townforge/unbound
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
0009c90ef8
unbound/doc/TODO
wouter 0009c90ef8 log querier on verbosity 5 or higher. 
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@1461 be551aaa-1e26-0410-a405-d3ace91eadb9
2009-02-06 10:37:20 +00:00

73 lines
4.2 KiB
Plaintext
Raw Blame History

TODO items. These are interesting todo items.
o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
will result in proper negative responses.
o (option) where port 53 is used for send and receive, no other ports are used.
o (option) to not send replies to clients after a timeout of (say 5 secs) has
passed, but keep task active for later retries by client.
o (option) private TTL feature (always report TTL x in answers).
o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops.
o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets.
o (option) reprime and refresh oft used data before timeout.
o (option) retain prime results in a overlaid roothints file.
o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers).
o windows version, auto update feature, a query to check for the version.
o command the server with TSIG inband. get-config, clearcache,
get stats, get memstats, get ..., reload, clear one zone from cache
o NSID rfc 5001 support.
o timers rfc 5011 support.
o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
o make timeout backoffs randomized (a couple percent random) to spread traffic.
o inspect date on executable, then warn user in log if its more than 1 year.
o (option) proactively prime root, stubs and trust anchors, feature.
early failure, faster on first query, but more traffic.
o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
o library add function to validate input from app that is signed.
o add dynamic-update requests (making a dynupd request) to libunbound api.
o SIG(0) and TSIG.
o support OPT record placement on recv anywhere in the additional section.
o add local-file: config with authority features.
o (option) to make local-data answers be secure for libunbound (default=no)
o (option) to make chroot: copy all needed files into jail (or make jail)
perhaps also print reminder to link /dev/random and sysloghack.
o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
to make timers in servicedquery independent of udpwait queues.
o check into rebinding ports for efficiency, configure time test.
o EVP hardware crypto support.
o option to ignore all inception and expiration dates for rrsigs.
o option to use builtin ldns explicitly. Or stop shipping builtin tarball.
o cleaner code; return and func statements on newline.
o memcached module that sits before validator module; checks for memcached
data (on local lan), stores recursion lookup. Provides one cache for
multiple resolver machines, coherent reply content in anycast setup.
o no openssl_add_all_algorithms, but only the ones necessary, less space.
*** Features features, for later
* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
* aggressive negative caching for NSEC, NSEC3.
* multiple queries per question, server exploration, server selection.
* support TSIG on queries, for validating resolver deployment.
* retry-mode, where a bogus result triggers a retry-mode query, where a list
of responses over a time interval is collected, and each is validated.
or try in TCP mode. Do not 'try all servers several times', since we must
not create packet storms with operator errors.
* Windows port features
o on windows version, implement that OS ancillary data capabilities for
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
o local-zone directive with authority service, full authority server
is a non-goal.
o make so revoke bit keys cannot verify signatures
o option to print UTC timestamps instead of epoch in seconds.
o infra and lame cache: easier size config (in Mb), show usage in graphs.
o #226: unbound_control dump_requestlist
o #227: unbound_control flush_stats
o unbound_control get_stats_noreset
o unbound_control forward [addr {addr}] | [off]
o #231: unbound_checkconf options to output config file data.
o config entry to denote that a zone is to be treated as unsigned (even if
a DS exists to higher trust anchor).
o see if we can include the python bindings (contrib).
o remote control read ssl information while priviledged.
Reference in New Issue View Git Blame Copy Permalink