1.1

git-svn-id: file:///svn/unbound/trunk@1215 be551aaa-1e26-0410-a405-d3ace91eadb9
2025-12-24 00:29:58 -05:00 · 2008-08-29 07:48:40 +00:00 · 2008-08-29 07:48:40 +00:00 · 28a388b517
commit 28a388b517
parent 51d548563c
4 changed files with 107 additions and 343 deletions
--- a/67
+++ b/67
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for unbound 1.0.2.
+# Generated by GNU Autoconf 2.61 for unbound 1.1.0.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl>.
 #
@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.0.2'
+PACKAGE_VERSION='1.1.0'
-PACKAGE_STRING='unbound 1.0.2'
+PACKAGE_STRING='unbound 1.1.0'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
 # Factoring default headers for most tests.
@ -1368,7 +1368,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures unbound 1.0.2 to adapt to many kinds of systems.
+\`configure' configures unbound 1.1.0 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1433,7 +1433,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.0.2:";;
+     short | recursive ) echo "Configuration of unbound 1.1.0:";;
   esac
  cat <<\_ACEOF
@ -1566,7 +1566,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-unbound configure 1.0.2
+unbound configure 1.1.0
 generated by GNU Autoconf 2.61
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1580,7 +1580,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.0.2, which was
+It was created by unbound $as_me 1.1.0, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
  $ $0 $@
@ -1935,11 +1935,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 LIBUNBOUND_CURRENT=0
-LIBUNBOUND_REVISION=14
+LIBUNBOUND_REVISION=15
 LIBUNBOUND_AGE=0
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
 # 1.0.2 had 0:14:0
 # 1.1.0 had 0:15:0
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@ -5928,7 +5929,7 @@ ia64-*-hpux*)
  ;;
 *-*-irix6*)
  # Find out which ABI we are using.
-  echo '#line 5931 "configure"' > conftest.$ac_ext
+  echo '#line 5932 "configure"' > conftest.$ac_ext
  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
  (eval $ac_compile) 2>&5
  ac_status=$?
@ -7242,11 +7243,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7245: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:7246: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:7249: \$? = $ac_status" >&5
+   echo "$as_me:7250: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -7532,11 +7533,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7535: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:7536: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:7539: \$? = $ac_status" >&5
+   echo "$as_me:7540: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -7636,11 +7637,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7639: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:7640: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>out/conftest.err)
   ac_status=$?
   cat out/conftest.err >&5
-   echo "$as_me:7643: \$? = $ac_status" >&5
+   echo "$as_me:7644: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s out/conftest2.$ac_objext
   then
     # The compiler can only warn and ignore the option if not recognized
@ -9987,7 +9988,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<EOF
-#line 9990 "configure"
+#line 9991 "configure"
 #include "confdefs.h"
 #if HAVE_DLFCN_H
@ -10087,7 +10088,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<EOF
-#line 10090 "configure"
+#line 10091 "configure"
 #include "confdefs.h"
 #if HAVE_DLFCN_H
@ -12507,11 +12508,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:12510: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:12511: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:12514: \$? = $ac_status" >&5
+   echo "$as_me:12515: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -12611,11 +12612,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:12614: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:12615: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>out/conftest.err)
   ac_status=$?
   cat out/conftest.err >&5
-   echo "$as_me:12618: \$? = $ac_status" >&5
+   echo "$as_me:12619: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s out/conftest2.$ac_objext
   then
     # The compiler can only warn and ignore the option if not recognized
@ -14175,11 +14176,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:14178: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:14179: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:14182: \$? = $ac_status" >&5
+   echo "$as_me:14183: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -14279,11 +14280,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:14282: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:14283: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>out/conftest.err)
   ac_status=$?
   cat out/conftest.err >&5
-   echo "$as_me:14286: \$? = $ac_status" >&5
+   echo "$as_me:14287: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s out/conftest2.$ac_objext
   then
     # The compiler can only warn and ignore the option if not recognized
@ -16468,11 +16469,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16471: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16472: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:16475: \$? = $ac_status" >&5
+   echo "$as_me:16476: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -16758,11 +16759,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16761: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16762: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>conftest.err)
   ac_status=$?
   cat conftest.err >&5
-   echo "$as_me:16765: \$? = $ac_status" >&5
+   echo "$as_me:16766: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s "$ac_outfile"; then
     # The compiler can only warn and ignore the option if not recognized
     # So say no if there are warnings other than the usual output.
@ -16862,11 +16863,11 @@ else
   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16865: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16866: $lt_compile\"" >&5)
   (eval "$lt_compile" 2>out/conftest.err)
   ac_status=$?
