summaryrefslogtreecommitdiffstats
path: root/contrib/unbound/doc/TODO
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/doc/TODO')
-rw-r--r--contrib/unbound/doc/TODO76
1 files changed, 76 insertions, 0 deletions
diff --git a/contrib/unbound/doc/TODO b/contrib/unbound/doc/TODO
new file mode 100644
index 0000000..bfeef4a
--- /dev/null
+++ b/contrib/unbound/doc/TODO
@@ -0,0 +1,76 @@
+TODO items. These are interesting todo items.
+o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
+o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
+ will result in proper negative responses.
+o (option) where port 53 is used for send and receive, no other ports are used.
+o (option) to not send replies to clients after a timeout of (say 5 secs) has
+ passed, but keep task active for later retries by client.
+o (option) private TTL feature (always report TTL x in answers).
+o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops.
+o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets.
+o (option) reprime and refresh oft used data before timeout.
+o (option) retain prime results in a overlaid roothints file.
+o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers).
+o windows version, auto update feature, a query to check for the version.
+o command the server with TSIG inband. get-config, clearcache,
+ get stats, get memstats, get ..., reload, clear one zone from cache
+o NSID rfc 5001 support.
+o timers rfc 5011 support.
+o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
+o make timeout backoffs randomized (a couple percent random) to spread traffic.
+o inspect date on executable, then warn user in log if its more than 1 year.
+o (option) proactively prime root, stubs and trust anchors, feature.
+ early failure, faster on first query, but more traffic.
+o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
+o library add function to validate input from app that is signed.
+o add dynamic-update requests (making a dynupd request) to libunbound api.
+o SIG(0) and TSIG.
+o support OPT record placement on recv anywhere in the additional section.
+o add local-file: config with authority features.
+o (option) to make local-data answers be secure for libunbound (default=no)
+o (option) to make chroot: copy all needed files into jail (or make jail)
+ perhaps also print reminder to link /dev/random and sysloghack.
+o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
+ to make timers in servicedquery independent of udpwait queues.
+o check into rebinding ports for efficiency, configure time test.
+o EVP hardware crypto support.
+o option to ignore all inception and expiration dates for rrsigs.
+o cleaner code; return and func statements on newline.
+o memcached module that sits before validator module; checks for memcached
+ data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup.
+o no openssl_add_all_algorithms, but only the ones necessary, less space.
+o listen to NOTIFY messages for zones and flush the cache for that zone
+ if received. Useful when also having a stub to that auth server.
+ Needs proper protection, TSIG, in place.
+o winevent - do not go more than 64 fds (by polling with select one by
+ one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability.
+
+*** Features features, for later
+* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
+* aggressive negative caching for NSEC, NSEC3.
+* multiple queries per question, server exploration, server selection.
+* support TSIG on queries, for validating resolver deployment.
+* retry-mode, where a bogus result triggers a retry-mode query, where a list
+ of responses over a time interval is collected, and each is validated.
+ or try in TCP mode. Do not 'try all servers several times', since we must
+ not create packet storms with operator errors.
+o on windows version, implement that OS ancillary data capabilities for
+ interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
+o local-zone directive with authority service, full authority server
+ is a non-goal.
+o infra and lame cache: easier size config (in Mb), show usage in graphs.
+- store time of dump in cachedumps, so that on a load the ttls can be
+ compared to the absolute time, and now-expired items can be dealt with.
+
+later
+- selective verbosity; ubcontrol trace example.com
+- cache fork-dump, pre-load
+- for fwds, send queries to N servers in fwd-list, use first reply.
+ document high scalable, high available unbound setup onepager.
+- prefetch DNSKEY when DS in delegation seen (nonCD, underTA).
+- use libevent if available on system by default(?), default outgoing 256to1024
+
+[1] BIND-like query logging to see who's looking up what and when
+[2] more logging about stuff like SERVFAIL and REFUSED responses
+[3] a Makefile that works without gnumake
+
OpenPOWER on IntegriCloud