1238106SdesTODO items. These are interesting todo items.
2238106Sdeso understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
3238106Sdeso NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 
4238106Sdes  will result in proper negative responses.
5238106Sdeso (option) where port 53 is used for send and receive, no other ports are used.
6238106Sdeso (option) to not send replies to clients after a timeout of (say 5 secs) has
7238106Sdes  passed, but keep task active for later retries by client.
8238106Sdeso (option) private TTL feature (always report TTL x in answers).
9238106Sdeso (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops.
10238106Sdeso delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets.
11238106Sdeso (option) reprime and refresh oft used data before timeout.
12238106Sdeso (option) retain prime results in a overlaid roothints file.
13238106Sdeso (option) store primed key data in a overlaid keyhints file (sort of like drafttimers).
14238106Sdeso windows version, auto update feature, a query to check for the version.
15238106Sdeso command the server with TSIG inband. get-config, clearcache, 
16238106Sdes	get stats, get memstats, get ..., reload, clear one zone from cache
17238106Sdeso NSID rfc 5001 support.
18238106Sdeso timers rfc 5011 support.
19238106Sdeso Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
20238106Sdeso make timeout backoffs randomized (a couple percent random) to spread traffic.
21238106Sdeso inspect date on executable, then warn user in log if its more than 1 year.
22238106Sdeso (option) proactively prime root, stubs and trust anchors, feature.
23238106Sdes  early failure, faster on first query, but more traffic.
24238106Sdeso library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
25238106Sdeso library add function to validate input from app that is signed.
26238106Sdeso add dynamic-update requests (making a dynupd request) to libunbound api.
27238106Sdeso SIG(0) and TSIG.
28238106Sdeso support OPT record placement on recv anywhere in the additional section. 
29238106Sdeso add local-file: config with authority features.
30238106Sdeso (option) to make local-data answers be secure for libunbound (default=no)
31238106Sdeso (option) to make chroot: copy all needed files into jail (or make jail)
32238106Sdes	perhaps also print reminder to link /dev/random and sysloghack.
33238106Sdeso overhaul outside-network servicedquery to merge with udpwait and tcpwait,
34238106Sdes  to make timers in servicedquery independent of udpwait queues.
35238106Sdeso check into rebinding ports for efficiency, configure time test.
36238106Sdeso EVP hardware crypto support.
37238106Sdeso option to ignore all inception and expiration dates for rrsigs.
38238106Sdeso cleaner code; return and func statements on newline.
39238106Sdeso memcached module that sits before validator module; checks for memcached
40238106Sdes  data (on local lan), stores recursion lookup.  Provides one cache for multiple resolver machines, coherent reply content in anycast setup.
41238106Sdeso no openssl_add_all_algorithms, but only the ones necessary, less space.
42238106Sdeso listen to NOTIFY messages for zones and flush the cache for that zone
43238106Sdes  if received.  Useful when also having a stub to that auth server.
44238106Sdes  Needs proper protection, TSIG, in place.
45238106Sdeso winevent - do not go more than 64 fds (by polling with select one by
46238106Sdes  one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability.
47238106Sdes
48238106Sdes*** Features features, for later
49238106Sdes* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
50238106Sdes* aggressive negative caching for NSEC, NSEC3.
51238106Sdes* multiple queries per question, server exploration, server selection.
52238106Sdes* support TSIG on queries, for validating resolver deployment.
53238106Sdes* retry-mode, where a bogus result triggers a retry-mode query, where a list
54238106Sdes  of responses over a time interval is collected, and each is validated.
55238106Sdes  or try in TCP mode. Do not 'try all servers several times', since we must
56238106Sdes  not create packet storms with operator errors.
57238106Sdeso on windows version, implement that OS ancillary data capabilities for
58238106Sdes  interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
59238106Sdeso local-zone directive with authority service, full authority server 
60238106Sdes  is a non-goal.
61238106Sdeso infra and lame cache: easier size config (in Mb), show usage in graphs.
62238106Sdes- store time of dump in cachedumps, so that on a load the ttls can be
63238106Sdes  compared to the absolute time, and now-expired items can be dealt with.
64238106Sdes
65238106Sdeslater
66238106Sdes- selective verbosity; ubcontrol trace example.com
67238106Sdes- cache fork-dump, pre-load
68238106Sdes- for fwds, send queries to N servers in fwd-list, use first reply.
69238106Sdes  document high scalable, high available unbound setup onepager.
70238106Sdes- prefetch DNSKEY when DS in delegation seen (nonCD, underTA).
71238106Sdes- use libevent if available on system by default(?), default outgoing 256to1024
72238106Sdes
73238106Sdes[1] BIND-like query logging to see who's looking up what and when
74238106Sdes[2] more logging about stuff like SERVFAIL and REFUSED responses
75238106Sdes[3] a Makefile that works without gnumake
76238106Sdes
77