OpenBSD manual page server

Manual Page Search Parameters

UNWIND(8) System Manager's Manual UNWIND(8)

unwindvalidating DNS resolver

unwind [-dnv] [-f file] [-s socket]

unwind is a validating DNS resolver. It is intended to run on client machines like workstations or laptops and only listens on localhost. unwind sends DNS queries to nameservers to answer queries and switches to resolvers learned from dhclient(8) if it detects that DNS queries are blocked by the local network. It periodically probes if DNS is no longer blocked and switches back to querying nameservers itself.

unwind is usually started at boot time, and can be enabled by setting the following in /etc/rc.conf.local:

unwind_flags=""

See rc(8) and rc.conf(8) for more information on the boot process and enabling daemons.

Adding

prepend domain-name-servers 127.0.0.1;
to /etc/dhclient.conf configures a machine using DHCP to use unwind.

A running unwind can be controlled with the unwindctl(8) utility.

The options are as follows:

Do not daemonize. If this option is specified, unwind will run in the foreground and log to stderr.
file
Specify an alternative configuration file.
Configtest mode. Only check the configuration file for validity.
socket
Use an alternate location for the default control socket.
Produce more verbose output. Multiple -v options increase the verbosity.

/etc/unwind.conf
Default unwind configuration file.
/var/db/unwind.key
Trust anchor for DNSSEC validation.
/var/run/unwind.sock
UNIX-domain socket used for communication with unwindctl(8).

unwind.conf(5), dhclient(8), unbound(8), unwindctl(8)

P. Mockapetris, DOMAIN NAMES - CONCEPTS AND FACILITIES, RFC 1034, November 1987.

P. Mockapetris, DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION, RFC 1035, November 1987.

The unwind program first appeared in OpenBSD 6.5.

The unwind program was written by Florian Obser <florian@openbsd.org>.

February 11, 2019 OpenBSD-current