   cat out/conftest.err >&5
-   echo "$as_me:16869: \$? = $ac_status" >&5
+   echo "$as_me:16870: \$? = $ac_status" >&5
   if (exit $ac_status) && test -s out/conftest2.$ac_objext
   then
     # The compiler can only warn and ignore the option if not recognized
@ -26188,7 +26189,7 @@ exec 6>&1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.0.2, which was
+This file was extended by unbound $as_me 1.1.0, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@ -26237,7 +26238,7 @@ Report bugs to <bug-autoconf@gnu.org>."
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-unbound config.status 1.0.2
+unbound config.status 1.1.0
 configured by $0, generated by GNU Autoconf 2.61,
  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
--- a/configure.ac
+++ b/configure.ac
@ -2,14 +2,15 @@
 # Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.56)
-AC_INIT(unbound,1.0.2, unbound-bugs@nlnetlabs.nl, unbound)
+AC_INIT(unbound,1.1.0, unbound-bugs@nlnetlabs.nl, unbound)
 LIBUNBOUND_CURRENT=0
-LIBUNBOUND_REVISION=14
+LIBUNBOUND_REVISION=15
 LIBUNBOUND_AGE=0
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
 # 1.0.2 had 0:14:0
 # 1.1.0 had 0:15:0
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,6 @@
 29 August 2008: Wouter
 	- version 1.1 number in trunk.
 28 August 2008: Wouter
 	- fixup logfile handling; it is created with correct permissions
 	  again. (from bugfix#199).
--- a/doc/plan
+++ b/doc/plan
@ -1,324 +1,83 @@
-Plan for Unbound.
+Plan for Unbound 1.1.
-Split into a set of boxes.  Every box will take about 3 weeks to a month
+2 month project writeup.
-to complete.  The first set of of boxes (approx 5 months) will need coding
+- immediate attention: done
-by a limited set of people.  But after every box, a 0.x release is done, 
+- security issues:      1 week.
-which is then tested and code review is done.  
+- remote control:	2 week
 - requested:		1 week
 - draft-mitigation:	2 week
 total 6 of 8 weeks; 2 weeks for maintenance activities.
-Every box:
+*** Immediate attention
- * implement the features
+- DLV
- * documentation of those features
+- Plus aggressive negative caching for NSEC DLV repository.
- * test-framework for the new features
+- filter out overreaching NSEC records.
- * tests for the new features
+- dev/log(syslog) opened before chroot.
- * speed test of this stage
+- insecure is no better than unchecked status from validation.
- * release of 0.x version (0.x for development only)
+- use setresuid/setresgid, more secure.
- * a teleconference(jabber) held to discuss.
+(done)
 * code review internal couple of days, external a week or so,
   while we continue the next box. 
-Roughly the boxes are as follows:
+*** Security issues
-0.0 initial setup - results in network code that forwards queries
+* block nonRD queries, acl like.
-    and returns the reply (no cache), but also testbed, svn, maillist.
+* DoS vector, flush more.
-    One query at a time (nonblocking IO though).
+* records in the additional section should not be marked bogus
-0.1 threads - results in threaded forwarder
+if they have no signer or a different signed. Validate if you can,
-0.2 LRU hashtable, results in basic caching forwarder (no DNS parse)
+otherwise leave unchecked.
-0.3 First functionality - results in caching forwarder (with DNS parse,
+* block DNS rebinding attacks, block all A records from 1918 IP blocks,
-    query compare, RR specific updates).
+like dnswall does.  Allow certain subdomains to do it, config options.
 0.4 Basic resolver - module layout, iterator module, scrubber module,
    results in resolver that can service multiple queries per thread.
    This stage takes longer, due to complexity in the iterator module.
    Twice as long; one box for module layout, one box for iterator module.
 0.5 Validator - validator module.
 0.6 Bigger and better - Operational useful features (config, log, memory)
 0.7 Put to a limited audience.
    gamma/alpha core functionality test release, to a small audience.
    partial functionality. For more extensive use and testing.
 0.8 Local zones feature - localzones stubzones fwdzones, no leak rfc1918.
    views support; for selective recursive service.
