- added fedora init and specfile to contrib (by Paul Wouters).
- added configure check for ldns 1.4.0 (using its compat funcs).
- neater comments in worker.h.
+ - removed doc/plan and updated doc/TODO.
12 November 2008: Wouter
- add unbound-control manpage to makedist replace list.
o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
will result in proper negative responses.
-o get serverselection algorithm out of local optimum.
- make subtargets to get rtt info for a couple of targets, like fetch-policy.
- or send out multiple queries to multiple servers.
o (option) where port 53 is used for send and receive, no other ports are used.
o (option) to not send replies to clients after a timeout of (say 5 secs) has
passed, but keep task active for later retries by client.
o windows version, auto update feature, a query to check for the version.
o command the server with TSIG inband. get-config, clearcache,
get stats, get memstats, get ..., reload, clear one zone from cache
-o watch for spoof nearmisses. Keep counter of nearmisses and print that
- in the stats lines, operator can determine what level is a redalert.
o NSID rfc 5001 support.
o timers rfc 5011 support.
o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
o inspect date on executable, then warn user in log if its more than 1 year.
o (option) proactively prime root, stubs and trust anchors, feature.
early failure, faster on first query, but more traffic.
-o On Windows use CryptGenRandom() to get random seed for arc4random.
o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
o library add function to validate input from app that is signed.
o add dynamic-update requests (making a dynupd request) to libunbound api.
perhaps also print reminder to link /dev/random and sysloghack.
o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
to make timers in servicedquery independent of udpwait queues.
-o 0x20 fallback so it can be enabled without trouble.
o check into rebinding ports for efficiency, configure time test.
o EVP hardware crypto support.
+o option to ignore all inception and expiration dates for rrsigs.
+o option to use builtin ldns explicitly. Or stop shipping builtin tarball.
+o cleaner code; return and func statements on newline.
+o memcached module that sits before validator module; checks for memcached
+ data (on local lan), stores recursion lookup. Provides one cache for
+ multiple resolver machines, coherent reply content in anycast setup.
-Features soon after 1.0.
-o zone name appending for local-data. Perhaps read zonefiles. Perhaps it is
- too much authority feature creep.
+*** Features features, for later
+* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
+* aggressive negative caching for NSEC, NSEC3.
+* multiple queries per question, server exploration, server selection.
+* NSID support.
+* support TSIG on queries, for validating resolver deployment.
+* private TTL
+* retry-mode, where a bogus result triggers a retry-mode query, where a list
+ of responses over a time interval is collected, and each is validated.
+ or try in TCP mode. Do not 'try all servers several times', since we must
+ not create packet storms with operator errors.
+* draft-timers
+* Windows port features
o on windows version, implement that OS ancillary data capabilities for
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
-o (option) for extended statistics. If enabled (not by default) collect print
- rcode, uptime, spoofnearmisses, cache size, qtype,
- bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
- perhaps also see which slow auth servers cause >1sec values.
- stats-file possible with key: value or key=value lines in it.
- stats on SIGUSR1. addup stats over threads.
-
-For 1.x; features that have been requested during the beta test.
-o command channel for couple of tasks. Like rndc. unbound-control
- o see delegation; what servers would be used to get data for a name.
- o force stats display; easier than parsing logfiles.
- stats display added over threads, displayed in rddtool easy format.
- o flush names or domains (all under a name) from the cache. Include NSes.
- And the A, AAAA for its NSes.
- o add/del static preload data to change the domain redirections.
- o and maybe also start, stop, reload.
-o option to disable cache snooping from the clients (the nonRD queries),
- with allow, refused, drop choices.
-o EDNS fallback after timeout (firewall drops all edns traffic problem).
-o IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
- cumbersome to reverse notate by hand for the operator.
-o DLV
-o look at dTLS, TLS ease of implementation.
+o local-zone directive with authority service, full authority server
+ is a non-goal.
+o configure option to force use of builtin ldns tarball.
+++ /dev/null
-Plan for Unbound 1.1.
-
-2 month project writeup.
-- immediate attention: done
-+ security issues: 1 week.
