From b8580184464358014a79541151d5e8faf2f6cc74 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 29 Aug 2008 12:32:57 +0000 Subject: [PATCH] planning svn:NO TEST git-svn-id: file:///svn/unbound/trunk@1217 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/plan | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/plan b/doc/plan index b9a3f2292..fd8f0f9de 100644 --- a/doc/plan +++ b/doc/plan @@ -19,6 +19,7 @@ total 6 of 8 weeks; 2 weeks for maintenance activities. *** Security issues * block nonRD queries, acl like. + what about our authority features, those are allowed. * DoS vector, flush more. * records in the additional section should not be marked bogus if they have no signer or a different signed. Validate if you can, @@ -47,10 +48,12 @@ like dnswall does. Allow certain subdomains to do it, config options. *** Requested * fallback to noEDNS if all queries are dropped. +* dnssec lameness fixen. Check to make sure. * SHA256 supported fully. * Make stub to localhost on different port work. * IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?). cumbersome to reverse notate by hand for the operator. For local-data. + local-reverse-data: "1.2.3.4 mypc.example.com" *** from draft resolver-mitigation * Should be an option? (Not right now) @@ -59,7 +62,9 @@ like dnswall does. Allow certain subdomains to do it, config options. * direct queries for A, AAAA in-bailiwick from a referral. * trouble counter, cache wipe threshold. * 0x20 default with fallback? -* off-path validation? root NS, root glue validation after prime + +* off-path validation? +* root NS, root glue validation after prime * ignore bogus nameservers, pretend they always return a servfail.