mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
doc update for plans and done items
git-svn-id: file:///svn/unbound/trunk@1348 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
2547a0a9bb
commit
e9d742c16d
3 changed files with 23 additions and 138 deletions
|
|
@ -2,6 +2,7 @@
|
|||
- added fedora init and specfile to contrib (by Paul Wouters).
|
||||
- added configure check for ldns 1.4.0 (using its compat funcs).
|
||||
- neater comments in worker.h.
|
||||
- removed doc/plan and updated doc/TODO.
|
||||
|
||||
12 November 2008: Wouter
|
||||
- add unbound-control manpage to makedist replace list.
|
||||
|
|
|
|||
55
doc/TODO
55
doc/TODO
|
|
@ -2,9 +2,6 @@ TODO items. These are interesting todo items.
|
|||
o understand synthesized DNAMEs, so those TTL=0 packets are cached properly.
|
||||
o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3
|
||||
will result in proper negative responses.
|
||||
o get serverselection algorithm out of local optimum.
|
||||
make subtargets to get rtt info for a couple of targets, like fetch-policy.
|
||||
or send out multiple queries to multiple servers.
|
||||
o (option) where port 53 is used for send and receive, no other ports are used.
|
||||
o (option) to not send replies to clients after a timeout of (say 5 secs) has
|
||||
passed, but keep task active for later retries by client.
|
||||
|
|
@ -17,8 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft
|
|||
o windows version, auto update feature, a query to check for the version.
|
||||
o command the server with TSIG inband. get-config, clearcache,
|
||||
get stats, get memstats, get ..., reload, clear one zone from cache
|
||||
o watch for spoof nearmisses. Keep counter of nearmisses and print that
|
||||
in the stats lines, operator can determine what level is a redalert.
|
||||
o NSID rfc 5001 support.
|
||||
o timers rfc 5011 support.
|
||||
o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
|
||||
|
|
@ -26,7 +21,6 @@ o make timeout backoffs randomized (a couple percent random) to spread traffic.
|
|||
o inspect date on executable, then warn user in log if its more than 1 year.
|
||||
o (option) proactively prime root, stubs and trust anchors, feature.
|
||||
early failure, faster on first query, but more traffic.
|
||||
o On Windows use CryptGenRandom() to get random seed for arc4random.
|
||||
o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve.
|
||||
o library add function to validate input from app that is signed.
|
||||
o add dynamic-update requests (making a dynupd request) to libunbound api.
|
||||
|
|
@ -38,36 +32,31 @@ o (option) to make chroot: copy all needed files into jail (or make jail)
|
|||
perhaps also print reminder to link /dev/random and sysloghack.
|
||||
o overhaul outside-network servicedquery to merge with udpwait and tcpwait,
|
||||
to make timers in servicedquery independent of udpwait queues.
|
||||
o 0x20 fallback so it can be enabled without trouble.
|
||||
o check into rebinding ports for efficiency, configure time test.
|
||||
o EVP hardware crypto support.
|
||||
o option to ignore all inception and expiration dates for rrsigs.
|
||||
o option to use builtin ldns explicitly. Or stop shipping builtin tarball.
|
||||
o cleaner code; return and func statements on newline.
|
||||
o memcached module that sits before validator module; checks for memcached
|
||||
data (on local lan), stores recursion lookup. Provides one cache for
|
||||
multiple resolver machines, coherent reply content in anycast setup.
|
||||
|
||||
Features soon after 1.0.
|
||||
o zone name appending for local-data. Perhaps read zonefiles. Perhaps it is
|
||||
too much authority feature creep.
|
||||
*** Features features, for later
|
||||
* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
|
||||
* aggressive negative caching for NSEC, NSEC3.
|
||||
* multiple queries per question, server exploration, server selection.
|
||||
* NSID support.
|
||||
* support TSIG on queries, for validating resolver deployment.
|
||||
* private TTL
|
||||
* retry-mode, where a bogus result triggers a retry-mode query, where a list
|
||||
of responses over a time interval is collected, and each is validated.
|
||||
or try in TCP mode. Do not 'try all servers several times', since we must
|
||||
not create packet storms with operator errors.
|
||||
* draft-timers
|
||||
* Windows port features
|
||||
o on windows version, implement that OS ancillary data capabilities for
|
||||
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
|
||||
o (option) for extended statistics. If enabled (not by default) collect print
|
||||
rcode, uptime, spoofnearmisses, cache size, qtype,
|
||||
bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
|
||||
perhaps also see which slow auth servers cause >1sec values.
|
||||
stats-file possible with key: value or key=value lines in it.
|
||||
stats on SIGUSR1. addup stats over threads.
|
||||
|
||||
For 1.x; features that have been requested during the beta test.
|
||||
o command channel for couple of tasks. Like rndc. unbound-control
|
||||
o see delegation; what servers would be used to get data for a name.
|
||||
o force stats display; easier than parsing logfiles.
|
||||
stats display added over threads, displayed in rddtool easy format.
|
||||
o flush names or domains (all under a name) from the cache. Include NSes.
|
||||
And the A, AAAA for its NSes.
|
||||
o add/del static preload data to change the domain redirections.
|
||||
o and maybe also start, stop, reload.
|
||||
o option to disable cache snooping from the clients (the nonRD queries),
|
||||
with allow, refused, drop choices.
|
||||
o EDNS fallback after timeout (firewall drops all edns traffic problem).
|
||||
o IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
|
||||
cumbersome to reverse notate by hand for the operator.
|
||||
o DLV
|
||||
o look at dTLS, TLS ease of implementation.
|
||||
o local-zone directive with authority service, full authority server
|
||||
is a non-goal.