 0.9 Library use - resolver validator lib (and test apps)
 0.10 Corner cases - be able to resolve in the wild. Run fuzzers.
    Run as many tests as we can think of.
    Go through logs and check for long, unresolved cases
    Use profiler.
 0.11 Beta release. Run shadow for a resolver in production for several
    weeks.
 0.12 Features features
    aggressive negative caching for NSEC, NSEC3.
    multiple queries per question, server exploration, server selection.
    option to use real entropy for randomness (mix it in once in a while).
    check query, option to enforce qdsection checking (forgery-resilience).
    NSID support.
    Be able to prime roots using several queries (only NS on first).
-For boxes 0.5-1.0 the planning is to be revised, at the 0.5 stage external
+*** Remote control feature
-coders are welcome.  Since the project is bigger, there is room for them.
+* remote control using a TCP unbound-control commandline app.  
 * secure remote control w. TSIG.  Or TLS.
 * Nicer statistics (over that unbound-control app for ease)
    stats display added over threads, displayed in rddtool easy format.
 * option for extended statistics. If enabled (not by default) collect print
        rcode, uptime, spoofnearmisses, cache size, qtype,
 	bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
 	perhaps also see which slow auth servers cause >1sec values.
 	stats-file possible with key: value or key=value lines in it.
 	stats on SIGUSR1. addup stats over threads.
 * remote control to add/remove localinfo, redirects.
 * remote control to load/store cache contents
 * remote control to start, stop, reload.
 * remote control to flush names or domains (all under a name) from the 
   cache. Include NSes. And the A, AAAA for its NSes.
 * remote control to see delegation; what servers would be used to get 
  data for a name.
-This is a summary of the items.  Below more detailed work items are spelled
+*** Requested
-out with a (tentative) directory structure for the project.
+* fallback to noEDNS if all queries are dropped.
 * SHA256 supported fully.
 * Make stub to localhost on different port work.
 * IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
  cumbersome to reverse notate by hand for the operator. For local-data.
 *** from draft resolver-mitigation
 * Should be an option?   (Not right now)
 * direct queries for NS records
 	* careful caching, only NS query causes referral caching.
 * direct queries for A, AAAA in-bailiwick from a referral.
 * trouble counter, cache wipe threshold.
 * 0x20 default with fallback?
 * off-path validation? root NS, root glue validation after prime
 * ignore bogus nameservers, pretend they always return a servfail.
-Styleguide:
+*** Features features, for later
-* write working stuff. (it starts to work with no features)
+* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
 * write tests immediately for every function, every feature.
 * document as you go. (doxygen comments, manpages and readme).
 * copyright every file BSD. comments every file. clean coding in C.
 * every day discuss state of the nation for 10 minutes.
 *** Initial setup
 * setup svn repo. Makefile with automatic dependencies and configure script.
 	* link with ldns.
 * listen_dnsport and outside_network services, (unit) tests for them.
 	* use libevent to listen on fds.
 * setup test infrastructure (tpkg on checkin; testbed on labs test machines).
 * daemon version that forwards queries. (listen, send) Tests for it.
 	* test by having the outside_net service grab answers from a
 	  file instead of network, file of id priority answerpacket.
 	  and what query to give this answer to, highprio matches first.
 *** Threads
 * first simple config file reading/writing and tests on config file.
  (config option is forwarder: yes/no. Cache size. That sort of thing.)
  (very simple format)
 * First simple logging (to a file).
 * Threads
 	* check if pthread lib is the one to use (sys specific is faster?).
 	* make config option to have threads.
 	* alloc threadable.
 	* locks.c
 	* Tests with and without threads.
 * alloc_service. Tests for alloc service (unit tests in internal structs).
 * threading for the network services.
 * Make sure threading/libevent starts working on all test machines.
  Use configure to turn off threading/libevent/...
  -- use libevent packaged together if not in system.
  -- maybe also for pthreads/...
 * threaded forwarder version.
 	* speed test of threaded version.
 *** LRU hashtable.
 * mini msg/reply structure for LRU hashtable test, simple replay format. 
 * hashtable+LRU structure. Tests on structure.
 	* tests on enter/remove, finding items.
 	* tests on LRU movements.
 	* Test on speed of finding items.
 * slabbed hashtable+LRU structure. 
 	* Test locking; perhaps by having sleeps in some threads to force
 	  locks to contend. helgrind.
 * daemon upgraded to be a caching forwarder. So it stores all in cache. 
