<div dir="ltr">Hi benno,<div>I installed unbound by downloading the source code and make install. Below are the details you asked. I did not installed unbound from package distribution.<br><div><br></div><div>t@ubuntu:~# which unbound<br>/usr/local/sbin/unbound<br>root@ubuntu:~# ls -ll /usr/local/sbin/unbound<br>-rwxr-xr-x 1 root root 3868744 Feb 7 15:54 /usr/local/sbin/unbound<br><br>root@ubuntu:~# uname -a<br>Linux ubuntu 4.15.0-76-generic #86~16.04.1-Ubuntu SMP Mon Jan 20 10:58:26 UTC 2020 i686 i686 i686 GNU/Linux</div><div><br></div><div>Rgds</div><div>Simon<br><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 13, 2020 at 1:38 PM Benno Overeinder <<a href="mailto:benno@nlnetlabs.nl">benno@nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr">Dear Simon Baby,<div><br></div><div>The message tells that user ‘Unbound’ does not exist on your system. Which OS are you using and did you install the package from a distribution?</div><div><br></div><div>— Benno<br><br><div dir="ltr">—<div>Benno J. Overeinder</div><div>NLnet Labs</div><div><a href="https://www.nlnetlabs.nl/" target="_blank">https://www.nlnetlabs.nl/</a></div></div><div dir="ltr"><br><blockquote type="cite">Op 13 feb. 2020 om 20:17 heeft SIMON BABY via Unbound-users <<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a>> het volgende geschreven:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr">Hi,<div><br></div><div>I am getting the below error while trying to run unbound on my machine. I am using unbound-1.9.6. Can someone please help.</div><div><br></div><div>root@ubuntu:~# which unbound<br>/usr/local/sbin/unbound<br>root@ubuntu:~# unbound -c /usr/local/etc/unbound/unbound.conf<br><b>[1581621083] unbound[22619:0] fatal error: user 'unbound' does not exist.</b><br>root@ubuntu:~# unbound -c /usr/local/etc/unbound/unbound.conf<br></div><div><br></div><div>rgds</div><div>Simon</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 13, 2020 at 6:08 AM <<a href="mailto:unbound-users-request@lists.nlnetlabs.nl" target="_blank">unbound-users-request@lists.nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send Unbound-users mailing list submissions to<br>
<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users" rel="noreferrer" target="_blank">https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:unbound-users-request@lists.nlnetlabs.nl" target="_blank">unbound-users-request@lists.nlnetlabs.nl</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:unbound-users-owner@lists.nlnetlabs.nl" target="_blank">unbound-users-owner@lists.nlnetlabs.nl</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Unbound-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Unbound 1.10.0rc1 pre-release (Wouter Wijngaards)<br>
2. Re: retrieve TLSA record also if it is not secured by DNSSEC<br>
(Elmar Stellnberger)<br>
3. Re: retrieve TLSA record also if it is not secured by DNSSEC<br>
(Elmar Stellnberger)<br>
4. Re: dns over tls with unbound on openwrt (Tony Finch)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 13 Feb 2020 13:41:53 +0100<br>
From: Wouter Wijngaards <<a href="mailto:wouter@nlnetlabs.nl" target="_blank">wouter@nlnetlabs.nl</a>><br>
To: <a href="mailto:unbound-users@nlnetlabs.nl" target="_blank">unbound-users@nlnetlabs.nl</a>, <a href="mailto:maintainers@nlnetlabs.nl" target="_blank">maintainers@nlnetlabs.nl</a><br>
Subject: Unbound 1.10.0rc1 pre-release<br>
Message-ID: <<a href="mailto:a29809d5-38a1-f9f2-21bb-6d84c6412160@nlnetlabs.nl" target="_blank">a29809d5-38a1-f9f2-21bb-6d84c6412160@nlnetlabs.nl</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
<br>
Unbound 1.10.0rc1 pre-release is available:<br>
<a href="https://nlnetlabs.nl/downloads/unbound/unbound-1.10.0rc1.tar.gz" rel="noreferrer" target="_blank">https://nlnetlabs.nl/downloads/unbound/unbound-1.10.0rc1.tar.gz</a><br>
sha256 cee1761b7801ae1f6e37f8a81f0646b93ad62bad565fe8459d46661073ca8440<br>
pgp <a href="https://nlnetlabs.nl/downloads/unbound/unbound-1.10.0rc1.tar.gz.asc" rel="noreferrer" target="_blank">https://nlnetlabs.nl/downloads/unbound/unbound-1.10.0rc1.tar.gz.asc</a><br>
<br>
This is the maintainers' pre-release.<br>
<br>
The 1.10.0rc1 release has RPZ support and serve stale functionality<br>
according to draft draft-ietf-dnsop-serve-stale-10. And a number of<br>
