authority choices.

git-svn-id: file:///svn/unbound/trunk@747 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/TODO b/doc/TODO
index eb082ccffe39ef07e8adf79d3028b02df68ba78a..a592ab61651fc9ab8c98cc11c62005e488642cc7 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -53,3 +53,5 @@ o inspect date on executable, then warn user in log if its more than 1 year.
 o proactively prime root, stubs and trust anchors, feature.
   early failure, faster on first query, but more traffic.
 o use privilege separation, to change privilege options during reload securely
+o check if for PowerDNS(2.9.21) CNAME in Answer section & rcode=NXDOMAIN needs
+  to be fixed up to be rcode=NOERROR?

diff --git a/doc/requirements.txt b/doc/requirements.txt
index 5d50647cc10e4995327cec8fda720b04f8727e6a..34cb10f859d81ff25d92be92fb24a301db48f0f1 100644 (file)
--- a/doc/requirements.txt
+++ b/doc/requirements.txt
@@ -159,3 +159,19 @@ o The method by which dnssec-lameness is detected is not secure. DNSSEC lame
   on a server, dnssec-lameness detection does not work - no dnssec-lameness 
   is detected. Instead the zone that is dnssec-lame becomes bogus.
 
+o authority features.
+  This is a recursive server, and authority features are out of scope.
+  However, some authority features are expected in a recursor. Things like
+  localhost, reverse lookup for 127.0.0.1, or blocking AS112 traffic.
+  Also redirection of domain names with fixed data is needed by service
+  providers. Limited support is added specifically to address this.
+
+  Adding full authority support, requires much more code, and more complex
+  maintenance.
+
+  The limited support allows adding some static data (for localhost and so),
+  and to respond with a fixed rcode (NXDOMAIN) for domains (such as AS112).
+
+  You can put authority data on a separate server, and set the server in 
+  unbound.conf as stub for those zones, this allows clients to access data 
+  from the server without making unbound authoritative for the zones.