1b7579f77SDag-Erling SmørgravTODO items. These are interesting todo items. 2b7579f77SDag-Erling Smørgravo understand synthesized DNAMEs, so those TTL=0 packets are cached properly. 3b7579f77SDag-Erling Smørgravo NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 4b7579f77SDag-Erling Smørgrav will result in proper negative responses. 5b7579f77SDag-Erling Smørgravo (option) where port 53 is used for send and receive, no other ports are used. 6b7579f77SDag-Erling Smørgravo (option) to not send replies to clients after a timeout of (say 5 secs) has 7b7579f77SDag-Erling Smørgrav passed, but keep task active for later retries by client. 8b7579f77SDag-Erling Smørgravo (option) private TTL feature (always report TTL x in answers). 9b7579f77SDag-Erling Smørgravo (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. 10b7579f77SDag-Erling Smørgravo delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. 11b7579f77SDag-Erling Smørgravo (option) reprime and refresh oft used data before timeout. 12b7579f77SDag-Erling Smørgravo (option) retain prime results in a overlaid roothints file. 13b7579f77SDag-Erling Smørgravo (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). 14b7579f77SDag-Erling Smørgravo windows version, auto update feature, a query to check for the version. 15b7579f77SDag-Erling Smørgravo command the server with TSIG inband. get-config, clearcache, 16b7579f77SDag-Erling Smørgrav get stats, get memstats, get ..., reload, clear one zone from cache 17b7579f77SDag-Erling Smørgravo timers rfc 5011 support. 18b7579f77SDag-Erling Smørgravo Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. 19b7579f77SDag-Erling Smørgravo make timeout backoffs randomized (a couple percent random) to spread traffic. 20b7579f77SDag-Erling Smørgravo inspect date on executable, then warn user in log if its more than 1 year. 21b7579f77SDag-Erling Smørgravo (option) proactively prime root, stubs and trust anchors, feature. 22b7579f77SDag-Erling Smørgrav early failure, faster on first query, but more traffic. 23b7579f77SDag-Erling Smørgravo library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. 24b7579f77SDag-Erling Smørgravo library add function to validate input from app that is signed. 25b7579f77SDag-Erling Smørgravo add dynamic-update requests (making a dynupd request) to libunbound api. 26b7579f77SDag-Erling Smørgravo SIG(0) and TSIG. 27b7579f77SDag-Erling Smørgravo support OPT record placement on recv anywhere in the additional section. 28b7579f77SDag-Erling Smørgravo add local-file: config with authority features. 29b7579f77SDag-Erling Smørgravo (option) to make local-data answers be secure for libunbound (default=no) 30b7579f77SDag-Erling Smørgravo (option) to make chroot: copy all needed files into jail (or make jail) 31*0eefd307SCy Schubert perhaps also print reminder to link /dev/urandom and sysloghack. 32b7579f77SDag-Erling Smørgravo overhaul outside-network servicedquery to merge with udpwait and tcpwait, 33b7579f77SDag-Erling Smørgrav to make timers in servicedquery independent of udpwait queues. 34b7579f77SDag-Erling Smørgravo check into rebinding ports for efficiency, configure time test. 35b7579f77SDag-Erling Smørgravo EVP hardware crypto support. 36b7579f77SDag-Erling Smørgravo option to ignore all inception and expiration dates for rrsigs. 37b7579f77SDag-Erling Smørgravo cleaner code; return and func statements on newline. 38b7579f77SDag-Erling Smørgravo memcached module that sits before validator module; checks for memcached 39b7579f77SDag-Erling Smørgrav data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. 40b7579f77SDag-Erling Smørgravo no openssl_add_all_algorithms, but only the ones necessary, less space. 41b7579f77SDag-Erling Smørgravo listen to NOTIFY messages for zones and flush the cache for that zone 42b7579f77SDag-Erling Smørgrav if received. Useful when also having a stub to that auth server. 43b7579f77SDag-Erling Smørgrav Needs proper protection, TSIG, in place. 44b7579f77SDag-Erling Smørgravo winevent - do not go more than 64 fds (by polling with select one by 45b7579f77SDag-Erling Smørgrav one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. 46b7579f77SDag-Erling Smørgrav 47b7579f77SDag-Erling Smørgrav*** Features features, for later 48b7579f77SDag-Erling Smørgrav* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. 49b7579f77SDag-Erling Smørgrav* aggressive negative caching for NSEC, NSEC3. 50b7579f77SDag-Erling Smørgrav* multiple queries per question, server exploration, server selection. 51b7579f77SDag-Erling Smørgrav* support TSIG on queries, for validating resolver deployment. 52b7579f77SDag-Erling Smørgrav* retry-mode, where a bogus result triggers a retry-mode query, where a list 53b7579f77SDag-Erling Smørgrav of responses over a time interval is collected, and each is validated. 54b7579f77SDag-Erling Smørgrav or try in TCP mode. Do not 'try all servers several times', since we must 55b7579f77SDag-Erling Smørgrav not create packet storms with operator errors. 56b7579f77SDag-Erling Smørgravo on windows version, implement that OS ancillary data capabilities for 57b7579f77SDag-Erling Smørgrav interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. 58b7579f77SDag-Erling Smørgravo local-zone directive with authority service, full authority server 59b7579f77SDag-Erling Smørgrav is a non-goal. 60b7579f77SDag-Erling Smørgravo infra and lame cache: easier size config (in Mb), show usage in graphs. 61b7579f77SDag-Erling Smørgrav- store time of dump in cachedumps, so that on a load the ttls can be 62b7579f77SDag-Erling Smørgrav compared to the absolute time, and now-expired items can be dealt with. 63b7579f77SDag-Erling Smørgrav 64b7579f77SDag-Erling Smørgravlater 65b7579f77SDag-Erling Smørgrav- selective verbosity; ubcontrol trace example.com 66b7579f77SDag-Erling Smørgrav- cache fork-dump, pre-load 67b7579f77SDag-Erling Smørgrav- for fwds, send queries to N servers in fwd-list, use first reply. 68b7579f77SDag-Erling Smørgrav document high scalable, high available unbound setup onepager. 69b7579f77SDag-Erling Smørgrav- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). 70b7579f77SDag-Erling Smørgrav- use libevent if available on system by default(?), default outgoing 256to1024 71b7579f77SDag-Erling Smørgrav 72b7579f77SDag-Erling Smørgrav[1] BIND-like query logging to see who's looking up what and when 73b7579f77SDag-Erling Smørgrav[2] more logging about stuff like SERVFAIL and REFUSED responses 74b7579f77SDag-Erling Smørgrav[3] a Makefile that works without gnumake 75b7579f77SDag-Erling Smørgrav 76