other, smaller, features, and bug fixes.<br>
<br>
The DNS Response Policy Zones (RPZ) functionality makes it possible<br>
to express DNS response policies in a DNS zone. These zones can<br>
be loaded from file or transferred over DNS zone transfers or<br>
HTTP. The RPZ functionality in Unbound is implemented as specified in<br>
draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address<br>
triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA,<br>
PASSTHRU, DROP and Local Data.<br>
<br>
Enabling the respip module using `module-config` is required to use<br>
RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses<br>
are applied in order of configuration. Unbound can get the data from<br>
zone transfer, a zonefile or https url, and more options are documented<br>
in the man page. A minimal RPZ configuration that will transfer the<br>
RPZ zone using AXFR and IXFR can look like:<br>
<br>
server:<br>
module-config: "respip validator iterator"<br>
<br>
rpz:<br>
name: "<a href="http://rpz.example.com" rel="noreferrer" target="_blank">rpz.example.com</a>" # name of the policy zone<br>
master: 192.0.2.0 # address of the name server to transfer from<br>
<br>
The serve-stale functionality as described in<br>
draft-ietf-dnsop-serve-stale-10 is now supported in unbound.<br>
This allows unbound to first try and resolve a domain name before<br>
replying with expired data from cache. This differs from unbound's<br>
initial serve-expired behavior which attempts to reply with expired<br>
entries from cache without waiting for the actual resolution to finish.<br>
Both behaviors are available and can be configured with the various<br>
serve-expired-* configuration options. serve-expired-client-timeout is<br>
the option that enables one or the other.<br>
<br>
The DSA algorithms have been disabled by default, this is because of<br>
RFC 8624.<br>
<br>
There is a crash fix in the parse of text of type WKS, reported by<br>
X41 D-Sec.<br>
<br>
In addition, neg and key caches can be shared with multiple<br>
libunbound contexts, a change that assists unwind. The<br>
contrib/unbound_portable.service provides a systemd start file for a<br>
portable setup. The configure --with-libbsd option allows the use<br>
of the bsd compatibility library so that it can use the arc4random<br>
from it. The stats in contrib/unbound_munin_ have num.query.tls and<br>
num.query.tls.resume added to them. For unbound-control the command<br>
view_local_datas_remove is added that removes data from a view.<br>
<br>
<br>
Features:<br>
- Merge RPZ support into master. Only QNAME and Response IP triggers are<br>
supported.<br>
- Added serve-stale functionality as described in<br>
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used<br>
to configure the behavior.<br>
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.<br>
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies<br>
come with a configurable TTL value (`serve-expired-reply-ttl`).<br>
- Merge #135 from Florian Obser: Use passed in neg and key cache<br>
if non-NULL.<br>
- Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance.<br>
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds<br>
and Frzk. Updates the unbound.service systemd file and adds a portable<br>
systemd service file.<br>
- Merge PR#154; Allow use of libbsd functions with configure option<br>
--with-libbsd. By Robert Edmonds and Steven Chamberlain.<br>
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.<br>
- Merge PR#156 from Alexander Berkes; Added unbound-control<br>
view_local_datas_remove command.<br>
<br>
Bug Fixes:<br>
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by<br>
Florian Obser<br>
- Update mailing list URL.<br>
- Fix #140: Document slave not downloading new zonefile upon update.<br>
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.<br>
The dl_iterate_phdr() function introduced in newer versions raises<br>
compilation errors on solaris 10.<br>
- Changes to compat/getentropy_solaris.c for,<br>
ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion<br>
for older systems.<br>
- Fix 'make test' to work for --disable-sha1 configure option.<br>
- Fix out-of-bounds null-byte write in sldns_bget_token_par while<br>
parsing type WKS, reported by Luis Merino from X41 D-Sec.<br>