  Replies from cache. Tests on fake-caching forwarder functionality.
 	* timeout of data test
 	* finding data in cache.
 	* finding data not in cache.
 	* lru falloff of data.
 * Speed test of fake-caching forwarder.
 *** First functionality
 * implement dname type and unit tests on it. (all corner cases, random cases)
 * implement rrset type and tests. (all corner cases, random cases).
 * msg-reply structure. unit tests of structure.
 	* Test of those rrset pointers
 * daemon upgraded to be a caching forwarder. So it stores all in cache. 
  Replies from cache. Tests on caching forwarder functionality.
 	* timeout of data test
 	* finding data in cache.
 	* finding data not in cache.
 	* lru falloff of data.
 * Test update of one rrset in cached packet.
 * Speed test of caching forwarder.
 *** Basic Resolver
 * Create module interface and module caller algorithm.
 * Daemon config to use modules. Test the module caller.
 * Create basic iterator and scrubber modules.
 	* Test every state of the iterator by passing test data into
 	  it.
 	* And scrubber.
 * Daemon config as cache(iterator).
 	* Test daemon
 	* Speed test.
 *** Validator
 * Create validator 
 * Test validator on various conditions. By having stored set of
  domains and RRs in those domains to return to validator.
 * Validating resolver.
 	* Test resolver.
 	* Speed test.
 *** Put to a limited audience
 * The alpha/gamma core functionality, svn access to limited audience.
 * Support features and requests as they arise.
 * Provide real-world experiences.
 *** Bigger and Better
 * Config file syntax checker program. Tests on checker.
 * Logging first class feature with config options.
 	X with logfile turnover to avoid Gbs of logs.
 	* use syslog optional.
 * donotqueryaddresses with trie for blocking entire netblocks.
 * Memory overhaul, special allocators for hashtable caches, and mesh qstates.
 	* keep a preallocated list of region-chunks per worker thread.
 	* allocate region struct and cleanup list in region itself; use
 	  linked list cleanup list. unit test on this. do not call region
 	  to avoid name-collision with nsd regions, 'regional'.
 * read root hints from file.
 * failover to next server in 1 second, instead of 100 seconds on one server.
 X failure to return answer, w. reason (donotq, noanswer servers, cannot
  find servers, validationfail w.classification, error), 
  with threadno, starttime and endtime and qname/type/class, prime/qflags, 
  from-clients, from-internal, has-subrequests, a nice error report,
  so that an excerpt from those times can be made from the logs.
  logfileparsing tool that makes these excerpts and emails them.
  Not done; user can change verbosity and kill -HUP.
 * clear cache as a callback from the new-rrset-id routine.
 X make overload mode work; phase 0 all ok, phase 1 some threads close ports,
  to let other threads pick up work. phase 2, all threads closed, so all open
  the ports again and drop all non-cache-reply queries.
  Keep mutexed num-overloaded-threads counter. thread incs it when it hits
  max number of user queries serviced in mesh. threads decs it when it
  falls below 90% of the max. if incs, and not all threads closed, phase 1,
  else, phase 2 start is broadcast over command pipes. if decs, open ports
  if phase 1, start servicing, phase is 0 again. Make robust against delays.
  readme: max about 1 second worth of incoming queries, 10k perhaps,
 	or 1/number of seconds it takes start up of 10k.
  Not done. Implement drop when full. 
 * the source includes a copy of the ldns lib for ease of building by 
  new users. Detect system installed ldns, if installed ldns is OK; use 
  dynamic linking against it, otherwise static linking against packaged ldns.
 * no greedy TTL algo (and test). 
 * maximum TTL, cap incoming values, and config option.
 *** Local zones feature.
 * Build in local zone features. First the total stop for1912.
 * Then 'local content' for minimal serving of localhost.localdomain,
  and so on. 
 * Remember jakob's diagram. views support, selective recursive service:
 	* acl for allowed recursion (RD=1), then drop or refused query.
 	  like 10.0.0.0/8 allow, 0.0.0.0/0 refuse, ... in-order.
 	  perhaps also, same list to disallow RD=0 access, like;
 	  allow_recursion, drop_recursion, refuse_recursion, drop_all
 	* static answers for queries, fixed RRs from cfg, option
 	  query for that RR returns answer with that RR.
 	* blacklist (return fixed nxdomain for domain and below), option
 	  can be used to block AS112 traffic, option to unblock a zone.
