xref: /freebsd/contrib/unbound/doc/TODO (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1TODO items. These are interesting todo items.
2o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
3o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
4  will result in proper negative responses.
5o (option) where port 53 is used for send and receive, no other ports are used.
6o (option) to not send replies to clients after a timeout of (say 5 secs) has
7  passed, but keep task active for later retries by client.
8o (option) private TTL feature (always report TTL x in answers).
9o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops.
10o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets.
11o (option) reprime and refresh oft used data before timeout.
12o (option) retain prime results in a overlaid roothints file.
13o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers).
14o windows version, auto update feature, a query to check for the version.
15o command the server with TSIG inband. get-config, clearcache,
16	get stats, get memstats, get ..., reload, clear one zone from cache
17o timers rfc 5011 support.
18o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
19o make timeout backoffs randomized (a couple percent random) to spread traffic.
20o inspect date on executable, then warn user in log if its more than 1 year.
21o (option) proactively prime root, stubs and trust anchors, feature.
22  early failure, faster on first query, but more traffic.
23o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
24o library add function to validate input from app that is signed.
25o add dynamic-update requests (making a dynupd request) to libunbound api.
26o SIG(0) and TSIG.
27o support OPT record placement on recv anywhere in the additional section.
28o add local-file: config with authority features.
29o (option) to make local-data answers be secure for libunbound (default=no)
30o (option) to make chroot: copy all needed files into jail (or make jail)
31	perhaps also print reminder to link /dev/urandom and sysloghack.
32o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
33  to make timers in servicedquery independent of udpwait queues.
34o check into rebinding ports for efficiency, configure time test.
35o EVP hardware crypto support.
36o option to ignore all inception and expiration dates for rrsigs.
37o cleaner code; return and func statements on newline.
38o memcached module that sits before validator module; checks for memcached
39  data (on local lan), stores recursion lookup.  Provides one cache for multiple resolver machines, coherent reply content in anycast setup.
40o no openssl_add_all_algorithms, but only the ones necessary, less space.
41o listen to NOTIFY messages for zones and flush the cache for that zone
42  if received.  Useful when also having a stub to that auth server.
43  Needs proper protection, TSIG, in place.
44o winevent - do not go more than 64 fds (by polling with select one by
45  one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability.
46
47*** Features features, for later
48* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
49* aggressive negative caching for NSEC, NSEC3.
50* multiple queries per question, server exploration, server selection.
51* support TSIG on queries, for validating resolver deployment.
52* retry-mode, where a bogus result triggers a retry-mode query, where a list
53  of responses over a time interval is collected, and each is validated.
54  or try in TCP mode. Do not 'try all servers several times', since we must
55  not create packet storms with operator errors.
56o on windows version, implement that OS ancillary data capabilities for
57  interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
58o local-zone directive with authority service, full authority server
59  is a non-goal.
60o infra and lame cache: easier size config (in Mb), show usage in graphs.
61- store time of dump in cachedumps, so that on a load the ttls can be
62  compared to the absolute time, and now-expired items can be dealt with.
63
64later
65- selective verbosity; ubcontrol trace example.com
66- cache fork-dump, pre-load
67- for fwds, send queries to N servers in fwd-list, use first reply.
68  document high scalable, high available unbound setup onepager.
69- prefetch DNSKEY when DS in delegation seen (nonCD, underTA).
70- use libevent if available on system by default(?), default outgoing 256to1024
71
72[1] BIND-like query logging to see who's looking up what and when
73[2] more logging about stuff like SERVFAIL and REFUSED responses
74[3] a Makefile that works without gnumake
75
76