- Updated sldns_bget_token_par fix for also space for the zero<br>
delimiter after the character. And update for more spare space.<br>
- Fix #138: stop binding pidfile inside chroot dir in systemd service<br>
file.<br>
- Fix the relationship between serve-expired and prefetch options,<br>
patch from Saksham Manchanda from Secure64.<br>
- Fix unreachable code in ssl set options code.<br>
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,<br>
because dnscrypt-proxy (2.0.36) does not support the test setup<br>
any more, and also the config file format does not seem to have the<br>
appropriate keys to recreate that setup.<br>
- Fix crash after reload where a stats lookup could reference old key<br>
cache and neg cache structures.<br>
- Fix for memory leak when edns subnet config options are read when<br>
compiled without edns subnet support.<br>
- Fix auth zone support for NSEC3 records without salt.<br>
- Merge PR#150 from Frzk: Systemd unit without chroot. It add<br>
contrib/<a href="http://unbound_nochroot.service.in" rel="noreferrer" target="_blank">unbound_nochroot.service.in</a>, a systemd file for use with<br>
chroot: "", see comments in the file, it uses systemd protections<br>
instead. It was superceded by #151, the unbound_portable.service<br>
file.<br>
- Merge PR#155 from Robert Edmonds: contrib/<a href="http://libunbound.pc.in" rel="noreferrer" target="_blank">libunbound.pc.in</a>: Fixes<br>
to Libs/Requires for crypto library dependencies.<br>
- iana portlist updated.<br>
- Fix to silence the tls handshake errors for broken pipe and reset<br>
by peer, unless verbosity is set to 2 or higher.<br>
- Merge PR#147; change rfc reference for reserved top level dns names.<br>
- Fix #157: undefined reference to `htobe64'.<br>
- Fix subnet tests for disabled DSA algorithm by default.<br>
- Update contrib/fastrpz.patch for clean diff with current code.<br>
- updated .gitignore for added contrib file.<br>
- Add build rule for ipset to Makefile<br>
- Add getentropy_freebsd.o to Makefile dependencies.<br>
- Fix memory leak in error condition remote.c<br>
- Fix double free in error condition view.c<br>
- Fix memory leak in do_auth_zone_transfer on success<br>
- Stop working on socket when socket() call returns an error.<br>
- Check malloc return values in TLS session ticket code<br>
- Fix fclose on error in TLS session ticket code.<br>
- Add assertion to please static analyzer<br>
- Fixed stats when replying with cached, cname-aliased records.<br>
- Added missing default values for redis cachedb backend.<br>
- Fix num_reply_addr counting in mesh and tcp drop due to size<br>
after serve_stale commit.<br>
- Fix to create and destroy rpz_lock in auth_zones structure.<br>
- Fix to lock zone before adding rpz qname trigger.<br>
- Fix to lock and release once in mesh_serve_expired_lookup.<br>
- Fix to put braces around empty if body when threading is disabled.<br>
- Fix num_reply_states and num_detached_states counting with<br>
serve_expired_callback.<br>
- Cleaner code in mesh_serve_expired_lookup.<br>
- Document in unbound.conf manpage that configuration clauses can be<br>
repeated in the configuration file.<br>
- Document 'ub_result.was_ratelimited' in libunbound.<br>
- Fix use after free on log-identity after a reload; Fixes #163.<br>
- Fix with libnettle make test with dsa disabled.<br>
- Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale<br>
fixes, but it does not compile, conflicts with new rpz code.<br>
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.<br>
- Fix compile warning when threads disabled.<br>
<br>
Best regards, Wouter<br>
<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: signature.asc<br>
Type: application/pgp-signature<br>
Size: 833 bytes<br>
Desc: OpenPGP digital signature<br>
URL: <<a href="http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200213/1a546cae/attachment-0001.bin" rel="noreferrer" target="_blank">http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200213/1a546cae/attachment-0001.bin</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 13 Feb 2020 14:43:18 +0100<br>
From: Elmar Stellnberger <<a href="mailto:estellnb@gmail.com" target="_blank">estellnb@gmail.com</a>><br>
To: <a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a><br>