|
||||
o configure option to force use of builtin ldns tarball.
|
||||
|
||||
|
|
|
|||
105
doc/plan
105
doc/plan
|
|
@ -1,105 +0,0 @@
|
|||
Plan for Unbound 1.1.
|
||||
|
||||
2 month project writeup.
|
||||
- immediate attention: done
|
||||
+ security issues: 1 week.
|
||||
+ remote control: 2 week
|
||||
- improvements: 1 week
|
||||
- draft-mitigation: 2 week
|
||||
total 6 of 8 weeks; 2 weeks for maintenance activities.
|
||||
|
||||
*** Immediate attention
|
||||
- DLV
|
||||
- Plus aggressive negative caching for NSEC DLV repository.
|
||||
- filter out overreaching NSEC records.
|
||||
- dev/log(syslog) opened before chroot.
|
||||
- Fixup rrset security updates overwriting 2181 trust status.
|
||||
This makes validated to be insecure data just as worthless as
|
||||
nonvalidated data, and 2181 rules prevent cache overwrites to them.
|
||||
- use setresuid/setresgid, more secure.
|
||||
- make realclean works better, by Robert Edmonds.
|
||||
- nicer logfile message classification as notice, info, debug.
|
||||
- bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
|
||||
- bug #203: nicer do-auto log message when user sets incompatible options.
|
||||
- bug #204: variable name ameliorated in log.c.
|
||||
- bug #206: in iana_update, no egrep, but awk use.
|
||||
- fixup update-anchor.sh to work both in BSD shell and bash.
|
||||
(done)
|
||||
|
||||
*** Security issues
|
||||
+ current NS query retry is an option, default off, experimental on,
|
||||
because of the added load to 3rd parties.
|
||||
+ block nonRD queries, acl like.
|
||||
what about our authority features, those are allowed.
|
||||
+ DoS vector, flush more.
|
||||
50% of max is for run-to-completion
|
||||
50% rest is for lifo queue with 100-200 msec timeout.
|
||||
+ records in the additional section should not be marked bogus
|
||||
if they have no signer or a different signed. Validate if you can,
|
||||
otherwise leave unchecked.
|
||||
+ block DNS rebinding attacks, block all A records from 1918 IP blocks,
|
||||
like dnswall does. Allow certain subdomains to do it, config options.
|
||||
one option that controls on/off of all private space.
|
||||
note in config/man that we may consider turning on by default.
|
||||
|
||||
*** Remote control feature
|
||||
+ remote control using a TCP unbound-control commandline app.
|
||||
+ secure remote control w. TSIG. Or TLS.
|
||||
+ Nicer statistics (over that unbound-control app for ease)
|
||||
stats display added over threads, displayed in rddtool easy format.
|
||||
+ option for extended statistics. If enabled (not by default) collect print
|
||||
rcode, uptime, spoofnearmisses, cache size, qtype,
|
||||
bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply.
|
||||
stats-file possible with key: value or key=value lines in it.
|
||||
addup stats over threads.
|
||||
not stats on SIGUSR1. perhaps also see which slow auth servers cause >1sec values.
|
||||
+ remote control to add/remove localinfo, redirects.
|
||||
+ remote control to load/store cache contents
|
||||
+ remote control to start, stop, reload.
|
||||
+ remote control to flush names or domains (all under a name) from the
|
||||
cache. Include NSes. And the A, AAAA for its NSes.
|
||||
+ remote control to see delegation; what servers would be used to get
|
||||
data for a name.
|
||||
|
||||
*** Improvements
|
||||
+ fallback to noEDNS if all queries are dropped.
|
||||
+ dnssec lameness fixen. Check to make sure.
|
||||
+ negative caching to avoid DS queries, NSEC, NSEC3 (w params).
|
||||
+ SHA256 supported fully.
|
||||
+ Make stub to localhost on different port work.
|
||||
+ IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
|
||||
cumbersome to reverse notate by hand for the operator. For local-data.
|
||||
local-data-ptr: "1.2.3.4 mypc.example.com"
|
||||
+ dns-0x20 fallback.
|
||||
|
||||
*** from draft resolver-mitigation
|
||||
+ option harden-referral-path
|
||||
+ direct queries for NS records
|
||||
+ careful caching, only NS query causes referral caching.
|
||||
+ direct queries for A, AAAA in-bailiwick from a referral.
|
||||
+ trouble counter, cache wipe threshold.
|
||||
|
||||
+ off-path validation
|
||||
+ root NS, root glue validation after prime
|
||||
+ ignore bogus nameservers, pretend they always return a servfail.
|
||||
|
||||
|
||||
*** Features features, for later
|
||||
* dTLS, TLS, look to need special port numbers, cert storage, recent libssl.
|
||||
* aggressive negative caching for NSEC, NSEC3.
|
||||
* multiple queries per question, server exploration, server selection.
|
||||
* NSID support.
|
||||
* support TSIG on queries, for validating resolver deployment.
|
||||
* private TTL
|
||||
* retry-mode, where a bogus result triggers a retry-mode query, where a list
|
||||
of responses over a time interval is collected, and each is validated.
|
||||
or try in TCP mode. Do not 'try all servers several times', since we must
|
||||
not create packet storms with operator errors.
|
||||
* draft-timers
|
||||
* Windows port features
|
||||
o on windows version, implement that OS ancillary data capabilities for
|
||||
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
|
||||
o local-zone directive with authority service, full authority server
|
||||
is a non-goal.
|
||||
o configure option to force use of builtin ldns tarball.
|
||||
|
||||
Loading…
Reference in a new issue