diff options
Diffstat (limited to 'external/unbound/doc/TODO')
| -rw-r--r-- | external/unbound/doc/TODO | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/external/unbound/doc/TODO b/external/unbound/doc/TODO new file mode 100644 index 000000000..bfeef4aa4 --- /dev/null +++ b/external/unbound/doc/TODO @@ -0,0 +1,76 @@ +TODO items. These are interesting todo items. +o understand synthesized DNAMEs, so those TTL=0 packets are cached properly. +o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 + will result in proper negative responses. +o (option) where port 53 is used for send and receive, no other ports are used. +o (option) to not send replies to clients after a timeout of (say 5 secs) has + passed, but keep task active for later retries by client. +o (option) private TTL feature (always report TTL x in answers). +o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. +o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. +o (option) reprime and refresh oft used data before timeout. +o (option) retain prime results in a overlaid roothints file. +o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). +o windows version, auto update feature, a query to check for the version. +o command the server with TSIG inband. get-config, clearcache, + get stats, get memstats, get ..., reload, clear one zone from cache +o NSID rfc 5001 support. +o timers rfc 5011 support. +o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. +o make timeout backoffs randomized (a couple percent random) to spread traffic. +o inspect date on executable, then warn user in log if its more than 1 year. +o (option) proactively prime root, stubs and trust anchors, feature. + early failure, faster on first query, but more traffic. +o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. +o library add function to validate input from app that is signed. +o add dynamic-update requests (making a dynupd request) to libunbound api. +o SIG(0) and TSIG. +o support OPT record placement on recv anywhere in the additional section. +o add local-file: config with authority features. +o (option) to make local-data answers be secure for libunbound (default=no) +o (option) to make chroot: copy all needed files into jail (or make jail) + perhaps also print reminder to link /dev/random and sysloghack. +o overhaul outside-network servicedquery to merge with udpwait and tcpwait, + to make timers in servicedquery independent of udpwait queues. +o check into rebinding ports for efficiency, configure time test. +o EVP hardware crypto support. +o option to ignore all inception and expiration dates for rrsigs. +o cleaner code; return and func statements on newline. +o memcached module that sits before validator module; checks for memcached + data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. +o no openssl_add_all_algorithms, but only the ones necessary, less space. +o listen to NOTIFY messages for zones and flush the cache for that zone + if received. Useful when also having a stub to that auth server. + Needs proper protection, TSIG, in place. +o winevent - do not go more than 64 fds (by polling with select one by + one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. + +*** Features features, for later +* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. +* aggressive negative caching for NSEC, NSEC3. +* multiple queries per question, server exploration, server selection. +* support TSIG on queries, for validating resolver deployment. +* retry-mode, where a bogus result triggers a retry-mode query, where a list + of responses over a time interval is collected, and each is validated. + or try in TCP mode. Do not 'try all servers several times', since we must + not create packet storms with operator errors. +o on windows version, implement that OS ancillary data capabilities for + interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. +o local-zone directive with authority service, full authority server + is a non-goal. +o infra and lame cache: easier size config (in Mb), show usage in graphs. +- store time of dump in cachedumps, so that on a load the ttls can be + compared to the absolute time, and now-expired items can be dealt with. + +later +- selective verbosity; ubcontrol trace example.com +- cache fork-dump, pre-load +- for fwds, send queries to N servers in fwd-list, use first reply. + document high scalable, high available unbound setup onepager. +- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). +- use libevent if available on system by default(?), default outgoing 256to1024 + +[1] BIND-like query logging to see who's looking up what and when +[2] more logging about stuff like SERVFAIL and REFUSED responses +[3] a Makefile that works without gnumake + |