 	* after checking acl, do iter: static, blacklist, forwards, recurse.
 * Forward-local-zone to NSD.
 	- in package, autoforkexec on localhost to do so.
 	- not included. Not necessary for localhost and AS112 service.
 * forward local zone to remote server.
 	- not included. Not necessary for localhost and AS112 service.
 * stub zones - send queries for a zone to configged nameserver.
 	- Can be used for complicated setups. So, run auth server on a 
 	  different port or pc, and stub it on the resolver. Resolver is
 	  not auth for zones, but resolution works. This enforces the split
 	  of recursive and auth servers.
 * test local zones
 	* for speed
 	* for correctness on corner cases
 *** Library use
 * Create library that can do:
 	* resolver
 	* validator
 	* validating resolver.
 * Test application that links the library. (Like /usr/bin/host+validating).
 	* Test it.
 *** Corner cases
 * Try to setup corner cases of (mis)configured DNS service/websites.
 * Resolve msoft, google, yahoo, etc weird websites.
 * Try to resolve many many different queries, perhaps compared with bind.
 * create module testers, specific for the modules
 	* read a file with cache contents and settings, provide fake
 	  environment for module-handle-state-X functions, then check
 	  resulting module state structure to correct answer.
 * speed test cache responses.
 * using two servers, compare answer differences between bind and unbound.
  this gives false differences due to changes in the rest of internet.
 *** Beta release. 
 * Run shadow for a resolver in production for several weeks.
 * Check logs for errors, long queries.
 * Run in valgrind, speed profiling (as production shadow).
 *** Features features
 * aggressive negative caching for NSEC, NSEC3.
 * multiple queries per question, server exploration, server selection.
 * NSID support.
 * support TSIG on queries, for validating resolver deployment.
-* Nicer statistics
+* private TTL
 * private TTL, dTLS features.
 * retry-mode, where a bogus result triggers a retry-mode query, where a list
  of responses over a time interval is collected, and each is validated.
  or try in TCP mode. Do not 'try all servers several times', since we must
  not create packet storms with operator errors.
-* draft-timers, DLV features.
+* draft-timers
 * Windows port features
 o on windows version, implement that OS ancillary data capabilities for
  interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
 o local-zone directive with authority service, full authority server 
  is a non-goal.
 treeshrew/
 	validator/ *.c *.h
 		module takes qname, qtype, asks next module for answer
 		and validates that answer.
 	iterator/ *.c *.h
 		module takes qname, qtype, iterative DNS queries
 		never asks next module.
 	services/
 		- Routines that provide the callback services for modules.
 		alloc_service: L1, L2 alloc service
 		outside_network: pending queries helpers.
 			pending query structure
 		listen_dnsport: listen port53 service.
 			request structure
 		type_caches/
 			rrset_cache
 			msg_cache
 				rrset and msg cache check local zones.
 			infra_cache
 			trusted_key_cache
 	util/
 		- Various components from which to build the rest.
 		storage/
 		rbtree: redblack tree, for L1 use.
 			- copy from NSD.
 		hashtable and hashfunc: for L1 use.
 		locked_hashtable: for L2 use. -- not needed.
 		fragment_hashtable: for L2 use.
 		fragment_rbtree: for L2 use.
 		slab_allocator: perhaps to support alloc service.
 		(in util/ itself)
 		locks: selected lock,unlock (spinlock/mutex).
 		config: reads, stores config file
 		netio: register callbacks to select().
 			- use libevent (!)
 			- copy from NSD.
 		log: error and log handling.
 		module.h: module interface
 		misc: time() wrapper for speed.
 		data/
 		msg_reply: qname/qtype/CD/qclass/reply store.
 		packed_rrset: main datatype
 		dname: compare, printf, parse
 	testcode/
 		main programs that do unit tests, using testdata
 	testdata/
 	daemon/
 		unbound.c for validating caching recursive dns server.
 		scheduler.c for the modules.
 	libunbound/
 		app linkable. Can be configged to do whatever,
 		validator, iterator, validating iterator, forwarding stub.
 	libforwardbound/
 		app linkable forwarding stub. Small lib.
 	ask_cachor/ *.c *.h
 		module takes qname, qtype, returns answer from msgcache.
 		could ask cached for answer (and wait for network, 10 ms).
 		if not in cache, asks next module.
 	cachord/
 		main.c, simple udp proto, query or store msg in cache.
 		supports option to save cache to disk (absolute time ttls).