OpenBSD manual page server

Manual Page Search Parameters
UNWIND(8) System Manager's Manual UNWIND(8)

unwindvalidating DNS resolver

unwind [-dnv] [-f file] [-s socket]

unwind is a validating DNS resolver. It is intended to run on client machines like workstations or laptops and only listens on localhost. unwind sends DNS queries to nameservers to answer queries and switches to resolvers learned from dhclient(8) if it detects that DNS queries are blocked by the local network. It periodically probes if DNS is no longer blocked and switches back to querying nameservers itself.

To have unwind enabled at boot time, use “rcctl enable unwind”, which sets

unwind_flags=""

in rc.conf.local(8).

Adding

supersede domain-name-servers 127.0.0.1;

to /etc/dhclient.conf configures a machine using DHCP to use unwind.

A running unwind can be controlled with the unwindctl(8) utility.

The options are as follows:

Do not daemonize. If this option is specified, unwind will run in the foreground and log to .
file
Specify an alternative configuration file.
Configtest mode. Only check the configuration file for validity.
socket
Use an alternate location for the default control socket.
Produce more verbose output. Multiple -v options increase the verbosity.

/etc/unwind.conf
Default unwind configuration file.
/var/db/unwind.key
Trust anchor for DNSSEC validation.
/dev/unwind.sock
UNIX-domain socket used for communication with unwindctl(8).

unwind.conf(5), dhclient(8), unbound(8), unwindctl(8)

P. Mockapetris, DOMAIN NAMES - CONCEPTS AND FACILITIES, RFC 1034, November 1987.

P. Mockapetris, DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION, RFC 1035, November 1987.

The unwind program first appeared in OpenBSD 6.5.

The unwind program was written by Florian Obser <florian@openbsd.org>.

April 21, 2020 OpenBSD-6.7