File Manager

003 File Manager

Current Path: /usr/src/contrib/unbound/doc

📁 ..
📄 CNAME-basedRedirectionDesignNotes.pdf(55.64 KB)
📄 CREDITS(1.21 KB)
📄 Changelog(368.01 KB)
📄 FEATURES(3.57 KB)
📄 IP-BasedActions.pdf(241.76 KB)
📄 LICENSE(1.46 KB)
📄 README(7.08 KB)
📄 README.DNS64(1.01 KB)
📄 README.ipset.md(1.8 KB)
📄 README.svn(656 B)
📄 README.tests(928 B)
📄 TODO(4.52 KB)
📄 control_proto_spec.txt(2.51 KB)
📄 example.conf(39.04 KB)
📄 example.conf.in(43.55 KB)
📄 ietf67-design-02.odp(323.76 KB)
📄 ietf67-design-02.pdf(615.36 KB)
📄 libunbound.3(14.7 KB)
📄 libunbound.3.in(14.79 KB)
📄 requirements.txt(14.87 KB)
📄 unbound-anchor.8(7.21 KB)
📄 unbound-anchor.8.in(7.45 KB)
📄 unbound-checkconf.8(1.32 KB)
📄 unbound-checkconf.8.in(1.31 KB)
📄 unbound-control.8(25.66 KB)
📄 unbound-control.8.in(26.43 KB)
📄 unbound-host.1(3.83 KB)
📄 unbound-host.1.in(3.83 KB)
📄 unbound.8(2.45 KB)
📄 unbound.8.in(2.52 KB)
📄 unbound.conf.5(100.12 KB)
📄 unbound.conf.5.in(114.13 KB)
📄 unbound.doxygen(67.37 KB)

Editing: TODO

TODO items. These are interesting todo items.
o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 
  will result in proper negative responses.
o (option) where port 53 is used for send and receive, no other ports are used.
o (option) to not send replies to clients after a timeout of (say 5 secs) has
  passed, but keep task active for later retries by client.
o (option) private TTL feature (always report TTL x in answers).
o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops.
o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets.
o (option) reprime and refresh oft used data before timeout.
o (option) retain prime results in a overlaid roothints file.
o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers).
o windows version, auto update feature, a query to check for the version.
o command the server with TSIG inband. get-config, clearcache, 
	get stats, get memstats, get ..., reload, clear one zone from cache
o NSID rfc 5001 support.
o timers rfc 5011 support.
o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
o make timeout backoffs randomized (a couple percent random) to spread traffic.
o inspect date on executable, then warn user in log if its more than 1 year.
o (option) proactively prime root, stubs and trust anchors, feature.
  early failure, faster on first query, but more traffic.
o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
o library add function to validate input from app that is signed.
o add dynamic-update requests (making a dynupd request) to libunbound api.
o SIG(0) and TSIG.
o support OPT record placement on recv anywhere in the additional section. 
o add local-file: config with authority features.
o (option) to make local-data answers be secure for libunbound (default=no)
o (option) to make chroot: copy all needed files into jail (or make jail)
	perhaps also print reminder to link /dev/urandom and sysloghack.
o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
  to make timers in servicedquery independent of udpwait queues.
o check into rebinding ports for efficiency, configure time test.
o EVP hardware crypto support.
o option to ignore all inception and expiration dates for rrsigs.
o cleaner code; return and func statements on newline.
o memcached module that sits before validator module; checks for memcached
  data (on local lan), stores recursion lookup.  Provides one cache for multiple resolver machines, coherent reply content in anycast setup.
o no openssl_add_all_algorithms, but only the ones necessary, less space.
o listen to NOTIFY messages for zones and flush the cache for that zone
  if received.  Useful when also having a stub to that auth server.
  Needs proper protection, TSIG, in place.
o winevent - do not go more than 64 fds (by polling with select one by
  one), win95/98 have 100fd limit in the kernel, so this ruins w9x portability.

*** Features features, for later
* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
* aggressive negative caching for NSEC, NSEC3.
* multiple queries per question, server exploration, server selection.
* support TSIG on queries, for validating resolver deployment.
* retry-mode, where a bogus result triggers a retry-mode query, where a list
  of responses over a time interval is collected, and each is validated.
  or try in TCP mode. Do not 'try all servers several times', since we must
  not create packet storms with operator errors.
o on windows version, implement that OS ancillary data capabilities for
  interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
o local-zone directive with authority service, full authority server 
  is a non-goal.
o infra and lame cache: easier size config (in Mb), show usage in graphs.
- store time of dump in cachedumps, so that on a load the ttls can be
  compared to the absolute time, and now-expired items can be dealt with.

later
- selective verbosity; ubcontrol trace example.com
- cache fork-dump, pre-load
- for fwds, send queries to N servers in fwd-list, use first reply.
  document high scalable, high available unbound setup onepager.
- prefetch DNSKEY when DS in delegation seen (nonCD, underTA).
- use libevent if available on system by default(?), default outgoing 256to1024

[1] BIND-like query logging to see who's looking up what and when
[2] more logging about stuff like SERVFAIL and REFUSED responses
[3] a Makefile that works without gnumake

003 File Manager

Editing: TODO

Upload File

Create Folder