1238106SdesTODO items. These are interesting todo items. 2238106Sdeso understand synthesized DNAMEs, so those TTL=0 packets are cached properly. 3238106Sdeso NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 4238106Sdes will result in proper negative responses. 5238106Sdeso (option) where port 53 is used for send and receive, no other ports are used. 6238106Sdeso (option) to not send replies to clients after a timeout of (say 5 secs) has 7238106Sdes passed, but keep task active for later retries by client. 8238106Sdeso (option) private TTL feature (always report TTL x in answers). 9238106Sdeso (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. 10238106Sdeso delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. 11238106Sdeso (option) reprime and refresh oft used data before timeout. 12238106Sdeso (option) retain prime results in a overlaid roothints file. 13238106Sdeso (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). 14238106Sdeso windows version, auto update feature, a query to check for the version. 15238106Sdeso command the server with TSIG inband. get-config, clearcache, 16238106Sdes get stats, get memstats, get ..., reload, clear one zone from cache 17238106Sdeso NSID rfc 5001 support. 18238106Sdeso timers rfc 5011 support. 19238106Sdeso Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. 20238106Sdeso make timeout backoffs randomized (a couple percent random) to spread traffic. 21238106Sdeso inspect date on executable, then warn user in log if its more than 1 year. 22238106Sdeso (option) proactively prime root, stubs and trust anchors, feature. 23238106Sdes early failure, faster on first query, but more traffic. 24238106Sdeso library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. 25238106Sdeso library add function to validate input from app that is signed. 26238106Sdeso add dynamic-update requests (making a dynupd request) to libunbound api. 27238106Sdeso SIG(0) and TSIG. 28238106Sdeso support OPT record placement on recv anywhere in the additional section. 29238106Sdeso add local-file: config with authority features. 30238106Sdeso (option) to make local-data answers be secure for libunbound (default=no) 31238106Sdeso (option) to make chroot: copy all needed files into jail (or make jail) 32238106Sdes perhaps also print reminder to link /dev/random and sysloghack. 33238106Sdeso overhaul outside-network servicedquery to merge with udpwait and tcpwait, 34238106Sdes to make timers in servicedquery independent of udpwait queues. 35238106Sdeso check into rebinding ports for efficiency, configure time test. 36238106Sdeso EVP hardware crypto support. 37238106Sdeso option to ignore all inception and expiration dates for rrsigs. 38238106Sdeso cleaner code; return and func statements on newline. 39238106Sdeso memcached module that sits before validator module; checks for memcached 40238106Sdes data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. 41238106Sdeso no openssl_add_all_algorithms, but only the ones necessary, less space. 42238106Sdeso listen to NOTIFY messages for zones and flush the cache for that zone 43238106Sdes if received. Useful when also having a stub to that auth server. 44238106Sdes Needs proper protection, TSIG, in place. 45238106Sdeso winevent - do not go more than 64 fds (by polling with select one by 46238106Sdes one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability. 47238106Sdes 48238106Sdes*** Features features, for later 49238106Sdes* dTLS, TLS, look to need special port numbers, cert storage, recent libssl. 50238106Sdes* aggressive negative caching for NSEC, NSEC3. 51238106Sdes* multiple queries per question, server exploration, server selection. 52238106Sdes* support TSIG on queries, for validating resolver deployment. 53238106Sdes* retry-mode, where a bogus result triggers a retry-mode query, where a list 54238106Sdes of responses over a time interval is collected, and each is validated. 55238106Sdes or try in TCP mode. Do not 'try all servers several times', since we must 56238106Sdes not create packet storms with operator errors. 57238106Sdeso on windows version, implement that OS ancillary data capabilities for 58238106Sdes interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. 59238106Sdeso local-zone directive with authority service, full authority server 60238106Sdes is a non-goal. 61238106Sdeso infra and lame cache: easier size config (in Mb), show usage in graphs. 62238106Sdes- store time of dump in cachedumps, so that on a load the ttls can be 63238106Sdes compared to the absolute time, and now-expired items can be dealt with. 64238106Sdes 65238106Sdeslater 66238106Sdes- selective verbosity; ubcontrol trace example.com 67238106Sdes- cache fork-dump, pre-load 68238106Sdes- for fwds, send queries to N servers in fwd-list, use first reply. 69238106Sdes document high scalable, high available unbound setup onepager. 70238106Sdes- prefetch DNSKEY when DS in delegation seen (nonCD, underTA). 71238106Sdes- use libevent if available on system by default(?), default outgoing 256to1024 72238106Sdes 73238106Sdes[1] BIND-like query logging to see who's looking up what and when 74238106Sdes[2] more logging about stuff like SERVFAIL and REFUSED responses 75238106Sdes[3] a Makefile that works without gnumake 76238106Sdes 77