Subject: Re: retrieve TLSA record also if it is not secured by DNSSEC<br>
Message-ID:<br>
<<a href="mailto:CAHgGK3SsQHOauqAN93QKf6Q0kxiyKWqKAdCi_Dd3ceHFhSBoHA@mail.gmail.com" target="_blank">CAHgGK3SsQHOauqAN93QKf6Q0kxiyKWqKAdCi_Dd3ceHFhSBoHA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
For Firefox they do intentionally not fix the flaw that you can not<br>
configure server certificates which use HSTS:<br>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1606802" rel="noreferrer" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=1606802</a>. I suspect them<br>
being paid by intelligence because otherwise they would not forcefully<br>
implement a bug like this (previous versions of FF were good). I do<br>
not know how the situation is with wget and curl but the fact that you<br>
can not set a server certificate by a command line switch at all<br>
points in the same direction. Why are there dozens of switches to<br>
configure certification authorities but not a single switch for a<br>
server certificate then? The way things are now all of these projects<br>
are not trustworthy all together.<br>
<br>
2020-02-12 20:57 GMT+01:00, Paul Wouters <<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>>:<br>
> On Wed, 12 Feb 2020, Elmar Stellnberger via Unbound-users wrote:<br>
><br>
>> hash-slinger's "tlsa" command? I have never heard of it. I just have the<br>
>> libunbound library here. I do not even have the unbound-host executable<br>
>> here<br>
>> which you mentioned in my previous mail.<br>
><br>
> <a href="https://github.com/letoams/hash-slinger" rel="noreferrer" target="_blank">https://github.com/letoams/hash-slinger</a><br>
><br>
>> The atea tool I am already offering for download is something like a<br>
>> light<br>
>><br>
>> weight curl or wget for https/DANE without html support. It can be used<br>
>> to<br>
>><br>
>> download files though.<br>
><br>
> Oh I see. That is different then. The tlsa command is used to generate<br>
> or verify certificates with their DNSSEC TLSA record entries. It<br>
> supports both websites and mailservers.<br>
><br>
> A tool that adds curl/wget support for TLSA is cool. although cooler<br>
> would be if curl/wget get native support of course :) Maybe Viktor<br>
> knows more about curl with openssl/tlsa support?<br>
><br>
> Paul<br>
><br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 13 Feb 2020 14:48:11 +0100<br>
From: Elmar Stellnberger <<a href="mailto:estellnb@gmail.com" target="_blank">estellnb@gmail.com</a>><br>
To: <a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a><br>
Subject: Re: retrieve TLSA record also if it is not secured by DNSSEC<br>
Message-ID:<br>
<<a href="mailto:CAHgGK3QyVJfbVmHiCgMzTmYULvk%2BtJf7Xze6aZMXF81J4TEwsQ@mail.gmail.com" target="_blank">CAHgGK3QyVJfbVmHiCgMzTmYULvk+tJf7Xze6aZMXF81J4TEwsQ@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
For Firefox they do intentionally not fix the flaw that you can not<br>
configure server certificates which use HSTS:<br>
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1606802" rel="noreferrer" target="_blank">https://bugzilla.mozilla.org/show_bug.cgi?id=1606802</a>. I suspect them<br>
being paid by intelligence because otherwise they would not forcefully<br>
implement a bug like this (previous versions of FF were good). I do<br>
not know how the situation is with wget and curl but the fact that you<br>
can not set a server certificate by a command line switch at all<br>
points in the same direction. Why are there dozens of switches to<br>
configure certification authorities but not a single switch for a<br>
server certificate then? The way things are now all of these projects<br>
are not trustworthy all together.<br>
<br>
2020-02-12 20:57 GMT+01:00, Paul Wouters <<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>>:<br>
> On Wed, 12 Feb 2020, Elmar Stellnberger via Unbound-users wrote:<br>
><br>
>> hash-slinger's "tlsa" command? I have never heard of it. I just have the<br>
>> libunbound library here. I do not even have the unbound-host executable<br>
>> here<br>
>> which you mentioned in my previous mail.<br>
><br>
> <a href="https://github.com/letoams/hash-slinger" rel="noreferrer" target="_blank">https://github.com/letoams/hash-slinger</a><br>
><br>
