NAME

unwind — validating DNS resolver

SYNOPSIS

DESCRIPTION

unwind is a validating DNS resolver. It is intended to run on client machines like workstations or laptops and only listens on localhost.

unwind sends DNS queries to nameservers to answer queries. If it detects that DNS queries are blocked by the local network, it can switch to resolvers learned through autoconfiguration. It periodically probes if DNS is no longer blocked and switches back to querying nameservers itself. A list of sources for proposals learned through autoconfiguration is documented in resolvd(8).

unwind keeps the DNS answers in a cache shared by the different DNS name server types. unwind manages the cache size by deleting oldest entries when needed. The cache is non-configurable and is lost upon process restart.

To have unwind enabled at boot time, use “rcctl enable unwind”, which sets

in rc.conf.local(8).

A running unwind can be controlled with the unwindctl(8) utility.

The options are as follows:

-d

Do not daemonize. If this option is specified, unwind will run in the foreground and log to stderr.

-f file

Specify an alternative configuration file.

-n

Configtest mode. Only check the configuration file for validity.

-s socket

Use an alternate location for the default control socket.

-v

Produce more verbose output. Multiple -v options increase the verbosity. Debug output from libunbound is only available when logging to stderr.

FILES

/etc/unwind.conf

Default unwind configuration file.

/var/db/unwind.key

Trust anchor for DNSSEC validation.

/dev/unwind.sock

UNIX-domain socket used for communication with unwindctl(8).

SEE ALSO

unwind.conf(5), unbound(8), unwindctl(8)

STANDARDS

P. Mockapetris, DOMAIN NAMES - CONCEPTS AND FACILITIES, RFC 1034, November 1987.

P. Mockapetris, DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION, RFC 1035, November 1987.

HISTORY

The unwind program first appeared in OpenBSD 6.5.

AUTHORS

The unwind program was written by Florian Obser <florian@openbsd.org>.