1933707f3SsthenTODO items. These are interesting todo items. 2933707f3Sstheno understand synthesized DNAMEs, so those TTL=0 packets are cached properly. 3933707f3Sstheno NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 4933707f3Ssthen will result in proper negative responses. 5933707f3Sstheno (option) where port 53 is used for send and receive, no other ports are used. 6933707f3Sstheno (option) to not send replies to clients after a timeout of (say 5 secs) has 7933707f3Ssthen passed, but keep task active for later retries by client. 8933707f3Sstheno (option) private TTL feature (always report TTL x in answers). 9933707f3Sstheno (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. 10933707f3Sstheno delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. 11933707f3Sstheno (option) reprime and refresh oft used data before timeout. 12933707f3Sstheno (option) retain prime results in a overlaid roothints file. 13933707f3Sstheno (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). 14933707f3Sstheno windows version, auto update feature, a query to check for the version. 15933707f3Sstheno command the server with TSIG inband. get-config, clearcache, 16933707f3Ssthen get stats, get memstats, get ..., reload, clear one zone from cache 17933707f3Sstheno timers rfc 5011 support. 18933707f3Sstheno Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. 19933707f3Sstheno make timeout backoffs randomized (a couple percent random) to spread traffic. 20933707f3Sstheno inspect date on executable, then warn user in log if its more than 1 year. 21933707f3Sstheno (option) proactively prime root, stubs and trust anchors, feature. 22933707f3Ssthen early failure, faster on first query, but more traffic. 23933707f3Sstheno library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. 24933707f3Sstheno library add function to validate input from app that is signed. 25933707f3Sstheno add dynamic-update requests (making a dynupd request) to libunbound api. 26933707f3Sstheno SIG(0) and TSIG. 27933707f3Sstheno support OPT record placement on recv anywhere in the additional section. 28933707f3Sstheno add local-file: config with authority features. 29933707f3Sstheno (option) to make local-data answers be secure for libunbound (default=no) 30933707f3Sstheno (option) to make chroot: copy all needed files into jail (or make jail) 31*b0dfc31bSsthen perhaps also print reminder to link /dev/urandom and sysloghack. 32933707f3Sstheno overhaul outside-network servicedquery to merge with udpwait and tcpwait, 33933707f3Ssthen to make timers in servicedquery independent of udpwait queues. 34933707f3Sstheno check into rebinding ports for efficiency, configure time test. 35933707f3Sstheno EVP hardware crypto support. 36933707f3Sstheno option to ignore all inception and expiration dates for rrsigs. 37933707f3Sstheno cleaner code; return and func statements on newline. 38933707f3Sstheno memcached module that sits before validator module; checks for memcached 39933707f3Ssthen data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. 40933707f3Sstheno no openssl_add_all_algorithms, but only the ones necessary, less space. 41933707f3Sstheno listen to NOTIFY messages for zones and flush the cache for that zone 42933707f3Ssthen if received. Useful when also having a stub to that auth server. 43933707f3Ssthen Needs proper protection, TSIG, in place. 44933707f3Sstheno winevent - do not go more than 64 fds (by polling with select one by 45933707f3Ssthen one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. 46933707f3Ssthen 47933707f3Ssthen*** Features features, for later 48933707f3Ssthen* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. 49933707f3Ssthen* aggressive negative caching for NSEC, NSEC3. 50933707f3Ssthen* multiple queries per question, server exploration, server selection. 51933707f3Ssthen* support TSIG on queries, for validating resolver deployment. 52933707f3Ssthen* retry-mode, where a bogus result triggers a retry-mode query, where a list 53933707f3Ssthen of responses over a time interval is collected, and each is validated. 54933707f3Ssthen or try in TCP mode. Do not 'try all servers several times', since we must 55933707f3Ssthen not create packet storms with operator errors. 56933707f3Sstheno on windows version, implement that OS ancillary data capabilities for 57933707f3Ssthen interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. 58933707f3Sstheno local-zone directive with authority service, full authority server 59933707f3Ssthen is a non-goal. 60933707f3Sstheno infra and lame cache: easier size config (in Mb), show usage in graphs. 61933707f3Ssthen- store time of dump in cachedumps, so that on a load the ttls can be 62933707f3Ssthen compared to the absolute time, and now-expired items can be dealt with. 63933707f3Ssthen 64933707f3Ssthenlater 65933707f3Ssthen- selective verbosity; ubcontrol trace example.com 66933707f3Ssthen- cache fork-dump, pre-load 67933707f3Ssthen- for fwds, send queries to N servers in fwd-list, use first reply. 68933707f3Ssthen document high scalable, high available unbound setup onepager. 69933707f3Ssthen- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). 70933707f3Ssthen- use libevent if available on system by default(?), default outgoing 256to1024 71933707f3Ssthen 72933707f3Ssthen[1] BIND-like query logging to see who's looking up what and when 73933707f3Ssthen[2] more logging about stuff like SERVFAIL and REFUSED responses 74933707f3Ssthen[3] a Makefile that works without gnumake 75933707f3Ssthen 76