>> The atea tool I am already offering for download is something like a light<br>
>><br>
>> weight curl or wget for https/DANE without html support. It can be used to<br>
>><br>
>> download files though.<br>
><br>
> Oh I see. That is different then. The tlsa command is used to generate<br>
> or verify certificates with their DNSSEC TLSA record entries. It<br>
> supports both websites and mailservers.<br>
><br>
> A tool that adds curl/wget support for TLSA is cool. although cooler<br>
> would be if curl/wget get native support of course :) Maybe Viktor<br>
> knows more about curl with openssl/tlsa support?<br>
><br>
> Paul<br>
><br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Thu, 13 Feb 2020 14:08:21 +0000<br>
From: Tony Finch <<a href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>><br>
To: Elmar Stellnberger <<a href="mailto:estellnb@gmail.com" target="_blank">estellnb@gmail.com</a>><br>
Cc: Eric Luehrsen <<a href="mailto:ericluehrsen@gmail.com" target="_blank">ericluehrsen@gmail.com</a>>,<br>
<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a><br>
Subject: Re: dns over tls with unbound on openwrt<br>
Message-ID: <<a href="mailto:alpine.DEB.2.20.2002131350180.25433@grey.csi.cam.ac.uk" target="_blank">alpine.DEB.2.20.2002131350180.25433@grey.csi.cam.ac.uk</a>><br>
Content-Type: text/plain; charset=US-ASCII<br>
<br>
Elmar Stellnberger via Unbound-users <<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank">unbound-users@lists.nlnetlabs.nl</a>> wrote:<br>
<br>
> What is the difference between recursive and forward DNS?<br>
<br>
I make a distinction which is a bit more pedantic than usual...<br>
<br>
Recursion is about the kinds of queries a server is willing to answer: if<br>
the server sets the RA bit (recursion available) in its responses and is<br>
therefore willing to answer RD (recursion desired) queries. The effect is<br>
that the server will obtain a complete answer and won't return referrals.<br>
<br>
This is independent of how the server gets the answers. It can perform<br>
iterative resolution (making queries with RD=0 and chasing referrals) or<br>
it can send recursive queries to another recursive server - which is<br>
called forwarding.<br>
<br>
According to this model, saying a server is recursive doesn't imply<br>
anything about whether it forwards queries or does its own iterative<br>
resolution. But usually when a server is described as recursive, that<br>
implies it does iterative resolution.<br>
<br>
The way I relate "recursion" in the DNS sense to its usual meaning, is<br>
when one resolver asks another resolver to answer a query on its behalf,<br>
it's a bit (wave hands vigorously) like a recursive call from one function<br>
to another function. (In the DNS case depth of recursion is determined by<br>
the forwarding topology, rather than reducing the complexity of the query<br>
as one would expect from functional recursion.)<br>
<br>
What makes the terminology extra confusing is that iterative resolution is<br>
about traversing a tree-shaped namespace (which has a recursive flavour)<br>
and iterative resolution gets explicitly recursive when the resolver has<br>
to resolve a nameserver address in order to follow a referral.<br>
<br>
So my rationalizaion is mostly in vain, because it isn't really possible<br>
to relate the DNS uses of recursion and iteration to their non-DNS<br>
meanings.<br>
<br>
Tony.<br>
-- <br>
f.anthony.n.finch <<a href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>> <a href="http://dotat.at/" rel="noreferrer" target="_blank">http://dotat.at/</a><br>
German Bight, Humber: Cyclonic, becoming southwest later, 5 to 7, occasionally<br>
gale 8 at first. Moderate or rough. Rain then showers. Good, occasionally<br>
poor.<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
Unbound-users mailing list<br>
<a href="mailto:Unbound-users@lists.nlnetlabs.nl" target="_blank">Unbound-users@lists.nlnetlabs.nl</a><br>
<a href="https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users" rel="noreferrer" target="_blank">https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of Unbound-users Digest, Vol 2, Issue 18<br>
********************************************<br>
</blockquote></div>
</div></blockquote></div></div></div></blockquote></div>