o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
o library add function to validate input from app that is signed.
o add dynamic-update requests (making a dynupd request) to libunbound api.
-o in an ipv6 connected only environment unbound cannot use outgoing IP6
- to send to ip4to6 mapped hosts, need ip4to6map of NS and disable
- V6ONLY socket option.
o SIG(0) and TSIG.
o support OPT record placement on recv anywhere in the additional section.
o add local-file: config with authority features.
o (option) to make local-data answers be secure for libunbound (default=no)
o (option) to make chroot: copy all needed files into jail (or make jail)
perhaps also print reminder to link /dev/random and sysloghack.
-o (option) for extended statistics. If enabled (not by default) collect print
- rcode, uptime, spoofnearmisses, cache size, qtype,
- bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
- perhaps also see which slow auth servers cause >1sec values.
- stats-file possible with key: value or key=value lines in it.
- stats on SIGUSR1. addup stats over threads.
o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
to make timers in servicedquery independent of udpwait queues.
o 0x20 fallback so it can be enabled without trouble.
o check into rebinding ports for efficiency, configure time test.
-o DLV is considered.
o EVP hardware crypto support.
Features soon after 1.0.
o zone name appending for local-data. Perhaps read zonefiles. Perhaps it is
too much authority feature creep.
-o on windows version, libunbound uses a NamedPipe, examine security status
- make sure the OS makes it safe like on unix.
o on windows version, implement that OS ancillary data capabilities for
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
+o (option) for extended statistics. If enabled (not by default) collect print
+ rcode, uptime, spoofnearmisses, cache size, qtype,
+ bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
+ perhaps also see which slow auth servers cause >1sec values.
+ stats-file possible with key: value or key=value lines in it.
+ stats on SIGUSR1. addup stats over threads.
For 1.x; features that have been requested during the beta test.
o command channel for couple of tasks. Like rndc. unbound-control
spoofing attempts. Make sure these ports are not needed by other daemons.
By default only ports above 1024 that have not been assigned by IANA are used.
Give a port number or a range of the form "low-high", without spaces.
+.IP
+The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
+are processed in the line order of the config file, adding the permitted ports
+and subtracting the avoided ports from the set of allowed ports. The
+processing starts with the non IANA allocated ports above 1024 in the set
+of allowed ports.
.TP
.B outgoing\-port\-avoid: \fI<port number or range>
Do not permit unbound to open this port or range of ports for use to send
projects / thirdparty / unbound.git / commitdiff
