Plan for Unbound 1.1. 2 month project writeup. - immediate attention: done - security issues: 1 week. - remote control: 2 week - requested: 1 week - draft-mitigation: 2 week total 6 of 8 weeks; 2 weeks for maintenance activities. *** Immediate attention - DLV - Plus aggressive negative caching for NSEC DLV repository. - filter out overreaching NSEC records. - dev/log(syslog) opened before chroot. - insecure is no better than unchecked status from validation. - use setresuid/setresgid, more secure. (done) *** Security issues * block nonRD queries, acl like. * DoS vector, flush more. * records in the additional section should not be marked bogus if they have no signer or a different signed. Validate if you can, otherwise leave unchecked. * block DNS rebinding attacks, block all A records from 1918 IP blocks, like dnswall does. Allow certain subdomains to do it, config options. *** Remote control feature * remote control using a TCP unbound-control commandline app. * secure remote control w. TSIG. Or TLS. * Nicer statistics (over that unbound-control app for ease) stats display added over threads, displayed in rddtool easy format. * option for extended statistics. If enabled (not by default) collect print rcode, uptime, spoofnearmisses, cache size, qtype, bits(RD, CD, DO, EDNS-present, AD)query, (Secure, Bogus)reply. perhaps also see which slow auth servers cause >1sec values. stats-file possible with key: value or key=value lines in it. stats on SIGUSR1. addup stats over threads. * remote control to add/remove localinfo, redirects. * remote control to load/store cache contents * remote control to start, stop, reload. * remote control to flush names or domains (all under a name) from the cache. Include NSes. And the A, AAAA for its NSes. * remote control to see delegation; what servers would be used to get data for a name. *** Requested * fallback to noEDNS if all queries are dropped. * SHA256 supported fully. * Make stub to localhost on different port work. * IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?). cumbersome to reverse notate by hand for the operator. For local-data. *** from draft resolver-mitigation * Should be an option? (Not right now) * direct queries for NS records * careful caching, only NS query causes referral caching. * direct queries for A, AAAA in-bailiwick from a referral. * trouble counter, cache wipe threshold. * 0x20 default with fallback? * off-path validation? root NS, root glue validation after prime * ignore bogus nameservers, pretend they always return a servfail. *** Features features, for later * dTLS, TLS, look to need special port numbers, cert storage, recent libssl. * aggressive negative caching for NSEC, NSEC3. * multiple queries per question, server exploration, server selection. * NSID support. * support TSIG on queries, for validating resolver deployment. * private TTL * retry-mode, where a bogus result triggers a retry-mode query, where a list of responses over a time interval is collected, and each is validated. or try in TCP mode. Do not 'try all servers several times', since we must not create packet storms with operator errors. * draft-timers * Windows port features o on windows version, implement that OS ancillary data capabilities for interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. o local-zone directive with authority service, full authority server is a non-goal.