unbound.h>
48 .LP
49 \fIstruct ub_ctx *\fR
50 \fBub_ctx_create\fR(\fIvoid\fR);
51 .LP
52 \fIvoid\fR
53 \fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
54 .LP
55 \fIint\fR
56 \fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val);
57 .LP
58 \fIint\fR
59 \fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val);
60 .LP
61 \fIint\fR
62 \fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
63 .LP
64 \fIint\fR
65 \fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr);
66 .LP
67 \fIint\fR
68 \fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
69 .LP
70 \fIint\fR
71 \fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
72 .LP
73 \fIint\fR
74 \fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
75 .LP
76 \fIint\fR
77 \fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
78 .LP
79 \fIint\fR
80 \fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
81 .LP
82 \fIint\fR
83 \fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
84 .LP
85 \fIint\fR
86 \fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out);
87 .LP
88 \fIint\fR
89 \fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
90 .LP
91 \fIint\fR
92 \fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
93 .LP
94 \fIint\fR
95 \fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
96 .LP
97 \fIint\fR
98 \fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
99 .LP
100 \fIint\fR
101 \fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
102 .LP
103 \fIint\fR
104 \fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
105 .LP
106 \fIint\fR
107 \fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name,
108 .br
109 \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
110 .LP
111 \fIint\fR
112 \fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name,
113 .br
114 \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata,
115 .br
116 \fIub_callback_t\fR callback, \fIint*\fR async_id);
117 .LP
118 \fIint\fR
119 \fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
120 .LP
121 \fIvoid\fR
122 \fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
123 .LP
124 \fIconst char *\fR
125 \fBub_strerror\fR(\fIint\fR err);
126 .LP
127 \fIint\fR
128 \fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
129 .LP
130 \fIint\fR
131 \fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type);
132 .LP
133 \fIint\fR
134 \fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name);
135 .LP
136 \fIint\fR
137 \fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
138 .LP
139 \fIint\fR
140 \fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
141 .SH "DESCRIPTION"
142 .B Unbound
143 is an implementation of a DNS resolver, that does caching and
144 DNSSEC validation. This is the library API, for using the \-lunbound library.
145 The server daemon is described in \fIunbound\fR(8).
146 The library can be used to convert hostnames to ip addresses, and back,
147 and obtain other information from the DNS. The library performs public\-key
148 validation of results with DNSSEC.
149 .P
150 The library uses a variable of type \fIstruct ub_ctx\fR to keep context
151 between calls. The user must maintain it, creating it with
152 .B ub_ctx_create
153 and deleting it with
154 .B ub_ctx_delete\fR.
155 It can be created and deleted at any time. Creating it anew removes any
156 previous configuration (such as trusted keys) and clears any cached results.
157 .P
158 The functions are thread\-safe, and a context an be used in a threaded (as
159 well as in a non\-threaded) environment. Also resolution (and validation)
160 can be performed blocking and non\-blocking (also called asynchronous).
161 The async method returns from the call immediately, so that processing
162 can go on, while the results become available later.
163 .P
164 The functions are discussed in turn below.
165 .SH "FUNCTIONS"
166 .TP
167 .B ub_ctx_create
168 Create a new context, initialised with defaults.
169 The information from /etc/resolv.conf and /etc/hosts is not utilised
170 by default. Use
171 .B ub_ctx_resolvconf
172 and
173 .B ub_ctx_hosts
174 to read them.
175 Before you call this, use the openssl functions CRYPTO_set_id_callback and
176 CRYPTO_set_locking_callback to set up asyncronous operation if you use
177 lib openssl (the application calls these functions once for initialisation).
178 .TP
179 .B ub_ctx_delete
180 Delete validation context and free associated resources.
181 Outstanding async queries are killed and callbacks are not called for them.
182 .TP
183 .B ub_ctx_set_option
184 A power\-user interface that lets you specify one of the options from the
185 config file format, see \fIunbound.conf\fR(5). Not all options are
186 relevant. For some specific options, such as adding trust anchors, special
187 routines exist. Pass the option name with the trailing ':'.
