TODO items. These are interesting todo items. o understand synthesized DNAMEs, so those TTL=0 packets are cached properly. o NSEC/NSEC3 aggressive negative caching, so that updates to NSEC/NSEC3 will result in proper negative responses. o (option) where port 53 is used for send and receive, no other ports are used. o (option) to not send replies to clients after a timeout of (say 5 secs) has passed, but keep task active for later retries by client. o (option) private TTL feature (always report TTL x in answers). o (option) pretend-dnssec-unaware, and pretend-edns-unaware modes for workshops. o delegpt use rbtree for ns-list, to avoid slowdown for very large NS sets. o (option) reprime and refresh oft used data before timeout. o (option) retain prime results in a overlaid roothints file. o (option) store primed key data in a overlaid keyhints file (sort of like drafttimers). o windows version, auto update feature, a query to check for the version. o command the server with TSIG inband. get-config, clearcache, get stats, get memstats, get ..., reload, clear one zone from cache o NSID rfc 5001 support. o timers rfc 5011 support. o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. o make timeout backoffs randomized (a couple percent random) to spread traffic. o inspect date on executable, then warn user in log if its more than 1 year. o (option) proactively prime root, stubs and trust anchors, feature. early failure, faster on first query, but more traffic. o library add convenience functions for A, AAAA, PTR, getaddrinfo, libresolve. o library add function to validate input from app that is signed. o add dynamic-update requests (making a dynupd request) to libunbound api. o SIG(0) and TSIG. o support OPT record placement on recv anywhere in the additional section. o add local-file: config with authority features. o (option) to make local-data answers be secure for libunbound (default=no) o (option) to make chroot: copy all needed files into jail (or make jail) perhaps also print reminder to link /dev/random and sysloghack. o overhaul outside-network servicedquery to merge with udpwait and tcpwait, to make timers in servicedquery independent of udpwait queues. o check into rebinding ports for efficiency, configure time test. o EVP hardware crypto support. o option to ignore all inception and expiration dates for rrsigs. o option to use builtin ldns explicitly. Or stop shipping builtin tarball. o cleaner code; return and func statements on newline. o memcached module that sits before validator module; checks for memcached data (on local lan), stores recursion lookup. Provides one cache for multiple resolver machines, coherent reply content in anycast setup. o no openssl_add_all_algorithms, but only the ones necessary, less space. *** Features features, for later * dTLS, TLS, look to need special port numbers, cert storage, recent libssl. * aggressive negative caching for NSEC, NSEC3. * multiple queries per question, server exploration, server selection. * support TSIG on queries, for validating resolver deployment. * retry-mode, where a bogus result triggers a retry-mode query, where a list of responses over a time interval is collected, and each is validated. or try in TCP mode. Do not 'try all servers several times', since we must not create packet storms with operator errors. * Windows port features o on windows version, implement that OS ancillary data capabilities for interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. o local-zone directive with authority service, full authority server is a non-goal. o remote control read ssl information while priviledged. o infra and lame cache: easier size config (in Mb), show usage in graphs. o config entry to denote that a zone is to be treated as unsigned (even if a DS exists to higher trust anchor). o see if we can include the python bindings (contrib).