-+ remote control: 2 week
-- improvements: 1 week
-- draft-mitigation: 2 week
-total 6 of 8 weeks; 2 weeks for maintenance activities.
-
-*** Immediate attention
-- DLV
-- Plus aggressive negative caching for NSEC DLV repository.
-- filter out overreaching NSEC records.
-- dev/log(syslog) opened before chroot.
-- Fixup rrset security updates overwriting 2181 trust status.
- This makes validated to be insecure data just as worthless as
- nonvalidated data, and 2181 rules prevent cache overwrites to them.
-- use setresuid/setresgid, more secure.
-- make realclean works better, by Robert Edmonds.
-- nicer logfile message classification as notice, info, debug.
-- bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
-- bug #203: nicer do-auto log message when user sets incompatible options.
-- bug #204: variable name ameliorated in log.c.
-- bug #206: in iana_update, no egrep, but awk use.
-- fixup update-anchor.sh to work both in BSD shell and bash.
-(done)
-
-*** Security issues
-+ current NS query retry is an option, default off, experimental on,
- because of the added load to 3rd parties.
-+ block nonRD queries, acl like.
- what about our authority features, those are allowed.
-+ DoS vector, flush more.
- 50% of max is for run-to-completion
- 50% rest is for lifo queue with 100-200 msec timeout.
-+ records in the additional section should not be marked bogus
- if they have no signer or a different signed. Validate if you can,
- otherwise leave unchecked.
-+ block DNS rebinding attacks, block all A records from 1918 IP blocks,
-like dnswall does. Allow certain subdomains to do it, config options.
- one option that controls on/off of all private space.
- note in config/man that we may consider turning on by default.
-
-*** Remote control feature
-+ remote control using a TCP unbound-control commandline app.
-+ secure remote control w. TSIG. Or TLS.
-+ Nicer statistics (over that unbound-control app for ease)
- stats display added over threads, displayed in rddtool easy format.
-+ option for extended statistics. If enabled (not by default) collect print
- rcode, uptime, spoofnearmisses, cache size, qtype,
- bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
- stats-file possible with key: value or key=value lines in it.
- addup stats over threads.
-not stats on SIGUSR1. perhaps also see which slow auth servers cause >1sec values.
-+ remote control to add/remove localinfo, redirects.
-+ remote control to load/store cache contents
-+ remote control to start, stop, reload.
-+ remote control to flush names or domains (all under a name) from the
- cache. Include NSes. And the A, AAAA for its NSes.
-+ remote control to see delegation; what servers would be used to get
- data for a name.
-
-*** Improvements
-+ fallback to noEDNS if all queries are dropped.
-+ dnssec lameness fixen. Check to make sure.
-+ negative caching to avoid DS queries, NSEC, NSEC3 (w params).
-+ SHA256 supported fully.
-+ Make stub to localhost on different port work.
-+ IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
- cumbersome to reverse notate by hand for the operator. For local-data.
- local-data-ptr: "1.2.3.4 mypc.example.com"
-+ dns-0x20 fallback.
-
-*** from draft resolver-mitigation
-+ option harden-referral-path
-+ direct queries for NS records
-+ careful caching, only NS query causes referral caching.
-+ direct queries for A, AAAA in-bailiwick from a referral.
-+ trouble counter, cache wipe threshold.
-
-+ off-path validation
-+ root NS, root glue validation after prime
-+ ignore bogus nameservers, pretend they always return a servfail.
-
-
-*** Features features, for later
-* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
-* aggressive negative caching for NSEC, NSEC3.
-* multiple queries per question, server exploration, server selection.
-* NSID support.
-* support TSIG on queries, for validating resolver deployment.
-* private TTL
-* retry-mode, where a bogus result triggers a retry-mode query, where a list
- of responses over a time interval is collected, and each is validated.
- or try in TCP mode. Do not 'try all servers several times', since we must
- not create packet storms with operator errors.
-* draft-timers
-* Windows port features
-o on windows version, implement that OS ancillary data capabilities for
- interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
-o local-zone directive with authority service, full authority server
- is a non-goal.
-o configure option to force use of builtin ldns tarball.
-
projects / thirdparty / unbound.git / commitdiff