188 .TP
189 .B ub_ctx_get_option
190 A power\-user interface that gets an option value. Some options cannot be
191 gotten, and others return a newline separated list. Pass the option name
192 without trailing ':'. The returned value must be free(2)d by the caller.
193 .TP
194 .B ub_ctx_config
195 A power\-user interface that lets you specify an unbound config file, see
196 \fIunbound.conf\fR(5), which is read for configuration. Not all options are
197 relevant. For some specific options, such as adding trust anchors, special
198 routines exist.
199 .TP
200 .B ub_ctx_set_fwd
201 Set machine to forward DNS queries to, the caching resolver to use.
202 IP4 or IP6 address. Forwards all DNS requests to that machine, which
203 is expected to run a recursive resolver. If the proxy is not
204 DNSSEC capable, validation may fail. Can be called several times, in
205 that case the addresses are used as backup servers.
206 At this time it is only possible to set configuration before the
207 first resolve is done.
208 .TP
209 .B ub_ctx_resolvconf
210 By default the root servers are queried and full resolver mode is used, but
211 you can use this call to read the list of nameservers to use from the
212 filename given.
213 Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
214 If they do not support DNSSEC, validation may fail.
215 Only nameservers are picked up, the searchdomain, ndots and other
216 settings from \fIresolv.conf\fR(5) are ignored.
217 If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows,
218 the system\-wide configured nameserver is picked instead).
219 At this time it is only possible to set configuration before the
220 first resolve is done.
221 .TP
222 .B ub_ctx_hosts
223 Read list of hosts from the filename given.
224 Usually "/etc/hosts". When queried for, these addresses are not marked
225 DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used
226 (if on Windows, etc/hosts from WINDIR is picked instead).
227 At this time it is only possible to set configuration before the
228 first resolve is done.
229 .TP
230 .B
231 ub_ctx_add_ta
232 Add a trust anchor to the given context.
233 At this time it is only possible to add trusted keys before the
234 first resolve is done.
235 The format is a string, similar to the zone\-file format,
236 [domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
237 .TP
238 .B ub_ctx_add_ta_autr
239 Add filename with automatically tracked trust anchor to the given context.
240 Pass name of a file with the managed trust anchor. You can create this
241 file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
242 create it with an initial file with one line with a DNSKEY or DS record.
243 If the file is writable, it is updated when the trust anchor changes.
244 At this time it is only possible to add trusted keys before the
245 first resolve is done.
246 .TP
247 .B ub_ctx_add_ta_file
248 Add trust anchors to the given context.
249 Pass name of a file with DS and DNSKEY records in zone file format.
250 At this time it is only possible to add trusted keys before the
251 first resolve is done.
252 .TP
253 .B ub_ctx_trustedkeys
254 Add trust anchors to the given context.
255 Pass the name of a bind\-style config file with trusted\-keys{}.
256 At this time it is only possible to add trusted keys before the
257 first resolve is done.
258 .TP
259 .B ub_ctx_debugout
260 Set debug and error log output to the given stream. Pass NULL to disable
261 output. Default is stderr. File\-names or using syslog can be enabled
262 using config options, this routine is for using your own stream.
263 .TP
264 .B ub_ctx_debuglevel
265 Set debug verbosity for the context. Output is directed to stderr.
266 Higher debug level gives more output.
267 .TP
268 .B ub_ctx_async
269 Set a context behaviour for asynchronous action.
270 if set to true, enables threading and a call to
271 .B ub_resolve_async
272 creates a thread to handle work in the background.
273 If false, a process is forked to handle work in the background.
274 Changes to this setting after
275 .B ub_resolve_async
276 calls have been made have no effect (delete and re\-create the context
277 to change).
278 .TP
279 .B ub_poll
280 Poll a context to see if it has any new results.
281 Do not poll in a loop, instead extract the fd below to poll for readiness,
282 and then check, or wait using the wait routine.
283 Returns 0 if nothing to read, or nonzero if a result is available.
284 If nonzero, call
285 .B ub_process
286 to do callbacks.
287 .TP
288 .B ub_wait
289 Wait for a context to finish with results. Calls
290 .B ub_process
291 after the wait for you. After the wait, there are no more outstanding
292 asynchronous queries.
