1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
# Copyright 2004-2012 SPARTA, Inc. All rights reserved.
# See the COPYING file included with the dnssec-tools package for details.
DNSSEC-Tools
Is your domain secure?
This directory contains the implementation for the DNSSEC validator library.
The contents are structured as follows:
doc:
Documentation for the libval and libsres libraries.
libval:
A library that provides DNSSEC resource-record validation functionality.
libsres:
A library that is capable of sending queries to, and receiving answers
from a DNSSEC-aware name server.
apps:
Utility programs for the validator.
etc:
Configuration files for the validator.
include:
Header files required to build the validator.
Building and installing
=======================
The validator library is normally configured, compiled and installed through
the normal build process for the DNSSEC-Tools suite. The validator library
can be optionally configured with/without support for the following modules:
--without-nsec3 : don't include support for NSEC3
--without-dlv : don't include support for Dynamic Lookaside Validation (DLV)
--without-ipv6 : don't include support for IPv6
Typical sequence is
$ ./configure
$ make
$ sudo make install
The validator module honors the --prefix option in that it will install
libraries and binaries in the expected locations and looks for configuration
files in the correct $prefix/dnssec-tools/etc directory; except for the
root.hints file, which the validator will try to locate in various standard
system directories. The validator module also allows the user to override the
default locations for these configuration files during the ./configure
process. However, in no case will 'make install' actually install any
configure files in the directory specified. The user must install these files
manually.
The validator module supports hard-coded default policies for its
validator policy, its root hints data and for its resolver policy. These can
be specified through the --with-inline-dnsval-conf, --with-inline-root-hints
and --with-inline-resolv-conf configure options respectively.
As an example:
$ ./configure --prefix=/usr/local/opt --with-openssl=/opt/local \
--with-inline-dnsval-conf=etc/dnsval.conf.default \
--with-inline-root-hints=etc/root.hints
Building on Windows
====================
The validator library supports three different ways of building for Windows
a) Building with MinGW/MSYS
- First build the openssl library using the following command line options
$ ./config -D__USE_MINGW_ANSI_STDIO=0 --prefix=/path/to/openssl
$ make install
- Configure the validator as follows:
$ CPPFLAGS='-D__USE_MINGW_ANSI_STDIO=0'\
CFLAGS='-g -mwindows -mconsole'\
./configure --with-openssl=/path/to/openssl\
--prefix=/install/path \
--with-resolv-conf=resolv.txt --with-root-hints=root.txt\
--with-dnsval-conf=dnsval.txt \
--with-inline-dnsval-conf=etc/dnsval.conf \
--with-inline-root-hints=etc/root.hints
- Build the library and command-line apps
$ make windows
$ make windows-install
b) Building DLLs using nmake
(This method is made available courtesy Bob Novas.)
- Download and install perl from http://www.activestate.com/activeperl/downloads
- Open a command window and setup the environment using one of the two scripts:
C:\> vcvars32 (for a 32-bit system)
C:\> vcvars64 (for a 64-bit system)
- Build openssl for 64-bit systems as follows
> perl Configure --prefix="C:\path\to\openssl" VC-WIN64A
> ms\do_win64a
> nmake -f ms\ntdll.mak
> nmake -f ms\ntdll.mak install
- Build openssl for 32-bit systems as follows
> perl Configure --prefix="C:\path\to\openssl" VC-WIN32
> ms\do_ms
> nmake -f ms\ntdll.mak
> nmake -f ms\ntdll.mak install
- Build the validator library for 32-bit systems as follows
> nmake -f windows.mak win32
- Build the validator library for 32-bit systems as follows
> nmake -f windows.mak win64
The DLLs are created in the validator\Debug directory.
c) Cross-compiling for Windows
This instructions were tested on OSX 10.6. The instructions for
other platforms are likely going to be quite similar.
- Install mingw pre-requisites
$ sudo port install i386-mingw32-binutils i386-mingw32-runtime \
i386-mingw32-w32api i386-mingw32-gcc
- Bild the openssl library using the following command line options
$ ./Configure -D__USE_MINGW_ANSI_STDIO=0 \
--cross-compile-prefix=i386-mingw32- \
mingw --prefix=/usr/local/opt/mingw-dnssec
$ sudo make install
- Build the validator library as follows
$ PATH="/opt/local/i386-mingw32/bin:$PATH" \
LDFLAGS="-L/opt/local/i386-mingw32/lib" \
CPPFLAGS="-D__USE_MINGW_ANSI_STDIO=0" \
CFLAGS='-mwindows -mconsole' \
./configure --disable-option-checking \
--with-openssl=/usr/local/opt/mingw-dnssec \
--with-resolv-conf=resolv.txt \
--with-root-hints=root.txt \
--with-dnsval-conf=dnsval.txt \
--with-inline-dnsval-conf=etc/dnsval.conf.default \
--with-inline-root-hints=etc/root.hints \
--host=i386-mingw32 \
--prefix=/usr/local/opt/mingw-dnssec
- Build and install the library and command-line apps
$ make windows
$ sudo make windows-install
|
