diff options
Diffstat (limited to 'external/unbound/doc/TODO')
| -rw-r--r-- | external/unbound/doc/TODO | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/external/unbound/doc/TODO b/external/unbound/doc/TODO deleted file mode 100644 index bfeef4aa4..000000000 --- a/external/unbound/doc/TODO +++ /dev/null @@ -1,76 +0,0 @@ -TODO items. These are interesting todo items. -o understand synthesized DNAMEs, so those TTL=0 packets are cached properly. -o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 - will result in proper negative responses. -o (option) where port 53 is used for send and receive, no other ports are used. -o (option) to not send replies to clients after a timeout of (say 5 secs) has - passed, but keep task active for later retries by client. -o (option) private TTL feature (always report TTL x in answers). -o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. -o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. -o (option) reprime and refresh oft used data before timeout. -o (option) retain prime results in a overlaid roothints file. -o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). -o windows version, auto update feature, a query to check for the version. -o command the server with TSIG inband. get-config, clearcache, - get stats, get memstats, get ..., reload, clear one zone from cache -o NSID rfc 5001 support. -o timers rfc 5011 support. -o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. -o make timeout backoffs randomized (a couple percent random) to spread traffic. -o inspect date on executable, then warn user in log if its more than 1 year. -o (option) proactively prime root, stubs and trust anchors, feature. - early failure, faster on first query, but more traffic. -o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. -o library add function to validate input from app that is signed. -o add dynamic-update requests (making a dynupd request) to libunbound api. -o SIG(0) and TSIG. -o support OPT record placement on recv anywhere in the additional section. -o add local-file: config with authority features. -o (option) to make local-data answers be secure for libunbound (default=no) -o (option) to make chroot: copy all needed files into jail (or make jail) - perhaps also print reminder to link /dev/random and sysloghack. -o overhaul outside-network servicedquery to merge with udpwait and tcpwait, - to make timers in servicedquery independent of udpwait queues. -o check into rebinding ports for efficiency, configure time test. -o EVP hardware crypto support. -o option to ignore all inception and expiration dates for rrsigs. -o cleaner code; return and func statements on newline. -o memcached module that sits before validator module; checks for memcached - data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. -o no openssl_add_all_algorithms, but only the ones necessary, less space. -o listen to NOTIFY messages for zones and flush the cache for that zone - if received. Useful when also having a stub to that auth server. - Needs proper protection, TSIG, in place. -o winevent - do not go more than 64 fds (by polling with select one by - one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. - -*** Features features, for later -* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. -* aggressive negative caching for NSEC, NSEC3. -* multiple queries per question, server exploration, server selection. -* support TSIG on queries, for validating resolver deployment. -* retry-mode, where a bogus result triggers a retry-mode query, where a list - of responses over a time interval is collected, and each is validated. - or try in TCP mode. Do not 'try all servers several times', since we must - not create packet storms with operator errors. -o on windows version, implement that OS ancillary data capabilities for - interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. -o local-zone directive with authority service, full authority server - is a non-goal. -o infra and lame cache: easier size config (in Mb), show usage in graphs. -- store time of dump in cachedumps, so that on a load the ttls can be - compared to the absolute time, and now-expired items can be dealt with. - -later -- selective verbosity; ubcontrol trace example.com -- cache fork-dump, pre-load -- for fwds, send queries to N servers in fwd-list, use first reply. - document high scalable, high available unbound setup onepager. -- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). -- use libevent if available on system by default(?), default outgoing 256to1024 - -[1] BIND-like query logging to see who's looking up what and when -[2] more logging about stuff like SERVFAIL and REFUSED responses -[3] a Makefile that works without gnumake - |