resolved: update RFCs list and TODO list

author: Lennart Poettering <lennart@poettering.net> 2016-01-15 02:48:56 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-17 20:47:46 +0100
commit: afc58cc2fb5841154fe036ee7a6e1c8a06bc5d29 (patch)
tree: 58c0316c2021f2f16f45882dfede35c7555a1a0d /src/resolve/resolved-dns-dnssec.c
parent: 412577e3c8045175ef185d3344a81b603d6225f8 (diff)
1 files changed, 5 insertions, 8 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 2ac085dfd3..43fb365d68 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -35,17 +35,14 @@
  *
  * TODO:
  *
- *   - wildcard zones compatibility (NSEC/NSEC3 wildcard check is missing)
- *   - multi-label zone compatibility
- *   - cname/dname compatibility
- *   - nxdomain on qname
  *   - bus calls to override DNSEC setting per interface
  *   - log all DNSSEC downgrades
+ *   - log all RRs that failed validation
  *   - enable by default
- *
- *   - RFC 4035, Section 5.3.4 (When receiving a positive wildcard reply, use NSEC to ensure it actually really applies)
- *   - RFC 6840, Section 4.1 (ensure we don't get fed a glue NSEC from the parent zone)
- *   - RFC 6840, Section 4.3 (check for CNAME on NSEC too)
+ *   - Allow clients to request DNSSEC even if DNSSEC is off
+ *   - find public DNAME test domain
+ *   - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet
+ *   - flush cache when DNSSEC setting changes
  * */
 
 #define VERIFY_RRS_MAX 256
author	Lennart Poettering <lennart@poettering.net>	2016-01-15 02:48:56 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-17 20:47:46 +0100
commit	afc58cc2fb5841154fe036ee7a6e1c8a06bc5d29 (patch)
tree	58c0316c2021f2f16f45882dfede35c7555a1a0d /src/resolve/resolved-dns-dnssec.c
parent	412577e3c8045175ef185d3344a81b603d6225f8 (diff)