293 .TP
294 .B ub_fd
295 Get file descriptor. Wait for it to become readable, at this point
296 answers are returned from the asynchronous validating resolver.
297 Then call the \fBub_process\fR to continue processing.
298 .TP
299 .B ub_process
300 Call this routine to continue processing results from the validating
301 resolver (when the fd becomes readable).
302 Will perform necessary callbacks.
303 .TP
304 .B ub_resolve
305 Perform resolution and validation of the target name.
306 The name is a domain name in a zero terminated text string.
307 The rrtype and rrclass are DNS type and class codes.
308 The result structure is newly allocated with the resulting data.
309 .TP
310 .B ub_resolve_async
311 Perform asynchronous resolution and validation of the target name.
312 Arguments mean the same as for \fBub_resolve\fR except no
313 data is returned immediately, instead a callback is called later.
314 The callback receives a copy of the mydata pointer, that you can use to pass
315 information to the callback. The callback type is a function pointer to
316 a function declared as
317 .IP
318 void my_callback_function(void* my_arg, int err,
319 .br
320 struct ub_result* result);
321 .IP
322 The async_id is returned so you can (at your option) decide to track it
323 and cancel the request if needed. If you pass a NULL pointer the async_id
324 is not returned.
325 .TP
326 .B ub_cancel
327 Cancel an async query in progress. This may return an error if the query
328 does not exist, or the query is already being delivered, in that case you
329 may still get a callback for the query.
330 .TP
331 .B ub_resolve_free
332 Free struct ub_result contents after use.
333 .TP
334 .B ub_strerror
335 Convert error value from one of the unbound library functions
336 to a human readable string.
337 .TP
338 .B ub_ctx_print_local_zones
339 Debug printout the local authority information to debug output.
340 .TP
341 .B ub_ctx_zone_add
342 Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5)
343 statement.
344 .TP
345 .B ub_ctx_zone_remove
346 Delete zone from local authority info.
347 .TP
348 .B ub_ctx_data_add
349 Add resource record data to local authority info, like local\-data
350 \fIunbound.conf\fR(5) statement.
351 .TP
352 .B ub_ctx_data_remove
353 Delete local authority data from the name given.
354 .SH "RESULT DATA STRUCTURE"
355 The result of the DNS resolution and validation is returned as
356 \fIstruct ub_result\fR. The result structure contains the following entries.
357 .P
358 .nf
359 struct ub_result {
360 char* qname; /* text string, original question */
361 int qtype; /* type code asked for */
362 int qclass; /* class code asked for */
363 char** data; /* array of rdata items, NULL terminated*/
364 int* len; /* array with lengths of rdata items */
365 char* canonname; /* canonical name of result */
366 int rcode; /* additional error code in case of no data */
367 void* answer_packet; /* full network format answer packet */
368 int answer_len; /* length of packet in octets */
369 int havedata; /* true if there is data */
370 int nxdomain; /* true if nodata because name does not exist */
371 int secure; /* true if result is secure */
372 int bogus; /* true if a security failure happened */
373 char* why_bogus; /* string with error if bogus */
374 int ttl; /* number of seconds the result is valid */
375 };
376 .fi
377 .P
378 If both secure and bogus are false, security was not enabled for the
379 domain of the query. Else, they are not both true, one of them is true.
380 .SH "RETURN VALUES"
381 Many routines return an error code. The value 0 (zero) denotes no error
382 happened. Other values can be passed to
383 .B ub_strerror
384 to obtain a readable error string.
385 .B ub_strerror
386 returns a zero terminated string.
387 .B ub_ctx_create
388 returns NULL on an error (a malloc failure).
389 .B ub_poll
390 returns true if some information may be available, false otherwise.
391 .B ub_fd
392 returns a file descriptor or \-1 on error.
393 .SH "SEE ALSO"
394 \fIunbound.conf\fR(5),
395 \fIunbound\fR(8).
396 .SH "AUTHORS"
397 .B Unbound
398 developers are mentioned in the CREDITS file in the distribution.