summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-26 13:37:42 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-26 14:42:04 +0100
commit720652b30bf38f55aa52cb99e5bbaef0d6057c10 (patch)
tree402aa42a9ced506366dc8a2303739c9a3d783125
parent2d8950384f3137aafcce22b29912b2b61e6d86fb (diff)
update TODO
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is pretty complete now, and the remaining bits are low-priority.
-rw-r--r--TODO13
-rw-r--r--src/resolve/resolved-dns-dnssec.c12
2 files changed, 4 insertions, 21 deletions
diff --git a/TODO b/TODO
index f9e2d4761a..09160dc0c8 100644
--- a/TODO
+++ b/TODO
@@ -173,9 +173,9 @@ Features:
- use equvalent of cat() to insert existing config as a comment, prepended with #.
Upon editor exit, lines with one # are removed, lines with two # are left with one #, etc.
-* exponential backoff in timesyncd and resolved when we cannot reach a server
+* exponential backoff in timesyncd when we cannot reach a server
-* timesyncd + resolved: add ugly bus calls to set NTP and DNS servers per-interface, for usage by NM
+* timesyncd: add ugly bus calls to set NTP servers per-interface, for usage by NM
* extract_many_words() should probably be used by a lot of code that
currently uses FOREACH_WORD and friends. For example, most conf
@@ -190,13 +190,7 @@ Features:
(throughout the codebase, not only PID1)
* resolved:
- - put networkd events and rtnl events at a higher priority, so that
- we always process them before we process client requests
- - DNSSEC
- - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)?
- - synthesize negative cache entries from NSEC/NSEC3 and drop explicit negative caching of authenticated answers
- mDNS/DNS-SD
- - mDNS RR resolving
- service registration
- service/domain/types browsing
- avahi compat
@@ -204,7 +198,8 @@ Features:
- resolved should optionally register additional per-interface LLMNR
names, so that for the container case we can establish the same name
(maybe "host") for referencing the server, everywhere.
- - add API so NM can push DNS server info into resolved
+ - enable DNSSEC by default
+ - allow clients to request DNSSEC for a single lookup even if DNSSEC is off (?)
* refcounting in sd-resolve is borked
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 8e3c78e7bf..76c801cce8 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -28,18 +28,6 @@
#include "resolved-dns-packet.h"
#include "string-table.h"
-/* Open question:
- *
- * How does the DNSSEC canonical form of a hostname with a label
- * containing a dot look like, the way DNS-SD does it?
- *
- * TODO:
- *
- * - enable by default
- * - Allow clients to request DNSSEC even if DNSSEC is off
- * - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet
- * */
-
#define VERIFY_RRS_MAX 256
#define MAX_KEY_SIZE (32*1024)